Hacker News new | past | comments | ask | show | jobs | submit login

The problem with paying extortion or ransoms is that you incentivize the attacker to come back and do it again. It may have been $5k to pay off one attacker and more than that to build the defense, but now you have defenses and are less likely to suffer attackers in the future. And as you say, not paying money to criminals is inherently worthwhile.



This might something for you (and the repliers):

From the german chaos computer clubs yearly meeting. Linus talks about what to do and who ransoms work, how "well" the service is and briefly pros and cons of paying.

https://media.ccc.de/v/37c3-12134-hirne_hacken_hackback_edit...

Also a good one was the first part: https://media.ccc.de/v/36c3-11175-hirne_hacken


and this wasn't a poor company, so $5,000 was nothing in the scheme of things


It is often a temptation to a rich and lazy nation

To puff and look important and to say

Though we know we should defeat you

We have not the time to beat you

We will therefore give you cash to go away

And that is called paying the Dane-Geld

And we've proved it again and again

That if once you have paid him the Dane-Geld

You never get rid of the Dane


On the other hand the attacker may actually have incentive to follow through and hold up their end so as to build a reputation. Making their next victims more likely to just pay.

Somewhere I read that some ransomware had excellent "customer" service for helping you transfer over the payment and promptly restore your files.


“Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back” https://www.forbes.com/sites/daveywinder/2021/05/02/ransomwa...


This stat includes everyone, some of them may not research what hit them. One of my clients decrypted his database twice, after seeing on the internet that they actually send a decryption key.


Oh, got it. So, the next ransomware author should just brand their ransomware as one of the "honest" ones :)


I mean it's not like these people are operating under " long lived identities and want to build a long term business relationship with you.

From their side, the logic seems as simple as: repeat the attack -> some chance of more money, don't repeat the attack -> 0% chance of more money


Scammers acting like an adult is hard to believe. They’re usually quick to start yelling and cursing in Kitboga videos.


The serious organized crime outfits are very organized. They’ll provide customer support to walk you through purchasing and transferring the bitcoin.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: