Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge?
Here at Black Hat, the CISA keynote promises to deliver increased cooperation within government agencies over cybercriminals, especially those focused on critical infrastructure and ransoms against systems that might cripple the country. But that’s not enough, now there’s a ‘ransom’ for the ransomer.
A nascent group stood up by the U.S. Department of State is here at Black Hat with a hastily propped up booth full of boxes of hacker shirts and flyers with wanted posters depicting shadowy figures in hoodies – presumably ransomware authors – and a bounty on their collective heads of $10 million. No small sum.
How do you cash in? They want specifics about identities and locations (presumably actionable), the more information the merrier. No, you probably won’t start with the $10 million reward, but the pool of cash is there, and hey, hackers need to pay rent too. They even have multiple ways of securely dropping your hints and tips.
This certainly signals a ramping-up of official efforts directed at the ransomware scourge reaping record hauls from companies feeling forced to pay.
Will it work?
The economics aren’t certain, but it’s fair to say that in the past couple of years ransomware authors have been hauling in enough cash to buy an island or two, and maybe even a boat to get there. But that might be changing.
One thing is sure: OpSec for ransomware crews just got real.
Here at Black Hat there are banners about hackers working harder than the rest of us. Maybe, but there is an element of enlightened laziness behind it all – hackers want something cheap and easy, easy as possible. So raising the stakes sours the deal somewhat.
I was asked at an interview here whether the government weighing in will stop ransomware. No. The speed of government tends toward glacial. But once the elements are in motion, they carry a very large hammer, larger than your typical crew of hackers.
It’s also unclear whether government folks will suddenly be enticed (and allowed) to work between silos, in an environment that’s famously insular. But if they have permission, maybe the anti-ransomware glacier will begin to ooze in that direction. But not before the next ransomware attack.
While it’s unlikely that public hangings will be reinstated, ransom posters seem quite visceral on some level, maybe harkening back to the old west. Vegas participated in the old west back in the day, maybe one part of frontier justice is poised to return, especially if you happen to be that shadowy figure in the hoodie.
Get worry-free complete website cleanup and protection
Our software continuously scans for malware using our accurate anti-malware database; your site continues to run stable after cleanup. Malware removal takes a moment, not hours. Compatible with PHP-based websites and popular frameworks like WordPress, Drupal, Joomla, DLE, etc.
Our website antivirus does more than just find and remove infected files on your website or put them in quarantine, It removes malicious code (redirections, trojans, backdoors, shell scripts, and other malicious code) from files like PHP, JS, HTML, images, and system files in seconds with high accuracy.