PSA: Don’t pay the bitcoin ransom.

A little birdy recently whispered in my ear, informing me that one of Edmonton’s four largest casinos was the present victim of a cryptolocker-type attack. The punchline being, whereas individual and small business ransom demands to this point have typically ranged in the 2-2.5 BTC range, this particular casino was asked to cough up… 100 BTC.

That’s no paltry sum, even if it’s “the cost of doing business” to the casino operator, but nor does paying it create any disincentive for the hard-drive-hostage-hackers not to come back again next year, if not next month, with the same trick, the same demands, and the same resulting payday. It’s not like the casino is going to use this event as a wake-up call or call to action. Aside from the fact that the casino could’ve readily afforded a still greater ransom sum – dependent on their computer systems for everything from security cameras to chip delivery verification as they are – the fact of the matter remains that they can’t intellectually afford to get off of Winbloze operating systems. This means that they will continue, without a shadow of a doubt, to be highly profitable targets for any and all comers.

The solution, of course, is to stop paying the Danegeldi and start using Linux. If the casino operators are shrewd enough to run a consistently profitable operation, they can surely calculate the cost of more secure software. One would think!

In the interim, high-profile and digitally ignorant (ie. Winbloze-dependent) operations, such as the aforementioned casinos, such as hospitals and airports and utility companies, are advised to make hourly back-ups of any and all programs and files, and furthermore to switch to their back-ups instead of paying the hackers, should any cryptolocker-type attacks be committed against them, which they assuredly will be in due course.

Unless your daughter is being ransomed and you just received her pinky finger in the mail, make back-ups of all your shit and tell the hackers to fuck off.

After all, the nation that pays it is lost!

___ ___ ___

  1. To quote Kipling :

    It is always a temptation to an armed and agile nation
    To call upon a neighbour and to say: —
    “We invaded you last night–we are quite prepared to fight,
    Unless you pay us cash to go away.”

    And that is called asking for Dane-geld,
    And the people who ask it explain
    That you’ve only to pay ‘em the Dane-geld
    And then you’ll get rid of the Dane!

    It is always a temptation for a rich and lazy nation,
    To puff and look important and to say: —
    “Though we know we should defeat you, we have not the time to meet you.
    We will therefore pay you cash to go away.”

    And that is called paying the Dane-geld;
    But we’ve proved it again and again,
    That if once you have paid him the Dane-geld
    You never get rid of the Dane.

    It is wrong to put temptation in the path of any nation,
    For fear they should succumb and go astray;
    So when you are requested to pay up or be molested,
    You will find it better policy to say: —

    “We never pay any-one Dane-geld,
    No matter how trifling the cost;
    For the end of that game is oppression and shame,
    And the nation that pays it is lost!”

    []

11 thoughts on “PSA: Don’t pay the bitcoin ransom.

  1. Donard Cuck says:

    “PSA”, am I reading reddit?

    I’d just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
    Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use.
    Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.

  2. jurov says:

    100BTC, if not more, is about yearly salary of sysadmin competent to properly manage their mess. If they actually find one. And managers generally despise paying so much for things that “should just work automatically” to these obnoxious nerds with their silly demands.

    Paying the ransoms instead has also the advantage that external entity can be blamed.

    • There’s little doubt that casinos and the like already have sysadmins on their payroll. The issue is that it’s typically industry-wide SOP to use a particular suite of software that inevitably comes packaged with the sort of festering, putrid wounds that attackers can smell a mile away. The sysadmins are there to keep things “running automatically,” but that presumes a closed environment.

      Unfortunately, while paying the ransom has the advantage of blaming an external entity, this blame is confined to unknown external entities, not known ones that can actually be changed. Maybe the solution is to run these business on a LAN exclusively, and not to connect to the outside web ?

  3. […] some trepidation,viii the new owner being an unknown quantity and the days of the Bitcoin scam far from over, I look forward to seeing what changes he makes. I certainly had a few in […]

  4. […] desire nothing more than the mercy and more importantly the attention of the active should come as no surprise. But hey, lotsa flotsam “whent too unavericity” and now think themselves some measure […]

  5. […] has now branched off into the wonderful world of spamming. I’m sure I’ll be receiving a ransom notice from them any day now. […]

  6. […] time he needed some it was for ransomware, I figured it was the same again this time but… nope. Personal use finally rose to the […]

  7. […] you know. 26. The layman’s guide to salvaging bitcoins in the era of Chicom miner monopoly. 27. PSA: Don’t pay the bitcoin ransom. 28. From the scammer files: Anthony Di Iorio. 29. The Bitcoin Life Insurance policy. […]

  8. […] requires just a weeee bit too much trust, honestly, which is why it generally doesn’t do to pay the ransomware. […]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>