Senators: Has Uncle Sam Paid Off Ransomware Criminals? (securityledger.com) 53
chicksdaddy writes: Just a month after an FBI official admitted that his agency sometimes advised companies stricken with ransomware to pay the ransom, two U.S. Senators are requesting information about federal agencies' encounters with ransomware malware, and whether Uncle Sam might have paid ransoms, also. "Have federal state or local governments sought DOJ or FBI’s help to remove ransomware from their computers," the Senators asked in a letter (PDF download) addressed to Attorney General Loretta Lynch. "If so, please describe the nature of any assistance sought, whether agencies have paid ransoms to remove ransomware, and whether DOJ or the FBI was able to decrypt the computer systems."
problem, reaction, solution. done. (Score:2)
Encryption must be outlawed.
Re: (Score:3)
I know it's popular to blame everybody else but maybe it's time to blame the terrorists themselves?
People seem hell-bent on blaming the US, guns, politicians, religion, economy, environment, the French, Europe in general, etc... How about we just, you know, blame the asshole terrorists?
Re:Officially or unofficially? (Score:5, Funny)
Is ransomware tax-deductible? (Score:4, Insightful)
Can you write off ransom costs on your taxes?
Do you get a receipt when you pay off your ransomware?
Re: (Score:3)
Re: (Score:3)
>> Can you write off ransom costs on your taxes?
I don't see why not. Best case, it's business services and fully deductible. Worst case, it's entertainment (and half deductible).
Re: (Score:3)
especially if you seek legal advice regarding the measure ...
Re:Is ransomware tax-deductible? (Score:4, Informative)
Yes. An individual can deduct the amount minus ($100 + 10% of AGI) Source: NY Times [nytimes.com], Extortion counts as theft. IRS [irs.gov]
Businesses get treated more favorably, they can deduct actual losses.
Re:Is ransomware tax-deductible? (Score:4, Funny)
So I can deduct tax payments from my taxes? Woo-hoo!
Winning quote of the day. (Score:4, Insightful)
Gotta love the "logic" that went into that statement.
Remember kids, paying the ransom is a lot cheaper than investing in security ... as long as everyone else is also paying the Danegeld.
Re: (Score:3)
Gotta love the "logic" that went into that statement.
Remember kids, paying the ransom is a lot cheaper than investing in security ... as long as everyone else is also paying the Danegeld.
It is true... They will not want to kill the goose as long as it keeps laying golden eggs. But you really do not want to be the last "Goose" that takes good backups...
Re: (Score:3)
The criminals don't. But phrasing that as "benefitting" the victims is ... beyond stupid.
Like being shaken down for "protection" money. But the mob is doing such a good job that they can offer you a 50% off deal. It might be less painful, but it is not a "benefit" in any way.
Re: (Score:1)
That reminds me. We should have security insurance and make it mandatory. Something like ASSA (Affordable Software Security Act)?
Re: (Score:2)
Like being shaken down for "protection" money. But the mob is doing such a good job that they can offer you a 50% off deal. It might be less painful, but it is not a "benefit" in any way.
Depends. protection money is a racket because of course if you opt not to pay than something terrible *will* happen to you, perpetrated by your would be protector. On the other hand in a lot cases various places around the would I have heard about from people you absolutely do get some *protection* for your money. There is usually some symbol like placing a statue of saint or something in a window that lets other criminal gangs know you are client of one of their rivals. They than leave you and your est
Re: (Score:1)
Capitalism is grand.
Re: (Score:2)
Well, let's assume that malware authors are economically rational. If they demand millions of dollars almost nobody will pay. If they demand a penny they'll get lots of people paying, but they won't net much. There's an optimum ransom price between the extremes where they maximize their revenue, and it's likely to be relatively low -- in the hundreds of dollars -- rather than the tens of thousands of dollars. For one thing any organizations has a threshold under which managers can spend with their own
New York State has paid the criminals. (Score:2)
Re: (Score:3, Funny)
Re: (Score:2)
You really think that no public sector employee has figured out yet that they could infect their own work computers with malware and get a bitcoin advance on their pension while blaming the east fuckistanians?
