Tracking ransomware end-to-end(blog.acolyer.org)
blog.acolyer.org
Tracking ransomware end-to-end
https://blog.acolyer.org/2018/03/23/tracking-ransomware-end-to-end/
9 comments
Last paragraph...
This introduces a unique ethical issue. We must consider the impact on victims before taking down ransomware infrastructure.
...if every victim did not pay or was prevented from paying, the scale of the problem would likely decrease; however this would mean that some individuals would incur additional harm by not being able to recover their files.
Well, no. You take it down immediately so new victims aren't added.
It would be nice if you could provide the uncrypt key for the current victims, but explain to the hospital that's shut down by these assholes how you could have prevented it but we're waiting for current victims bitcoins to clear the exchange.
Oh, and go full ISIS on the people running the ransomware.
This introduces a unique ethical issue. We must consider the impact on victims before taking down ransomware infrastructure.
...if every victim did not pay or was prevented from paying, the scale of the problem would likely decrease; however this would mean that some individuals would incur additional harm by not being able to recover their files.
Well, no. You take it down immediately so new victims aren't added.
It would be nice if you could provide the uncrypt key for the current victims, but explain to the hospital that's shut down by these assholes how you could have prevented it but we're waiting for current victims bitcoins to clear the exchange.
Oh, and go full ISIS on the people running the ransomware.
Intervention strategies for ransomware is different from conventional malware. In particular, the victims of conventional malware benefit from any takedowns; as the malware is removed, they might see fewer ads or experience faster computers. On the other hand, taking down ransomware incurs collateral damages. To many victims, unfortunately, the only way out of their current situation is to pay. As such, intervention strategies need to focus on how to prevent people from being infected in the first place (e.g., education or improved IDS).
What if the hospital is the one who was already hit and was about to pay because they are desperate to get back up and running?
At what point do you stop the madness?
What if more hospitals fall victim while we're waiting for the one hospital to pay?
And when do we go Full ISIS (tm) on scum who hold hospitals hostage?
What if more hospitals fall victim while we're waiting for the one hospital to pay?
And when do we go Full ISIS (tm) on scum who hold hospitals hostage?
The madness won't stop untill people learn to not click random attachments if you ask me...
The problem isn't per se randomware, the problem is people not knowing better than to click anything and everything they see or am I mistaken?
The problem isn't per se randomware, the problem is people not knowing better than to click anything and everything they see or am I mistaken?
Nice writeup! I have always been interested in how ransomware works and to what extent the transactions can be backtraced. It still surprises me that these attackers seemingly are unaware to what extent bitcoin blockchain transactions can be traced. It certainly took them long enough to make the switch to Monero.
That Locky simply moved 40% of their revenue into BTC-e (Figure 8), without going through mixers, is likely just bad op-sec.
Tracking ransomware payments...
If these mixers really succeed for 5 or so years at what they are doing, I guess bitcoin might have a chance after all.