undefined | Better HN

0 pointsandersa2y ago0 comments

I don't understand how anyone would ever pay. There is nothing guaranteeing you the hackers actually destroy their copy of the data on payment, so they could just come back and ask you for another payment every few months.

Or are we really supposed to believe these criminals would follow some sort of made up honor code?

0 comments

Crosseye_Jack2y ago

You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).

However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

But there is another "maybe" to consider (OP did ask for a brief explanation so I didn't go into all possibilities), did they encrypt the data? If they did and entity no longer has access to it they then have two options 1) restore the data from backup (if they had them and can restore service in a reasonable amount of time) / write off any data loss 2) pay up for the keys.

google2341232y ago

Or… they do the extortion thing and then change the name of their group and go again without the untrustworthy baggage

setr2y ago

With no reputation, you’re presumably less likely to have victims pay up. You want to build reputation so you can get consistent profit from these extortions.

dest2y ago

Interesting game theory scenario

1 more reply

neffo2y ago

> However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

The hackers are the real victims here

shric2y ago

They have an incentive to uphold their end, otherwise they will never be able to extort someone else in the future.

andersaOP2y ago

Aren't they all anonymous, though? So they could just change their name for the next operation. Maybe all these groups are already the same people behind the scenes.

addaon2y ago

You're missing the incentives. They /could/ change their name each operation, but then, as you note, the target would have reduced motivation to actually pay. By keeping their name, and keeping their word, customers are more likely to pay in the future, because there's a history of good faith transactions. And, of course, a group that is relying on their reputation like this must police their trademark and prevent other groups from abusing it.

PLenz2y ago

"Good faith" is a difficult to grasp concept when concerning people who are holding your data for ransom

1 more reply

op00to2y ago

If the criminals get a reputation for dumping data after you pay, no one will pay anymore. It’s not honor, its customer service.

xvector2y ago

Their business model wouldn't work if they did a double random. It's not an honor code but a common sense code.

google2341232y ago

Which is why it should be illegal to pay them off

j / k navigate · click thread line to collapse

0 comments

Crosseye_Jack2y ago

You are completely right, they are criminals there is nothing stopping them from just dumping the data anyway (or launching another attack later down the road).

However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

google2341232y ago

Or… they do the extortion thing and then change the name of their group and go again without the untrustworthy baggage

setr2y ago

With no reputation, you’re presumably less likely to have victims pay up. You want to build reputation so you can get consistent profit from these extortions.

dest2y ago

Interesting game theory scenario

1 more reply

neffo2y ago

> However the hackers also want to get paid, as soon as they go back on their word no one else will ever pay them.

The hackers are the real victims here

shric2y ago

They have an incentive to uphold their end, otherwise they will never be able to extort someone else in the future.

andersaOP2y ago

Aren't they all anonymous, though? So they could just change their name for the next operation. Maybe all these groups are already the same people behind the scenes.

addaon2y ago

PLenz2y ago

"Good faith" is a difficult to grasp concept when concerning people who are holding your data for ransom

1 more reply

op00to2y ago

If the criminals get a reputation for dumping data after you pay, no one will pay anymore. It’s not honor, its customer service.

xvector2y ago

Their business model wouldn't work if they did a double random. It's not an honor code but a common sense code.

google2341232y ago

Which is why it should be illegal to pay them off

j / k navigate · click thread line to collapse