> The Hospital Group, which has a long list of celebrity endorsements, has confirmed the ransomware attack.
This isn't a ransomware attack, they're not encrypting the company's drives and demanding a ransom to unencrypt them. Not every "I hacked you now pay me or bad things happen" situation is ransomware.
Timpy :P, your understanding of Ransomware is different to Wikipedias:
> Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.
If this is the definition of ransomware then I was indeed incorrect. I understood ransomware to be "threatens to perpetually block access to data" only.
REvil is ransomware that locks you out but first exfiltrates your data. Then the attackers have 2 points of leverage, lock out which you may be able to circumvent with a safe backup process but that won't protect you from the release of your data. This gives the attacker 2 nites at the cherry when trying to convince you to pay.
Both "hacking" and stealing are illegal in most countries, but they're still completely different actions: one is taking a physical object from someone, the other is sending and receiving electrical pulses trough a wire.
You wouldn't call stealing and killing by the same word, either, even though both are illegal.
Since we're discussing word choices and definitions, I'd argue that it's not stealing either if the Hospital retained possession of the data. It might be better said that they "obtained without authorization" or "illegally obtained".
What makes "stealing" particularly bad is that the rightful owner no longer has possession of their property. That's not necessarily the case with data.
This sort of thing is why people need to stop thinking that the digital world is analogous to our analog one.
In digital, information wants to be free and many kinds of resources are effectively unlimited. There is no material scarcity. Therefore, theft, in the digital world, can't be the same as it is in our analog world.
To be fair, this also applies to copyright and peoples' foolish notion that they can protect data without a great amount of preventing otherwise normal "physiological" processes. (Ironically, rather than having a wake-up moment where people realize their folly, we've institutionalized these resource-scarcity regimes into resource-abundant versions in the digital world)
To summarize, info wants to be free, and since theft requires extra effort to deprive someone of what you stole, does that definition of theft really apply here? Or does it need to change given the context? And, as a secondary point, people like to think they can protect data but their brains are stuck in our analog, resource-scarce world
When companies started restoring from their (new and existing!) backups when hit by ransomware, the ransomware authors looked at what would impact their "clients" the most -- if preventing them getting access to their data wasn't enough to make them pay up, then exposing their data and turning it into a breach that results in regulatory action helps them commercialise their "access".
I think in a way, ransomware authors are following the "free market" approach, trying to best monetise their unauthorised access to other people's IT systems. Perhaps the prevalence of ransomware will eventually help businesses to properly cost in the risk of security to their business, and get their security in order, as there's a tangible cost threat?
If somebody breaks into a psychiatrist's office and threatens the release of embarrassing or sensitive data unless there's payment, isn't that just classic blackmail?
This thread is someone questioning calling it was a ransomware attack, it was one. Being a ransomeware attack doesn't preclude it from being blackmail, and I don't think anyone you replied to has questioned the morality of it...
What you are talking about are cryptolockers and they are a subset of ransomware. Not all ransomware are cryptolockers. In this case, ransomware exfilled the data without a need for cryptolockers. They are still asking for a ransom.
Ransom usually means, "I have some(one|thing) of yours, and if you want it back, you need to pay me."
Calling this "randomware" subtly blurs the line between copying and stealing. The attackers here didn't remove access to the data (clearly stealing), they made a copy (clearly a crime other than stealing, at least in my view).
They're not using cryptography, but aren't they demanding ransom? Is the use of cryptography an essential part of what it means for something to be ransomware, or is it merely a common implementation detail?
> They're not using cryptography, but aren't they demanding ransom?
No, a ransom is a fee paid for the release of something you value. Cryptography is one way to take a user's data, and release it back to them on payment.
This is blackmail. They want payment to not release something.
To me, ransomware attacks are specifically "the malware got in and turned all my data to mush; the attacker doesn't care about my data, just that I'll pay to un-mush it."
This is "the malware got in and sent copies back home; now home base is threatening release and expecting payment to prevent it." To me, this is blackmail done via hacking, not ransomware.
Fwiw, many actors doing the former are also doing the latter. If someone paid you once to unencrypt, presumably they'll pay you again to not disclose the data. The line between those two business models is pretty blurry.
They are demanding a ransom, but Ransomware has a commonly accepted definition which requires encrypting files and demanding payment to decrypt them. [0]
They are not demanding ransom. Ransom is (per Merriam Webster): "a consideration paid or demanded for the release of someone or something from captivity".
They copied the data, and they want money otherwise they will release it. It's ordinary blackmail.
The very first sentence of that link would include this under "ransomware"
> Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.
Against whom? Where is the profit mechanism? Are the hackers really prepared to track down every patient and try to blackmail them? It’s like the emails you get some times from hackers that have an old password of yours and threaten to release that video of you pleasuring yourself. Seriously?
This isn't a ransomware attack, they're not encrypting the company's drives and demanding a ransom to unencrypt them. Not every "I hacked you now pay me or bad things happen" situation is ransomware.