Decision making when infected with Ransomware

Abortion, euthanasia, genetic engineering, Just War theory and other such hot topics.

Moderators: AMod, iMod

Post Reply
marsh8472
Posts: 54
Joined: Sun Oct 19, 2014 3:06 pm

Decision making when infected with Ransomware

Post by marsh8472 »

What's the right way people should respond if they are infected with ransomware? Say they become infected, all of their files become encrypted, no backups are available to fix it, and the files cannot be decrypted without a decryption key which only the attacker has. The files could be very important too such as family home videos, pictures, files an entire business depends on, etc...

If for example the data that has been seized is worth hundreds of thousands of dollars and the intruder wants only $1,000 to restore the files, a cost benefit analysis would suggest it's better to pay the ransom. However when paying that ransom it could encourage the attacker to do the same thing to more people, even target the same victim and make them pay again. Also there would be no guarantees that they would restore the system even if the ransom were paid or worse yet ask for more money even after accepting payment. What should be done when in a dilemma like that? In what situations is it better to pay than not pay? Does justice demand never to pay ransoms?
User avatar
henry quirk
Posts: 14706
Joined: Fri May 09, 2008 8:07 pm
Location: Right here, a little less busy.

Post by henry quirk »

Stop storing valuable shit on hard drives.

...but, if you do, and get ransom-wared...

Wipe the disk clean, keep your money, and *ahem* stop storing valuable shit on hard drives.

Paper is your friend...pencils, pens, typewriters are your friends...file cabinets are your friends...photo albums are your friends.
marsh8472
Posts: 54
Joined: Sun Oct 19, 2014 3:06 pm

Re:

Post by marsh8472 »

henry quirk wrote:Stop storing valuable shit on hard drives.

...but, if you do, and get ransom-wared...

Wipe the disk clean, keep your money, and *ahem* stop storing valuable shit on hard drives.

Paper is your friend...pencils, pens, typewriters are your friends...file cabinets are your friends...photo albums are your friends.
But I'm sure situations exist where it's better to pay too in order to avoid the losses? Say they have decades of data stored on the machine and the attacker wanted only $20. Why not try then?
User avatar
henry quirk
Posts: 14706
Joined: Fri May 09, 2008 8:07 pm
Location: Right here, a little less busy.

Post by henry quirk »

I'm only givin' you my take, Marsh.

Me, not givin' the fuckers a dime ('course, I'm not dumb enough to store important shit on a hard drive, so -- for me -- the question is academic).

Really, there's no rule of thumb in this...I won't pay, but another will, for reasons quite clear to that person at the time.

As I say in another thread: pick your poison, drink it down, get on with it.
ken
Posts: 2075
Joined: Mon May 09, 2016 4:14 am

Re: Decision making when infected with Ransomware

Post by ken »

marsh8472 wrote:What's the right way people should respond if they are infected with ransomware?
Is there one 'right' way?

The decision making process is the exact same in all situations. In that a decision is made depended upon the specific situation and all of the variables involved. And, what one person would do another would not. Some things that are extremely valuable to one person might be totally unnecessary or even rubbish to another. This is why there is a seemingly moral dilema in Life.
marsh8472
Posts: 54
Joined: Sun Oct 19, 2014 3:06 pm

Re: Decision making when infected with Ransomware

Post by marsh8472 »

ken wrote:
marsh8472 wrote:What's the right way people should respond if they are infected with ransomware?
Is there one 'right' way?

The decision making process is the exact same in all situations. In that a decision is made depended upon the specific situation and all of the variables involved. And, what one person would do another would not. Some things that are extremely valuable to one person might be totally unnecessary or even rubbish to another. This is why there is a seemingly moral dilema in Life.
Right that's the answer I'm finding online, each decision being unique to the victim. It would be nice if there were a rule of thumb though. We can list the variables involved for starters:

A=worth of time involved of restoring the data encrypted that can be replaced or restored with a backup recovery service
B=worth of data encrypted that cannot be restored without attackers help
C=ransom demand amount
D=estimated cost to society by meeting ransom demands
E=probability that attacker will follow through with the ransom agreement after receiving payment
F=probability that attacker will raise the ransom after being paid
G=multiplier for adjusting the importance of the cost to society relative to my own cost to meeting demands
H=estimated benefit to society by not meeting demands
I=multiplier for adjusting the importance of the benefit to society relate to my own benefits to not meeting demands
J=probability that attacker will not follow through with agreement and will not raise ransom
K=expected cost if ransom is raised

Let the Pay(all variables involved) function determine whether to pay at that point in theory..

Pay(variables involved)=if HI-B-A>E(-C-DG)+J(-B-A)+F*K then Don't pay otherwise pay
elma
Posts: 1
Joined: Mon Mar 27, 2017 6:09 pm

Re: Decision making when infected with Ransomware

Post by elma »

marsh8472 wrote:
ken wrote:
marsh8472 wrote:What's the right way people should respond if they are infected with ransomware?
Is there one 'right' way?

The decision making process is the exact same in all situations. In that a decision is made depended upon the specific situation and all of the variables involved. And, what one person would do another would not. Some things that are extremely valuable to one person might be totally unnecessary or even rubbish to another. This is why there is a seemingly moral dilema in Life.
Right that's the answer I'm finding online, each decision being unique to the victim. It would be nice if there were a rule of thumb though. We can list the variables involved for starters:

A=worth of time involved of restoring the data encrypted that can be replaced or restored with a backup recovery service
B=worth of data encrypted that cannot be restored without attackers help
C=ransom demand amount
D=estimated cost to society by meeting ransom demands
E=probability that attacker will follow through with the ransom agreement after receiving payment
F=probability that attacker will raise the ransom after being paid
G=multiplier for adjusting the importance of the cost to society relative to my own cost to meeting demands
H=estimated benefit to society by not meeting demands
I=multiplier for adjusting the importance of the benefit to society relate to my own benefits to not meeting demands
J=probability that attacker will not follow through with agreement and will not raise ransom
K=expected cost if ransom is raised

Let the Pay(all variables involved) function determine whether to pay at that point in theory..

Pay(variables involved)=if HI-B-A>E(-C-DG)+J(-B-A)+F*K then Don't pay otherwise pay
Nice theory! My Laptop is infected with Sage ransomware and I've chosen to copy all encrypted files to clean hard drive in hope that decryption tool will be released someday. As for me - paying hackers is a worth thing
Post Reply