Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Crime Government United States

Senators: Has Uncle Sam Paid Off Ransomware Criminals? (securityledger.com) 53

chicksdaddy writes: Just a month after an FBI official admitted that his agency sometimes advised companies stricken with ransomware to pay the ransom, two U.S. Senators are requesting information about federal agencies' encounters with ransomware malware, and whether Uncle Sam might have paid ransoms, also. "Have federal state or local governments sought DOJ or FBI’s help to remove ransomware from their computers," the Senators asked in a letter (PDF download) addressed to Attorney General Loretta Lynch. "If so, please describe the nature of any assistance sought, whether agencies have paid ransoms to remove ransomware, and whether DOJ or the FBI was able to decrypt the computer systems."
This discussion has been archived. No new comments can be posted.

Senators: Has Uncle Sam Paid Off Ransomware Criminals?

Comments Filter:
  • by mveloso ( 325617 ) on Monday December 07, 2015 @05:12PM (#51076081)

    Can you write off ransom costs on your taxes?

    Do you get a receipt when you pay off your ransomware?

  • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Monday December 07, 2015 @05:13PM (#51076093)

    The success of the ransomware ends up benefitting victims: because so many people pay, the malware authors are less inclined to wring excess profit out of any single victim, keeping ransoms low.

    Gotta love the "logic" that went into that statement.

    Remember kids, paying the ransom is a lot cheaper than investing in security ... as long as everyone else is also paying the Danegeld.

    • The success of the ransomware ends up benefitting victims: because so many people pay, the malware authors are less inclined to wring excess profit out of any single victim, keeping ransoms low.

      Gotta love the "logic" that went into that statement.

      Remember kids, paying the ransom is a lot cheaper than investing in security ... as long as everyone else is also paying the Danegeld.

      It is true... They will not want to kill the goose as long as it keeps laying golden eggs. But you really do not want to be the last "Goose" that takes good backups...

      • by khasim ( 1285 )

        It is true... They will not want to kill the goose as long as it keeps laying golden eggs.

        The criminals don't. But phrasing that as "benefitting" the victims is ... beyond stupid.

        Like being shaken down for "protection" money. But the mob is doing such a good job that they can offer you a 50% off deal. It might be less painful, but it is not a "benefit" in any way.

        • by Anonymous Coward

          That reminds me. We should have security insurance and make it mandatory. Something like ASSA (Affordable Software Security Act)?

        • by DarkOx ( 621550 )

          Like being shaken down for "protection" money. But the mob is doing such a good job that they can offer you a 50% off deal. It might be less painful, but it is not a "benefit" in any way.

          Depends. protection money is a racket because of course if you opt not to pay than something terrible *will* happen to you, perpetrated by your would be protector. On the other hand in a lot cases various places around the would I have heard about from people you absolutely do get some *protection* for your money. There is usually some symbol like placing a statue of saint or something in a window that lets other criminal gangs know you are client of one of their rivals. They than leave you and your est

    • Capitalism is grand.

    • by hey! ( 33014 )

      Well, let's assume that malware authors are economically rational. If they demand millions of dollars almost nobody will pay. If they demand a penny they'll get lots of people paying, but they won't net much. There's an optimum ransom price between the extremes where they maximize their revenue, and it's likely to be relatively low -- in the hundreds of dollars -- rather than the tens of thousands of dollars. For one thing any organizations has a threshold under which managers can spend with their own

  • Had a few machines come in from various state orgs and universities 2 years ago when crypto starting making the rounds again. Their backups were too old, had to pay the fuckers. They did get all their stuff back. But still, they paid some assknob in east fuckistan 1200USD a pop. That was when I figured out that I was playing on the wrong team.
    • some assknob in east fuckistan

      You really think that no public sector employee has figured out yet that they could infect their own work computers with malware and get a bitcoin advance on their pension while blaming the east fuckistanians?

  • by Archangel Michael ( 180766 ) on Monday December 07, 2015 @05:49PM (#51076319) Journal

    Hillary Clinton has just announced that her "Email Server" and all the "Emails" were held hostage by Ransomware and she didn't pay, and that is why she doesn't have those emails everyone doesn't care about.

  • I would hope the reason they paid was to track them down seeing that is the job the FBI and CIA keep telling the tax payers they do.

  • by DarkOx ( 621550 ) on Monday December 07, 2015 @05:59PM (#51076379) Journal

    U.S. Senators are requesting information about federal agencies' encounters with ransomware malware, and whether Uncle Sam might have paid ransoms,

    I mean the Obama administration has pretty publicly failed to up hold the 'US does not negotiate with terrorists' line. That is the sort of precedent that gets set at the top. When the President is out there doing prisoner swaps with the Taliban its pretty hard to expect some mid level IT bureaucrat to spine up and tell his bosses they fucked up don't have backups and got hit with crypt malware. Much easier to submit an expense report for "consulting services" and hope the issue is forgotten quickly.

    • by Anonymous Coward

      I'm sure you didn't raise any objections in 2002 when the Bush administration negotiated a ransom payment to the al Qaeda linked Abu Sayyaf terrorist group in an attempt to free the two Burnham hostages.

  • by Applehu Akbar ( 2968043 ) on Monday December 07, 2015 @06:14PM (#51076461)

    We already know that local governments, including police and sheriff offices, have been nailed by ransomware and have paid up to get their data back. If this conjecture about the feds proves out, it would reinforce my hypothesis that NSA surveillance is a paper tiger. If NSA data collection was as effective as we fear it is, they would be able to trace the Bitcoin payments and have agents sent out to strangle the perps with their own intestines, no matter where they might be located.

    Whatever we think of the NSA's domestic operations, everyone in here would love to see that happen at least once.

    • We already know that local governments, including police and sheriff offices, have been nailed by ransomware and have paid up to get their data back. If this conjecture about the feds proves out, it would reinforce my hypothesis that NSA surveillance is a paper tiger. If NSA data collection was as effective as we fear it is, they would be able to trace the Bitcoin payments and have agents sent out to strangle the perps with their own intestines, no matter where they might be located.

      Everyone except the very entity who would want to keep that capability secret, which is why this shit has likely happened more than once to [random dumbass] who simply disappeared off the radar without anyone really noticing.

      Whatever we think of the NSA's domestic operations, everyone in here would love to see that happen at least once.

      You know, there's a reason governments use the concept of need to know quite often...it's usually to ensure it will happen far more than "once"...

    • by Anonymous Coward

      Domestic surveillance programs are pork barrel scams. Always have been.

      Security agency has the ear of congress and executive, tells them they need local spying and big local spy data warehouses

      Security agency heads "Retire" to security services contractor outfits

      Security services contractors make untold piles of money on black budget projects with no oversite or audit

      Lather, rinse, repeat

      See also: Every armed forces branch, financial services industry.

    • by jonwil ( 467024 )

      Even if the NSA had the capability to track down these cyber crime gangs AND even if the NSA was willing to expose their methods in order to get them, there isn't a lot the US can do.

      Its not like they can send CIA assassins (or armed drones) into the heart of Putin's Russia to take out the cybercrime bigwigs (especially when those bigwigs are friends of Putin)

The test of intelligent tinkering is to save all the parts. -- Aldo Leopold

Working...