← Back to context

Comment by jessriedel

10 years ago

> Paying ransom is never worth the long-term costs.

I am amazed about how many people are making this claim confidently in this thread. It's clearly wrong. Very, very often it's definitely worth the cost, because very often you will never see the same criminal again. Consider:

"Don't pay ransoms, because (1) you'll get extorted again once the criminal knows you're an easy mark and (2) if everyone always refuses to pay, criminals will have no incentives to try and extort."

versus

"Don't pay muggers, because (1) you'll get mugged again once the mugger knows you're an easy mark and (2) if everyone always refuses to pay muggers, muggers will have no incentive to mug."

Yes there are cases, like if you're the government, where you are very long-lived and your reputation is reliable such that having a stated, followed policy of not being extorted works. But for individuals, it's just not feasible most of the time. You probably won't see that mugger/extorter ever again, and it's very unlikely that most victims will refuse.

5 comments

jessriedel

Reply
jacquesm  10 years ago

Muggers are typically not going to come across the same victim twice and word does not spread that you are 'an easy mark'. So the advice to people being mugged is to simply give your stuff rather than to try to put up a fight.

But extortion is different than mugging. See, in extortion you have a perceived weakness other than that you fear for your life and that weakness has subscription possibilities, unlike mugging people. For instance one simple defence against muggers would be to have nothing on your person. Hard to mug you in that case. But since the ransom victim can't really change the nature of his business (short of removing themselves from being online) they will always be open to a replay.

Individuals are not the parties being extorted here, it's companies with some degree of success and visibility. I pretty much guarantee you that every larger entity online has either been prodded by extortionists or will be prodded in the near future. This is a very large business and everybody that pays makes it a bigger issue because of the perceived easy money drawing in ever more prospective extortionists.

Muggers != extortionists. Blackmailers are extortionists and they always come back until they get stopped through some other means (for instance the authorities) or until you tell them to do their worst.

In the case of one Dutch bank this led to intermittent outages over the course of several weeks but eventually they got things under control and there hasn't been a problem since. If on the other hand they had paid I'm pretty sure that they'd be paying a nice monthly protection fee. "It'd be a terrible thing if something happened to that nice website of yours.", it's just the same tactic as the mob employs against shops.

  • jessriedel  10 years ago

    How many of the people who pay these ransoms do you really think are hit again? Very, unlikely.

    • greyboy  10 years ago

      How can we even know the answer to that question?

      Additionally: How many of the people who do not pay these ransoms do you really think are hit again?

      2 replies →