In Private Conversation, Hackers Behind Ransomware Outbreak Lower Demand To $50 Million

The hackers who have claimed responsibility for an international ransomware outbreak have lowered their asking price in a private conversation with a cybersecurity expert, something he said may be a sign the group was having trouble monetizing their massive breach. From a report: The REvil ransomware gang, also known as Sodinokibi, is publicly demanding $70 million to restore the data it's holding ransom after their data-scrambling software affected hundreds of small and medium businesses across a dozen countries - including schools in New Zealand and supermarkets in Sweden. But in a conversation with Jack Cable of the cybersecurity-focused Krebs Stamos Group, one of the gang's affiliates said he could sell a "universal decryptor" for all the victims for $50 million. Cable told Reuters he managed to get through to the hackers after obtaining a cryptographic key needed to log on to the group's payment portal. Reuters was subsequently able to log on to the payment portal and chat with an operator who said the price was unchanged at $70 million "but we are always ready to negotiate."

Better idea.

[LenKagetsu]

Make paying ransom carry a fine equal to three times the ransom, because you're funding criminal activity and suffering the consequences of mismanaging your IT security.

Re:

[youngone]

Why not just sanction the banks that facilitate the payments to these people?
It's not like someone is taking a suitcase full of cash to Gorky Park to pay them. The banks are partly responsible for this and ought to be preventing it from happening.

Re:

[nyet]

You have a twisted, incoherent, bizarre definition of "responsible".

Re: Better idea.

[OrangeTide]

remind me not to let you drive the bus, less you veer off into some random direction.

Re:

[Jeremy Erwin]

It's quite simple-- the feds just need to mine enough bitcoin to mount a 51% attack.

Re:

[rmdingler]

It's quite simple-- the feds just need to mine enough bitcoin to mount a 51% attack.

Or. The combined value of all Bitcoin is US$650 billion... Let's say you're the gubermint, printing fiat money like a counterfeiter with a meth habit... for less than the price of an infrastructure bill, or a Covid relief package, you could easily afford to corner the Bitcoin market and devalue the cryptocurrency by using the rest of it to light cigars, once you're finished spraying most of it with perfume to use as the poor man's bidet.

Re: Better idea.

[saloomy]

By buying bitcoins with that bill; you only increase the demand and skyrocket its value.

Re:

[rmdingler]

You'd think, but ponder for a moment the power a sovereign government has... okay, not just any sovereign government but one with a lot of economic sway like the US, or the EU, or japan and Korea, or, or, China.

In point, what happened to the Bitcoin's value when China shrugged its shoulders?

Re:

[DrMrLordX]

So what happens when they demand ransom paid in XMR instead?

Re:

[Jeremy Erwin]

Much of the colonial pipeline ransom was ostensibly recovered using a blockchain explorer, so perhaps XMR will be the currency of choice. However bitcoin can be purchased at the same place you can buy giiftcards, so there's a tradeoff.

Re:

[onepoint]

Can't some make a report that is based off the blockchain, and declare those coins to be tainted money.?
seems like a perfect way to lock theft coins in it's owe ecosystem.

I kind of think of it as a IP spam filter where, you just check against.

I am sure that at this time XMR is not subject to this, yet, at this size of transaction it just might be.

Re: Better idea.

[zlives]

Sanction the country where money ends up with.
Problem will fix itself.

Re:

[jythie]

Eh, there is too much investment in Russia by Americans and by Russians in America for any real sanctions.

Re:

[rtb61]

Here is the rub though. The entire thing way to public, it has become an affront to every police force, internationally, it has developed into a real focal point for every single investigatory agency planet wide. They are in it and in it deep, real deep. No place safe, no place to hide, policing has gone red hot on it.

It is dumb stuff like this by criminals, that sets global precedents for international treaties and pursuit of law enforcement and the threat not to the end users but the authority of police

Re:

[bloodhawk]

why not invade the neighbouring country to where family of the criminals live. After all they partly responsible for not shutting this family down earlier.

