Re: Can somebody explain these ransomwear attacks?

[Tom Beecher <beecher () beecher cc>]

> The payment to ransomware gangs is now tax-deductible.

It's not new. In the US, losses due to theft have been at least partly
deductible for a very long time. By IRS definitions (
https://www.irs.gov/publications/p547), blackmail and extortion both
qualify as theft, and it's fairly safe to say those apply to all ransomware
attacks.

Everything can be broken, and nothing will ever be 100% secure. If you
strive to make sure the cost to break in is massively larger than the value
of what could be extracted, you'll generally be ahead of the game.




On Fri, Jun 25, 2021 at 8:39 AM Jean St-Laurent via NANOG <nanog () nanog org>
wrote:

> Hi Jim,
>
> Very nice text from you and you seem to offer good hints on how to stop it
> long term.
>
> The reality is that USA is going in the direct opposing direction that you
> express.
>
> The payment to ransomware gangs is now tax-deductible.
>
> "Extorted by ransomware gangs? The payments may be tax-deductible".
> Published June 21st.
> https://www.cbsnews.com/news/ransomware-payments-may-be-tax-deductible/
>
> Again from cbsnews. Not sure if we can rely on them to report accurate
> news?
>
> Jean
>
> -----Original Message-----
> From: NANOG <nanog-bounces+jean=ddostest.me () nanog org> On Behalf Of Jim
> Sent: June 25, 2021 8:26 AM
> To: Brandon Svec <bsvec () teamonesolutions com>
> Cc: nanog () nanog org
> Subject: Re: Can somebody explain these ransomwear attacks?
>
> On Thu, Jun 24, 2021 at 5:41 PM Brandon Svec via NANOG <nanog () nanog org>
> wrote:
> > I think a big problem may be that the ransom is actually very cost
> effective and probably the lowest line item cost in many of these
> situations where large revenue streams are interrupted and time=money (and
> maybe also health or life).
>
> Big problem that with organizations' existing Disaster Recovery DR methods
> -- the time and cost to recovery from any event including downtime will be
> some amount.. likely a high one, and criminals' ransom demands will
> presumably be set as high a price as they think they can get -- but still
> orders of magnitudes less than cost to recover / repair / restore, and the
> downtime may be less.
>
> The  ransom price becomes the perceived cost of paying from the
> perspective of the organizations faced with the decision,  But the actual
> cost to the whole world of them paying a ransom is much higher and will be
> borne by others (And/or themselves if they are unlucky) in the future, when
> their having paid the criminals encourages and causes more and more of that
> nefarious activity.
>
> I would call that a regulatory issue regarding commerce and payments not
> able to be addressed by technology.
>
> No matter how much companies can improve your DR process to cost less for
> a recovery and take less time -- a recovery is bound to still involve some
> downtime and cost a large enough amount  where it will then be possible for
> motivated criminals to come up with a dollars cost improvement for a ransom
> that will be less than it.
>
> I do wonder for a moment.. about companies paying ransoms: Do they somehow
> manage to get the crooks' W-9 and verify their identity, as required when
> an organization makes a payment to any 3rd party -- or do those paying
> ransoms somehow circumvent the mandatory tax reporting and witholdings,
> B/c it seems like making a payment to an Unnamed / unidentified /
> unverifiable party ought to be a crime  or make the payor be considered an
> accomplice in the crooks' evasion of the taxing authority?
>
> I always think.. have the governments impose penalties, eg.
> "If you make a payment for a ransom, then a penalty of  $10k plus 10000%
> the ransom will be due."
> / Have it be a more-severely penalized crime to send any digital payment
> for a transaction above X say $1000 without the Proof of Identity and
> Physical location of all Payees -- make sure it gets enforced strictly
> against anyone paying a ransom.
> Make the ransoms not payable without larger repurcussions, and perhaps the
> crooks will have to find a new profession.
>
> > The original thought that it should be handled like standard DR and
> tighten up security may apply to very small businesses though where they
> could afford to try to ignore the ransom request and rebuild more securely
> hoping the criminals will move on and not come back for revenge.
> >
> --
> -Jim