Will ransomware incidents decrease now that ransomware operators are being arrested?

Security Strategy & Roadmap Threat Intelligence & Incident Response Risk Management

728 views2 Upvotes6 Comments

Sort By:

Oldest

VP, Director of Cyber Incident Response in Finance (non-banking)2 years ago

You see these ransomware operator takedowns and arrests time after time, but it's a blip on the radar. The ransomware operators come back rebranded or a different crew takes over. I don't think these arrests are going to change the ransomware landscape by any measurable amount in the long run. There's too much money in it.

Founder/Chairman/CTO in Telecommunication2 years ago

Ransomware incidents might decrease a bit in the short term following arrests, but not in the long term because it's a successful business model. When people think about ransomware, they sometimes miss the fact that it started off as malware — it was about going after someone’s personal documents. That's how people started to think about it, but the deeper aspect is that it's monetizing stuff that's otherwise very difficult to monetize.

I could deny access to something that's useless to me and can’t be resold, but it's valuable to the owner — that is a business model for the attacker. It's still relatively novel and we don't have a clear picture of how to deal with the economics of that. Most cybersecurity economics are around credit card numbers, PII or PHI, all of which you can sell elsewhere, and ransomware is almost the opposite of that. We’re not too far into figuring out the effect that this difference in economic incentive has on the behavior of the adversary, and then the behavior of the defender.

1 Reply

Sr. Director of Enterprise Security in Software2 years ago

That's a good point: the data they get is only valuable to you. They're not going for important patent-level engineering secrets or something.

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

Senior Information Security Manager in Software2 years ago

Earlier this year, the Attorney General of North Carolina sued a company called Articul8 to stop robocalls. Articul8 is a two-man operation out of Dallas. The lawsuit was meant to improve public relations by showing that he’s doing something to fight these things, but if you truly want to stop robocalls, that’s not how you should do it. It can be done, but it starts with telcos like Verizon, AT&T, Sprint or T-Mobile. Instead he's suing this company, which has about $1M revenues, for hundreds of billions of dollars. I’m not comparing the Attorney General of North Carolina to the Russians, but it goes to show that a lot of this is just theater; it’s not meant to address the problem.

https://brothke.medium.com/how-to-stop-robocalls-in-an-hour-and-it-has-nothing-to-do-with-articul8-9a33fcb553f2

2 2 Replies

Founder/Chairman/CTO in Telecommunication2 years ago

The thing that the North Carolina Attorney General has in common with Russians is that the incentives work in a similar way. If you have a particular set of outcomes you're incentivized to achieve, or if you're trying to prevent that from a leadership position, the mechanics are broadly the same.

Senior Information Security Manager in Software2 years ago

The somewhat perverse incentive is that the telcos profit off these calls. They’re charging for every call that's connected. The common refrain is, "It’s way too complex." But Verizon will not let billions of calls go through if they can’t get reimbursed for them. The telcos don't have an incentive to stop this because they're making money.

https://brothke.medium.com/the-fcc-telecoms-know-robocalls-can-be-stopped-now-you-can-know-that-also-5503461b764c

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRC Network Threat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results

1.7k views1 Upvote

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile Devices Security+2 more

VP of IT in Retail3 days ago

My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more

82 views1 Comment

Any recommendations for a comprehensive GenAI learning platform?

Engineering Data & Analytics Security Strategy & Roadmap+4 more

IT Manager in Constructiona month ago

Hello,
the topic is so broad, what are you focused on?

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & Leadership Strategy & Architecture Cloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments

What cybersecurity topics do you think are critical for CIOs to be more involved in, even in orgs that have a CISO?

Relationship Management Security & GRC Security Strategy & Roadmap+1 more

Director of IT in Healthcare and Biotech9 days ago

Cybersecurity governance and risk management (setting up monitoring of emerging threats), data protection and privacy compliance (standardize on data protection across all channels), incident response and recovery planning ...read more