Will ransomware incidents decrease now that ransomware operators are being arrested?

Security Strategy & RoadmapThreat Intelligence & Incident ResponseRisk Management
689 views2 Upvotes6 Comments
VP, Director of Cyber Incident Response in Finance (non-banking), 10,001+ employees
You see these ransomware operator takedowns and arrests time after time, but it's a blip on the radar. The ransomware operators come back rebranded or a different crew takes over. I don't think these arrests are going to change the ransomware landscape by any measurable amount in the long run. There's too much money in it.
Founder/Chairman/CTO in Telecommunication, 201 - 500 employees
Ransomware incidents might decrease a bit in the short term following arrests, but not in the long term because it's a successful business model. When people think about ransomware, they sometimes miss the fact that it started off as malware — it was about going after someone’s personal documents. That's how people started to think about it, but the deeper aspect is that it's monetizing stuff that's otherwise very difficult to monetize.

I could deny access to something that's useless to me and can’t be resold, but it's valuable to the owner — that is a business model for the attacker. It's still relatively novel and we don't have a clear picture of how to deal with the economics of that. Most cybersecurity economics are around credit card numbers, PII or PHI, all of which you can sell elsewhere, and ransomware is almost the opposite of that. We’re not too far into figuring out the effect that this difference in economic incentive has on the behavior of the adversary, and then the behavior of the defender.
1 Reply
Sr. Director of Enterprise Security in Software, 5,001 - 10,000 employees

That's a good point: the data they get is only valuable to you. They're not going for important patent-level engineering secrets or something. 

Senior Information Security Manager in Software, 501 - 1,000 employees
Earlier this year, the Attorney General of North Carolina sued a company called Articul8 to stop robocalls. Articul8 is a two-man operation out of Dallas. The lawsuit was meant to improve public relations by showing that he’s doing something to fight these things, but if you truly want to stop robocalls, that’s not how you should do it. It can be done, but it starts with telcos like Verizon, AT&T, Sprint or T-Mobile. Instead he's suing this company, which has about $1M revenues, for hundreds of billions of dollars. I’m not comparing the Attorney General of North Carolina to the Russians, but it goes to show that a lot of this is just theater; it’s not meant to address the problem.

https://brothke.medium.com/how-to-stop-robocalls-in-an-hour-and-it-has-nothing-to-do-with-articul8-9a33fcb553f2
2 2 Replies
Founder/Chairman/CTO in Telecommunication, 201 - 500 employees

The thing that the North Carolina Attorney General has in common with Russians is that the incentives work in a similar way. If you have a particular set of outcomes you're incentivized to achieve, or if you're trying to prevent that from a leadership position, the mechanics are broadly the same.

Senior Information Security Manager in Software, 501 - 1,000 employees

The somewhat perverse incentive is that the telcos profit off these calls. They’re charging for every call that's connected. The common refrain is, "It’s way too complex." But Verizon will not let billions of calls go through if they can’t get reimbursed for them. The telcos don't have an incentive to stop this because they're making money.

https://brothke.medium.com/the-fcc-telecoms-know-robocalls-can-be-stopped-now-you-can-know-that-also-5503461b764c

1

Content you might like

How would you rate your current patching processes?

Threat & Vulnerability ManagementSecurity Strategy & RoadmapProcess Management

Excellent9%

Very good54%

Good25%

Fair / acceptable9%

Poor1%

Very poor0%


313 PARTICIPANTS
866 views

CRQ is essential for effective risk-based decision making.

Risk ManagementSecurity Strategy & RoadmapGovernance, Risk & Compliance

Strongly agree4%

Agree68%

Neutral24%

Disagree2%

Strongly disagree0%


185 PARTICIPANTS
918 views

Did anyone else catch this stat on Crunchbase: "M&A deal-making in the cybersecurity space continues to slow with only 13 deals announced for VC-backed startups in the first quarter of the year"  Do you think the decrease in cybersecurity M&A is going to impact innovation or could it lead to consolidation in terms of vendor offerings (that is perhaps a needed change)?

Security Strategy & RoadmapSecurity & GRCInnovation
Read More Comments
1.2k views1 Upvote4 Comments

What's a quick win for optimizing spend? What's been your focus or "lowest hanging fruit"?

People & LeadershipStrategy & ArchitectureCloud+28 more
Read More Comments
1.5k views4 Upvotes3 Comments

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
143 19 Replies
Read More Comments
48.6k views133 Upvotes326 Comments