Re: Can somebody explain these ransomwear attacks?

[Michael Thomas <mike () mtcc com>]

On 6/25/21 5:25 AM, Jim wrote:
> On Thu, Jun 24, 2021 at 5:41 PM Brandon Svec via NANOG <nanog () nanog org> wrote:
> > I think a big problem may be that the ransom is actually very cost effective and probably the lowest line item cost in 
> > many of these situations where large revenue streams are interrupted and time=money (and maybe also health or life).
> Big problem that with organizations' existing Disaster Recovery DR methods --
> the time and cost to recovery from any event including downtime will
> be some amount.. likely a high one,
> and criminals' ransom demands will presumably be set as high a price
> as they think they can get --
> but still orders of magnitudes less than cost to recover / repair /
> restore, and the downtime may be less.
>
> The  ransom price becomes the perceived cost of paying from the
> perspective of the
> organizations faced with the decision,  But the actual cost to the
> whole world of them paying
> a ransom is much higher and will be borne by others (And/or themselves
> if they are unlucky)
> in the future, when their having paid the criminals encourages and
> causes more and more of that nefarious activity.

Well, the cost of the DR fire drill is proportionate to how automated, 
etc, it is. If you think that the odds of a DR event are really low you 
want to make it possible but not necessarily cheap. If it happens all of 
the time, you want to optimize for speed and efficiency.

The object here is to break their business model, at least for you. Even 
if you go through one DR they aren't likely to go back again rather than 
finding another sucker.

Mike