Word Notes 12.20.22
Ep 130 | 12.20.22

Ransomware (noun)


Rick Howard: The word is: Ransomware

Rick Howard: Spelled: Ransom, as in a payment demanded for the release of something valuable. And ware, as in a type of software. 

Rick Howard: Definition: Malware that disables a system in exchange for a ransom, usually by encrypting the system's data until the user pays for the decryption key. 

Rick Howard: Example sentence: The company was forced to choose between paying the ransomware attackers, or rebuilding the systems from scratch. 

Rick Howard: Origin and Context: One of the first known ransomware incidents occurred in 1989, when evolutionary biologist Dr. Joseph Popp sent 20,000 floppy disks to members of the World Health Organization's AIDS conference. When the receiver inserted the floppy disk, the payload encrypted the names of files on the user's hard drive, and asked the victim to send $189 to "PC Cyborg Corporation" in order to receive a "repair tool. Popp was arrested in the UK but was deemed mentally unfit to stand trial. His motivation is still unclear, though he claimed the profits would go to AIDS research. 

Rick Howard: According to CrowdStrike, the advent of cryptocurrencies in the early 2010s paved the way for the proliferation and professionalization of a ransomware attacks. Cryptocurrency allowed attackers to receive victim's payments with a certain degree of anonymity. Early strains of ransomware were typically indiscriminate infecting individual home systems in exchange for a small ransom of a few hundred dollars.

Rick Howard: Over the years, however, threat actors shifted targets from the home internet user to the more lucrative corporate networks. According to Unit 42, Palo Alto Network's threat intelligence team, as of June, 2022, the average ransomware payment was just under 1 million dollars. As the new corporate model evolved, ransomware criminals found at least four ways to generate revenue from their victims. Number one, payment to unencrypt the data. Number two, payment to not make the stolen data public. Number three, payment to not sell the stolen data to competitors, slightly different than a public release, and finally, after receiving payments on the first three, selling the stolen data anyway to whomever wants it. 

Rick Howard: Nerd reference: At the conclusion of season one of my favorite TV show about cybersecurity ever, Mr. Robot, Fsociety, the hactivist group that the two main characters belong to, Elliot, played by Rami Malek, and Darlene, Elliot's sister, played by Carly Chaikin, penetrates the e-commerce systems at E Corp, aka Evil Corp and prevents access to all their customers' payment information. Fsociety displays a splash screen on every Evil Corp employee's monitor saying "your files are encrypted, to get the key to the decrypt files, you have to pay $5.9 million dollars."

Rick Howard: If payment is not made, will brick, the entire system signed, Fsociety and then it shows a countdown timer with less than 24 hours remaining. In this scene, Evil Corp's CTO played by Brian Stokes Mitchell, the CEO played by Michael Cristofer, and the chief legal officer played by Sandrine Holt, discussed their options.

Sandrine Holt: I was on the phone with the FBI all night. We can't confirm the sender, but the email we received is authentic, more than likely the same hackers from the ransomware. 

Michael Cristofer: Unbelievable. What are the demands again? 

Sandrine Holt: $5.9 million dollars. 

Sandrine Holt: 5.9 million to be delivered to Battery Park City, 9:00pm tonight. No police, if we wanna pay the ransom, the FBI will not sanction it.

Michael Cristofer: We cannot negotiate with these people. Our techs are looking into it. We'll find a way to decrypt it and get the system. 

Sandrine Holt: How long? 

Michael Cristofer: Five days, tops. 

Sandrine Holt: Five days for our banking system to be down. That's a lot of money down the drain. I don't, don't even wanna mention the optics. We can't afford this hack right now, and frankly, I think we can find 5.9 million in between our couch cushions. It's nothing. My opinion as general counsel is to pay it. 

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Pelzman. Thanks for listening.