Re:

[Ostracus]

Worked for Manuel Noriega [wikipedia.org] so it should for this.

Re:

[NFN_NLN]

> It's not like someone is taking a suitcase full of cash to Gorky Park to pay them.

CRYPTOlocker. It's right in the name.

Re:

[youngone]

Good point.
You'd think I would have seen that.

Re:

[I've Got Three Cats]

I think you might mean bitcoin exchanges. They would know what wallets have the coin and could potentially blacklist any exchanges from accepting those wallets. Problem with that is you could split the coin across many wallets infinitum.

On a related note, didn't the US govt find the coins paid for the pipeline ransome? Maybe they'll get lucky again.

Re:

[Applehu Akbar]

The banks have nothing to do with the popularity of ransomware, because it's entirely enabled by cryptocurrency. Stomp on the cryptos using whatever 3-letter agency methods we can dream up, and the problem goes away.

Re:

[motox]

How about we just punish victims ? In the end if someone beats you up it's your fault for not learning Karate ?

Re:

[Mark of the North]

I agree that nobody should pay the ransom, but it is harder than you think to secure an organization against this sort of attack. In fact, it's basically impossible without giving up flexibility and efficiencies that we have take for granted.

Employees need access to the internet. Employees need access to a large confidential data set. Even with the best of training, some will be fooled by an email or other vector for ransomware, giving malware access to both the internet and the confidential data set. A de

Re:

[Anonymous Coward]

I am well aware of how difficult it is, it is what I do for a living. It is also why the focus should not be completely on securing your organisation, everyone should have long ago moved to an "assume breach" mentality and be ensuring that they can recover from such a compromise in the most efficient manner while protecting the key assets.

Re:

[JBeretta]

It's not always mismanagement. There's a reason why hackers pay top dollar for 0-day flaws.

Re:

[iggymanz]

You're a child who doesn't understand the value of information encrypted, and cost of sensitive ex filtrated data being posted far outweighs the ransom cost in many cases so businesses pay.

Re:

[LenKagetsu]

If you can spend millions on ransom you can spend millions on IT security.

Re:

[F.Ultra]

yes, but the one is a maybe event and the other is a definitive event. So people go with the maybe since it's "maybe" cheaper in the end.

Re:

[bloodhawk]

which is why it needs to be made illegal to pay. The business is thinking only of themselves (not unreasonable), yet their paying affects everyone else as the criminals are being funded and the enterprise is seen as successful so their will be more and more victims.

Re:

[mrobinso]

which is why it needs to be made illegal to pay.

Absolutely agree. You cannot negotiate with terrorists, and that's what these people are - terrorists.
Paying out the ransom does nothing to tighten IT security, it gives the company an out, let's them sweep their IT ineptitude and lack of proper security under the rug.
It should be illegal to pay them, illegal to not report all of it, and even more illegal not to prevent it in the future.
If it happens twice to the same company they should either be nationalized or shut down permanently.

Re:

[yagmot]

So you're saying that everyone who was subject to the Solar Winds attack was mismanaging their IT security? Same with everyone who used Kaseya?

Krebs v. Krebs

[nicolaiplum]

Can we get Chris to change his surname because every time I see "... security... Krebs.." I have to read the article to find out whether this is Brian Krebs (automatic must-read) or the other Krebs (eh, whatever)?

Very Kind

[puddingebola]

Very nice of them to knock 28% off the price. I'm sure their clients will appreciate it. They should snatch that bargain up right away.

We don't negotiate with terrorists

[I've Got Three Cats]

I wonder how long it will be before that becomes the policy, and the US uses it justify more severe economic, or even military, actions. Maybe the ransomware gangs know it too?

Ransomware attacks should be considered terrorism.

[couchslug]

Kill any perps you can manage who fail to surrender.

It's perfectly fine to hurt enemies. That's all humans understand as we are a savage race. Failure to use savagery appropriately is weakness, not virtue. Enemy impunity must be reduced and since necessity knows no law, use any non-counterproductive method.

Law is for use between friends. We don't miss viri when we kill them.