
Equifax hackers demand $2.6m ransom - TaylorGood
http://mashable.com/2017/09/08/equifax-hackers-bitcoin-ransom.amp
======
nodesocket
> That shade is a reference to the Equifax execs who sold around $1.8 mil in
> company stock after Equifax discovered the breach — but before it alerted
> the public.

According to CNBC, this is false information. The insiders who sold claimed to
be unaware of the breach at the time of the sale and also the sale was
scheduled beforehand.

~~~
skellera
Claims can be made and the apparent filing was never done for it to be
scheduled.

There's no way a breach like that is discovered and the upper management/execs
aren't notified.

They are going to try and push hard to get that narrative in people's heads.
We'll know the truth when it gets investigated.

------
herewulf
Best pay up, Equifax. Even if it is a scam, $2.6m is a drop in the bucket of
the total potential damage.

Though suppose this group does have the actual data and does get the ransom.
What is to stop them from holding onto it to milk it for all it's worth?

~~~
nodesocket
Never pay ransoms. There is a great book "American Kingpin: The epic hunt for
the criminal mastermind behind the silk road". In it, Ross Ulbricht said every
time they paid hackers, they came back increasing the attacks and demands.

"If you give a mouse a cookie, he's going to ask for a glass of milk. When you
give him the milk, he'll probably ask you for a straw. When he's finished,
he'll ask you for a napkin."

~~~
trendia
Refuse to pay the ransom? The credit card numbers are still worth a lot.
You're only reducing their payoffs a little bit.

If anything, posting the ransom increases the chances that the FBI can track
them (since it's hosted on a Tor server)

~~~
fapjacks
The FBI's Tor exploit works on visitors to a Tor hidden service, but doesn't
work to identify operators of a Tor hidden service. However it is very easy to
misconfigure a Tor hidden service and have it leak identifying information.

------
subru
Paying out anonymous folks that demand ransom of copyable data is futile.
There won't be incentive to not leverage the data even if the ransom were to
be paid.

The reality is that BTC helps to facilitate various criminal behavior, some of
which would not exist otherwise.

If 4100 were to break today, there would be greatly increased probability of
accelerated downside. This is deserved since BTC is leveraged by criminals
such as in this case. Don't be surprised if this ends up becoming the case as
a form of public penalization of such criminal behavior.

~~~
jjeaff
Imo, assuming the hackers are acting logically, the payment of the random will
be followed up by another request for more money or the sale of said data on
the black market.

Since they are anonymous, there is no logical reason to keep their word. It's
not like they have a reputation to keep up.

~~~
rrobukef
It's an asymmetrical game of tit-for-tat. If the hackers don't keep their word
often enough the companies won't play the game again. Pay regardless of the
hackers keeping their word and you make yourself vulnerable.

