Hacker News new | past | comments | ask | show | jobs | submit login

The threat cited in the article said not just that the code would remain deleted, but that it would be "leaked" - presumably many of these were private repos.

You could never trust that the attacker actually deleted their copy of the repo, but then, the whole cryptolocking business model falls down if the attacker isn't at least moderately honest, so I can see why people would respond to that threat.

”the whole cryptolocking business model falls down if the attacker isn't at least moderately honest”

Nitpick: it only requires most attackers to be somewhat honest. Having a few unscrupulous ones may make life harder for the “honest” ones, but they themselves can be better of, e.g. by, after receiving payment, demanding more money.

Is it more unethical to release an "honest cryptolocker" or one that lies and never gives the files, degrading the trust the entire cryptolocker grift relies on?

It's pretty obvious that it's worse to be an actual criminal, than someone who goes around and pretends to be one.

In the same way that it's worse to shoot someone with an actual gun than to threaten to shoot them with a Nerf gun.

The negative network effects on other scammers are also nice.

In this case both are actual criminals but one returns your data after payment while the other doesn't

I'm not so sure.

An "honest cryptolocker" helps support more cryptolocker use, as people trust that if they pay the criminal they'll get their stuff

If dishonest ones were the norm, than maybe cryptolocking would cannibalize itself as nobody would pay since they know its useless. So in a sense the dishonest one while having less ethical intention has more ethical results. But only at scale. Hmmm.

Sounds like we need a review site for extortionists.

Would you charge the extortionists to remove their negative reviews?

No, they just have to prove they're the real person with photo ID and admit they are the person being referred to as the criminal.

Or maybe an escrow service for extortionists who makes sure the amount is refunded if the extortionist does not deliver.

If I remember correctly, WannaCry had a small customer support call center =D

Very fair point.

For what it's worth, I really hope people don't pay if they can avoid it. Guy I know consults for a company which recently got ransomware. They had insurance, payed $1.5 million, got their files back. FBI came in and figured out it was the north koreans. This is happening more and more often, and will increase as we continue sanctions pressure.

This is a classic prisoners' dilemma: if no one payed, every one would be better off, but it is very hard to be that one guy or company who loses all his files for the "greater good".

its easier to trust private hackers than organizations that have the law on their side

society works with mutual cooperation and hackers seem to understand that more than the "technically cooperating in this context" that the legal field would employ

Vast majority of cryptolockers are fake, they just keep asking for more and more money but never unlock.

(This is probably not true, but society would benefit from "cryptolockers are usually fake" being in the zeitgeist)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact