BrianKrebsDec 15, 2023

I've grudgingly come around to the notion that there is only one way out of the ransomware problem: Make paying a ransom illegal. This is not very different from laws that make it illegal for US companies to pay bribes to foreign officials.

I really don't see any other way out of this mess. Yes, some victims will unfortunately ignore any laws that say they can't pay, but enforcement probably will not be hard.

What will be difficult are the situations where peoples' lives are at stake in ransomware incidents This sounds callous, but we can't afford to take the short view here anymore, and our other alternatives aren't great either.

I'm quite certain this is an unpopular view, but we have already seen the cost of doing nothing. At least in the interests of congruity for our financial sanctions vs Russia, we should probably make this change sooner rather than later.

Show threadBrianKrebsDec 15, 2023

There are 100 ways the current ransomware problem can and probably will get worse and nastier. Every single cybercriminal or aspiring crook is now focused on ransomware or data ransom payments as THE path to financial success. It's no longer just the Russians. It's the Chinese, the North Koreans, and Iran.

Either way, these countries don't just want to hurt the United States: They would rather the US died in a fire. For companies to make payments to these regimes -- and their cybercriminal apparatus is always part of the regime -- is bonkers, IMHO.

Show threadBrianKrebs

In re the idea of how this could all get a lot worse....10 years ago, if a company's employee clicked a malicious link or opened a booby trapped attachment, that company and that employee would have a bad day, or week, or month, or however long it took brainiacs in that organization to realize that some intruder was leeching off their bandwidth, or access, or whatever. At worst, the victim organization had all of that employee's browser credentials stolen. Maybe their machine was a botnet proxy, or relaying spam for a few days. Big deal.

We had a really nice period of maybe 3 years between the emergence of ransomware that tried to get victims to pay in $100 Greendot card increments to the explosion of bitcoin and the acceptance of on-roads to the US financial system, which is what ultimately what made large-scale corporate ransomware raids a thing.

Dec 15, 2023 at 1:39amWeb
Show threadJoshua Doll 🤷‍♂️Dec 15, 2023
@briankrebs thanks Satoshi Nakamoto real great gift you gave the world.