This just in! (Score:3)
Hillary Clinton has just announced that her "Email Server" and all the "Emails" were held hostage by Ransomware and she didn't pay, and that is why she doesn't have those emails everyone doesn't care about.
Re: (Score:2)
I thought she went to give a speech to them in order to get a backdoor put in to the encryption to help fight ISIS.
The answer should be "Of course we paid them!" (Score:2)
I would hope the reason they paid was to track them down seeing that is the job the FBI and CIA keep telling the tax payers they do.
Is there really much doubt (Score:3, Insightful)
U.S. Senators are requesting information about federal agencies' encounters with ransomware malware, and whether Uncle Sam might have paid ransoms,
I mean the Obama administration has pretty publicly failed to up hold the 'US does not negotiate with terrorists' line. That is the sort of precedent that gets set at the top. When the President is out there doing prisoner swaps with the Taliban its pretty hard to expect some mid level IT bureaucrat to spine up and tell his bosses they fucked up don't have backups and got hit with crypt malware. Much easier to submit an expense report for "consulting services" and hope the issue is forgotten quickly.
Re: (Score:1)
I'm sure you didn't raise any objections in 2002 when the Bush administration negotiated a ransom payment to the al Qaeda linked Abu Sayyaf terrorist group in an attempt to free the two Burnham hostages.
Re: (Score:2)
Cryptography in the wild is not easy.
More proof of my hypothesis about the NSA (Score:4, Insightful)
We already know that local governments, including police and sheriff offices, have been nailed by ransomware and have paid up to get their data back. If this conjecture about the feds proves out, it would reinforce my hypothesis that NSA surveillance is a paper tiger. If NSA data collection was as effective as we fear it is, they would be able to trace the Bitcoin payments and have agents sent out to strangle the perps with their own intestines, no matter where they might be located.
Whatever we think of the NSA's domestic operations, everyone in here would love to see that happen at least once.
Re: (Score:2)
These are hardly petty criminals. They target businesses of all sizes, and have hit governments. If they have hit the federal government, then by definition national security is involved, and it's showtime for whatever special agents and forces eradicating them takes.
The Enigma reference is irrelevant because during WW II, we specifically didn't want the Axis to know that we had broken their code. Ransomware operators? We would want them to know that we can trace them and kill them wherever they are, and if
Re: (Score:2)
We already know that local governments, including police and sheriff offices, have been nailed by ransomware and have paid up to get their data back. If this conjecture about the feds proves out, it would reinforce my hypothesis that NSA surveillance is a paper tiger. If NSA data collection was as effective as we fear it is, they would be able to trace the Bitcoin payments and have agents sent out to strangle the perps with their own intestines, no matter where they might be located.
Everyone except the very entity who would want to keep that capability secret, which is why this shit has likely happened more than once to [random dumbass] who simply disappeared off the radar without anyone really noticing.
Whatever we think of the NSA's domestic operations, everyone in here would love to see that happen at least once.
You know, there's a reason governments use the concept of need to know quite often...it's usually to ensure it will happen far more than "once"...
Re: (Score:1)
Domestic surveillance programs are pork barrel scams. Always have been.
Security agency has the ear of congress and executive, tells them they need local spying and big local spy data warehouses
Security agency heads "Retire" to security services contractor outfits
Security services contractors make untold piles of money on black budget projects with no oversite or audit
Lather, rinse, repeat
See also: Every armed forces branch, financial services industry.
Re: (Score:2)
Even if the NSA had the capability to track down these cyber crime gangs AND even if the NSA was willing to expose their methods in order to get them, there isn't a lot the US can do.
Its not like they can send CIA assassins (or armed drones) into the heart of Putin's Russia to take out the cybercrime bigwigs (especially when those bigwigs are friends of Putin)