This article is interesting because the ransomware group has not only shut down but they have decided to release the encryption key for free. This begs the question of why they would do such a thing before shutting down? What motivation do they have to release the key? I personally think that it demonstrates that groups like this are only concerned with making a profit and because they are shutting down there is no reason for them to hold onto the key. They could have just never released it and be truly “evil” by letting the companies still affected have no way of ever receiving the key, because they are shutting down. This also continues a trend of several other ransomware groups ceasing operations lately, which is something interesting to keep an eye on.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Ryan,
Great post. I agree with your assessment of their motivations. I struggle with how to best engage with such groups and whether paying them does more harm than good.
Im also curious about whether other groups will take similar approaches.
Matt,
I would argue that paying them would in fact do more harm than good. I believe part of the reason why some of these ransomware groups are shutting down is due to increased pressure and crackdowns from international authorities, making it not as profitable as it once was. Hypothetically, if all companies stopped paying any ransom for these attacks I believe that shortly thereafter none of these groups would exist. If they cannot make money through these means they will eventually stop trying and move on to a different approach. The challenge becomes how do make it so there is not a lot of money in ransomware attacks if you cannot ensure that every company will refuse to pay the ransom?
Ransomware is notoriously a strictly financial endeavor with the added bonus that it can take down critical infrastructure, healthcare networks, financial institutions. It can only be a “hypothetical” to not pay the ransom. I don’t think there is a way to prevent ransomware attacks other than being vigilant, staying up to date on the latest IT security trends, and not being cheap when your data is at risk and is highly valuable. Understanding your threat landscape in a realistic kind of way is crucial to success, otherwise.. it’s a hope and a prayer strategy.