What the Kidnapping and Ransom Economy Teaches Us About Ransomware

Explore the parallels between ransomware and real-world kidnapping in this 47-minute conference talk from AppSec EU 2017. Delve into the economic dynamics of both industries, examining how cyber-criminals profit from selling data back to victims. Learn about the future trajectory of ransomware and discover effective strategies to combat this growing threat. Gain insights into topics such as high-seas piracy prevention, kidnapping and ransom insurance, and the advantages ransomware has over traditional kidnapping. Understand the professionalization of ransomware campaigns, the emergence of specialized negotiators, and the role of cyber-insurance. Acquire practical advice on protecting against ransomware, including proper backup procedures, system recovery techniques, and the importance of following cyber-insurer guidance.

Intro
JEREMIAH GROSSMAN CHIEF OF SECURITY STRATEGY WHAT THE KIDNAPPING & RANSOM ECONOMY TEACHES US ABOUT RANSOMWARE
HIGH-SEAS PIRACY PREVENTION Armed private security guards on board ships Shippers harden vessels or take evasive action A change in Somalla at national and local level Pre-emptive action by combined navies in the region Britney Spears
KIDNAPPING & RANSOM INSURANCE
ALL KIDNAPPING INSURANCE IS EITHER WRITTEN OR REINSURED AT LLOYD'S OF LONDON. WITHIN THE LLOYD'S MARKET. THERE ARE ABOUT 20 FIRMS (OR "SYNDICATES") COMPETING FOR BUSINESS. THEY ALL CONDUCT RESOLUTIONS ACCORDING TO CLEAR RULES. THE LLOYD'S CORP. CAN EXCLUDE ANY SYNDICATE THAT DEVIATES FROM THE ESTABLISHED PROTOCOL AND IMPOSES COSTS ON OTHERS. OUTSIDERS DO NOT HAVE THE NECESSARY INFORMATION TO PRICE KIDNAPPING INSURANCE CORRECTLY.
Ransomware requires far less upfront costs and logistics Ransomware is less risky for adversaries (attribution) Ransomware hostage (the data) is not a witness Ransomware scales Ransomware negotiation process is way faster Ransomware is easier to pay logistically (Bitcoin vs cash)
Ransomware campaigns increasingly professionalized and funded Emergence of professional ransomware negotiators Cyber-insurers require clients to keep ransomware policies secret Adversaries will increasingly target backup systems
Backups! Test your backups! (DO NOT destroy encrypted data) Fast system recovery via virtualization Patch, disable MS Office macros, etc Law enforcement investigate and arrest ransomware groups Formation of insurance "syndicates" for ransomware pricing (ie Lloyd's of London) Listen to your cyber-insurer (security guidance)