I thought this was a really interesting look at the commercial end of ransomware.
Clearly shows that as an attack class it's not going anywhere for the time being and it'll just be a growing issue.
With the amounts of money being made, you can also expect increasing sophistication as it'll make financial sense to invest.
The comments about targeting companies with insurance were also interesting. I guess it's a smart way to make sure you get a guaranteed payout. But also I can see insurance rates going up and/or companies getting out of the market if they have to pay out too often.
paraphrasing Dave Aitel, think of ransomeware as just another form of DoS (internal instead of external).
There is an under-appreciated value in ransomware that goes beyond commercial threat actors seeking "only" financial profit, and I think we'll see more targeted campaigns where primary motivation isn't a financial one, but extorting favors or other actionable intel from the data.
Yeah there's a suite of things that can come out of this (I think) as it's more commoditized.
For me though the biggest part is the Security Vulnerability-->money pipeline.
We know there are a load of vulnerabilities in software and bad configurations out there, what was lacking for attackers was a reliable way to turn that into money that they could get access to relatively untraceably, now they have that with a combination of ransomware and coins like Monero.
It's like in traditional fraud, the thing stopping it happening more wasn't so much people's great controls, it was the difficulty for the fraudsters in moving the money into a part of the banking system that was less traceable (like cash).
> The comments about targeting companies with insurance were also interesting. I guess it's a smart way to make sure you get a guaranteed payout. But also I can see insurance rates going up and/or companies getting out of the market if they have to pay out too often.
Insurance companies are often a mix of care and greed. I think a boutique insurance brokerage for ransomware might do very well if they drive changes in the client's operations through their exclusion clauses and fee structures. Find a bank or finance house willing to underwrite such an operation, perhaps with the possibility of a fat consultancy income stream to go along with it, and there is money to be made.
Each response is broken up into 6 to 14 syllables prose between comma's and periods. The translator intentionally wrote the responses to take advantage of metered speech so the reader doesn't make full thoughts as they read. This is the worst kind of sensationalized news, and as far as I'm conserned, if it's sensationalized and free, it's fake.
It doesn't seem particularly sensationalized in that it doesn't make ransomware seem any scarier than it already is.
If anything, it seems like it's meant to make the ransomware people look like cool guy Robin Hood types. Staying out of geopolitics ("we could, but we don't") while hitting the fat cats where it hurts, that sort of thing.
Other than that, I thought this was interesting at the end of the interview:
...I also think we will expand this tactic to persecution of the CEO and/or founder of the company. Personal OSINT, bullying. I think this will also be a very fun option. But victims need to understand that the more resources we spend before your ransom is paid—all this will be included in the cost of the service. =)
Even if this particular interview is fake (how do we know it's actually fake, and not just the interviewee lying/exaggerating?), this I think is a real threat that a lot of people don't consider. Most people (myself included) are very easy to dox and harass.
I wouldn't wish this on anyone, but maybe if we start getting high-profile cases where individuals are targeted for extortion leverage, maybe we'd finally get people to start caring about software/data security and data privacy.
Metered speech is a speaking and writing pattern whereby you pause after so many syllables in order to prevent your audience from grasping the full idea of what is being said. Let me demonstrate this for you.
Metered speech, is a speaking, and writing, pattern whereby you pause after so many syllables, in order to prevent your audience from, grasping the full idea, of what is being said. Let me, demonstrate this for you.
It can also be done with matter of fact statements, Dripped one after the next.
This is commonly done by the MSM on news websites.
Typically the articles have no more than 20 sentances in them with no more than 2-3 sentances per paragraph.
They drip the text one line at a time.
Again, the entire point is to cause you to pause for a second before reading or taking in the next point.
This is an incredibly common writing and speaking tactic that's been around since the dark ages if not earlier and was in common use during the fire and brimstone days of the church. The objective of speaking like this is to prevent the cognitive mind from evaluating information by throwing roadblocks in its place, and to get the limbic system to instead keep track of tone and base subject matter.
As a modern example, go listen to Cuomo Appologize for whatever his latest political situation is. Don't listen to the content, just listen to the pacing and delivery. It's all a manufactured production.
If you want a great demonstration, go to any big MSM news site, copy and paste the articles into a text editor and start removing paragraphs and comma's and apply 8th grade writing rules (minimum 3 sentances to a paragraph). Heck go to the article, copy and paste the responses into a text editor and begin removing comma's.
It is important to keep in mind this is a media production tactic they teach in marketing and sales courses and when you see production decisions being made they are clear signals as to the accuracy of the content.
I'm not convinced that metering your speech in this was has a specific, universal effect on an audience. (ie, I dispute the claim that metered speech prevents the audience from comprehending.)
To be clear, I'm equally skeptical that the mainstream media is attempting to deceive people by intentionally adopting this method. But even if they were, I simply don't believe it could be effective.
Clearly shows that as an attack class it's not going anywhere for the time being and it'll just be a growing issue.
With the amounts of money being made, you can also expect increasing sophistication as it'll make financial sense to invest.
The comments about targeting companies with insurance were also interesting. I guess it's a smart way to make sure you get a guaranteed payout. But also I can see insurance rates going up and/or companies getting out of the market if they have to pay out too often.