
Telefonica Is Target of $600,000 Bitcoin Ransomware Attack - wslh
https://cointelegraph.com/news/telefonica-succumbs-to-600000-bitcoin-ransomware-attack
======
ThrustVectoring
IMO, it should be illegal to _pay_ ransomware. Bad actors only deploy
ransomware because enough people pay the ransom for it to be worthwhile. Raise
the minimum risk-adjusted price (chance of getting caught paying * fine) by
enough, and people will make the rational decision to not pay it.

Combine with an advertising campaign to make it common knowledge that paying
ransomware gets you fined, and that you should have good backup-and-restore
ability instead, and the problem should become much less intense.

(side note: paying ransomware has negative externalities, since it funds
ransomware operations that hurt others. If criminalizing it offends your
libertarian aesthetic, think of it as a Pigouvian tax instead.)

~~~
jstanley
> Raise the minimum risk-adjusted price (chance of getting caught paying *
> fine) by enough, and people will make the rational decision to not pay it.

You don't need to make it illegal to pay ransomware to use this type of logic
to stop ransomware. Here's an alternative version:

It should be illegal to deploy ransomware. Raise the minimum risk-adjusted
price (chance of getting caught deploying * fine) by enough, and people will
make the rational decision not to deploy it.

But it doesn't work. The chance of getting caught is (currently) so
infinitesimal that it is ignored, and ransomware is rampant.

In your system, the chance of getting caught paying would be equally
infinitesimal, with the added problem that anybody involved with prosecuting
or convicting would fully understand that they are harming the victim rather
than the perpetrator.

~~~
wtvanhest
That definitely is not true. If a company has to pay $1m for ransomware, they
would likely need to disclose it publicly, and at least privately to auditors.
Making it illegal as in jail time would prevent any corporate employee from
agreeing to do it so it would effectively stop it.

~~~
jstanley
Fair point.

------
batter
"The success of the attack is thought to be due to a vulnerability in
Microsoft Windows" It's really 'good' day for Microsoft. Europe realizing that
Microsoft is not that good and cheap:
[https://news.ycombinator.com/item?id=14314713](https://news.ycombinator.com/item?id=14314713)
NHS in England is under attack due to Microsoft bug:
[https://news.ycombinator.com/item?id=14325213](https://news.ycombinator.com/item?id=14325213)

~~~
djsumdog
The NHS one was posted on Slashdot earlier. A bunch of companies and
governments seem to be affected and it's spreading across much of Europe.
Whoever started this is probably going to make a killing.

The trouble is, it's not unreasonable to open en e-mail attachment if it looks
like it comes from someone on your work network. You may be expecting
spreadsheets or PDFs every day, and the most recent MS issue was due to the
scanning process itself; you didn't even have to open that attachment.

I feel like several things need to happen here. Non-tech jobs need solid white
listing. A lot of white listing software is crap and at B-sides 2016, there
was a talk on how to bypass a lot of them. Solid white-listing based on
application hashes and complete paths of the binary needs to become the
defacto standard.

Many PCs need to stop being PCs. If it's order entry for a doctor or nurse and
the software already has a web interface, a Chromebook or Linux box that just
boots straight to Firefox/Chromium or something else that's very simple/kiosk
is a much better and cheaper solution. You don't need a full blown Mac/Win
laptop for most of the applications we use them for. (Maybe Win 10 S could
even be an option in this situation, if you can connect it to a domain and
offer only company apps instead of store apps?)

Large organisations need solid backup strategies, snap-shoting storage systems
for staff, backup verification (would suck of that storage rack had a
ransomware timebomb waiting to encrypt your backups) so they're never out more
than 24 hours of date.

Even though a lot of this is a "less is better" approach, it does increase
costs, it is a learning curve, it does add some limitations and, for public
organisations like the NHS, it will be a burden on already taxes IT
departments.

It sucks, but I wonder if we'll start to see better practices due to this and
if these types of ideas will become common practice in the next decade.

~~~
RubenSandwich
Absolutely we need to decrease the attack surface. We can't expect for each of
those doctors to make sure they always have the latest version of Windows,
etc. I'd also go so far as saying that we can't even trust IT to always update
the systems because large corporates loose track of boxes all the time.

------
campuscodi
More info on the attacks. From the horse's mouth, who broke the story, and not
from an article with 3 paragraphs.

On Telefonica: [https://www.bleepingcomputer.com/news/security/telefonica-
te...](https://www.bleepingcomputer.com/news/security/telefonica-tells-
employees-to-shut-down-computers-amid-massive-ransomware-outbreak/)

Globally: [https://www.bleepingcomputer.com/news/security/wana-
decrypt0...](https://www.bleepingcomputer.com/news/security/wana-
decrypt0r-ransomware-using-nsa-exploit-leaked-by-shadow-brokers-is-on-a-
rampage/)

------
soneca
I would like to read someone's educated guess on what is the % of bitcoin
transactions that have a direct purpose of paying illegal activities (drugs,
guns, black hat hacking, ransomware, etc).

I am not capable of giving such a guess. I would be happy to read even about
the order of magnitude of said %.

~~~
brbrodude
Drugs are probably a big share of all btc value and maybe it's "gold standard"
since it's one thing you can find people wanting to trade stuff for it
anywhere in the world. The rest of the illegal activity would probably need to
be calculated separatedly because I'm almost sure drugs would dwarf them.

------
RichardHeart
Ransomware is a bug bounty program you didn't know you were part of.

~~~
atroll
haha

------
kondbg
> “The origin of the infection is not confirmed at the moment, but sources
> close to the company point out that it is being treated as an attack
> originating in China,” El Mundo writes.

It's amazing how any organization can get away with poor security and backup
practices by blaming either Russia or China, without showing any evidence to
back their claim.

~~~
doktrin
To my mind, there's a difference between "blaming Russia or China" and saying
the attacks originated in Russia or China. The former is a reference to the
nation state itself (i.e. state sponsored cyber attacks), while the latter is
broader and can also mean private individuals within those respective
countries.

~~~
azernik
And, in fact, given that by now news reports are indicating that the greatest
number of affected machines in this wave of attacks is in Russia itself, it's
probably private criminal groups.

------
davidgerard
This is, of course, actually _good news_ for Bitcoin, because

------
owlninja
'Succumbs' makes it sound like they payed the ransom, which they haven't

~~~
passivepinetree
Agreed. Mods, could we please change the title to something like "Telefonica
Is Target of $600,000 Bitcoin Ransomware Attack"?

I know the current title is the actual title of the article, but it's
misleading.

~~~
Nexxxeh
"Victim", as there's nothing to suggest it's targetted.

------
bhhaskin
That website seems to hijack back button history...

~~~
jasonkostempski
You can get it back, for 1 Bitcoin.

------
fsaneq2
> Hackers are demanding a payment of $300 per machine, roughly equal to 300
> Bitcoins currently worth around 510,000 euros.

EDIT: nvm. Apparently they mean to imply they have about ~1759 infected
machines.

~~~
madez
You misunderstood. The article claimed

300$ dollers per machine ≈ 300 Bitcoins ≈ 510,000€

