consultants are sandburs

Tuesday, May 16, 2017

RANSOMWARE: "Peter Coroneos, the former chief executive of the Internet Industry Association and an expert on cyber policy, said whether or not to agree to ransomware demands presented practical and ethical dilemmas. 'As a matter of principle, the answer should always be no … based on the simple dynamics of perpetuating bad conduct. 'However, as a matter of practicality and necessity, the situation is somewhat more complex.' Coroneos pointed to the Telstra cybersecurity report 2017, which found that that 60% of Australian organisations had experienced at least one ransomware incident in the previous 12 months. Of that figure, 57% paid the ransom. Nearly one in three of the organisations that paid did not recover their files."

The headline is an amalgamation of several short Guardian paragraphs. From that item, links here and here. Some of the ransomware has been decrypted to where systems can be recovered without paying the ransom. If you find yourself a victim, knowing that some versions can be undone without paying the ransom would be helpful knowledge.

That Australian report, the numbers are startling. It means that proper backup has not been in place. Everyone knows you should backup data because hard drives fail. On the flip side, somebody in business skating on the very, very thin ice could have an encryption plan. If documents or hardware access is subpoenaed, then hand over the machine encrypted and say it wasn't you, you do not have the encryption key because it was ransomware that did it. Likely forensic inquiry would uncover the hoax and they can put people in the slammer for falsely reporting things to federal agents; even if not under oath. So, bad idea, don't do it. Remember it was the cover-up attempt that undid Nixon.

Someone posed the question, whether Microsoft had a worry over all the pirated copy users in China who may have gotten hit with ransomware. First thought is no, Schadenfreude being more likely. But bottom line, they'd rather get the bogus users' money instead of it going into a ransom. So yeah, they're not writing ransomware, but perhaps should. Buy a legitimate copy of Windows and we'll send you the decryption key.

It is like the wild west, most citizens being apart from mischief, but outlaws and enforcement are in uncertain space.

Last thought, individual hackers should think twice about hacking in Russia. Rumors exist that people in Russia from time to time get thrown from high buildings.

May the legacy of James Forestall live forever.

One person has commented about "stream of consciousness" writing here, but it's not really so. Seemingly being apart from actually.

No comments: