To be fair to Jerry, we all have hare brained moments once in a while. I could imagine doing something like that over 7am coffee and immediately face-palming myself.

Your string theory video got recommended to me a week ago and I’ve been watching all your videos since. Your content is top notch and I hope your channel gets the audience it deserves!

In a ransomware attack, nobody's really stealing the data, they're just inconveniencing the victim then demanding extortion. Some people are lazy enough to pay to undo the inconvenience, which is a low-hit rate but also low-effort business. And sometimes the attacker gets lucky and scrambles the data for something really important at a really inconvenient time, like a hospital with digitized patient orders where people might die in the time it takes to undo the damage by hand. Those are pretty much the only times where people get paid for this.

"I get that some people make a living scamming people…landlords."

Security Engineer here, keeping some systems up for 99.99% of the time (not an exaggeration) is often in the service level agreements for large business to business companies. Randomware is not generally targeted when it’s pushed through things like phishing emails, so some groups will automate every step banking that a company or an individual does not have backups. Fault tolerance is quite hard when the systems get sufficiently complex which is why meemaw can get her photos back and have you reinstall her machine but a giant corporation might just have to suck it up and pay a ransom. It’s why we only started seeing ransomware after something like bitcoin was ubiquitous; before there was just not an easy way to get paid as a bad guy without getting caught.

A couple things worth mentioning: Ransomware payouts from big organizations tend to be massive, so even if a tiny percent of victims actually pay the ransom, that doesn't necessarily make it unprofitable. According to a quick Google search the average ransomware payout is almost a quarter million dollars; that's enough that you only really need one, maybe two payouts in an entire _year_ for it to be worthwhile, and the cost of hitting a lot of targets isn't really that high. WannaCry is also an interesting thing to mention, since that one is now known to have been created by a North Korean state-sponsored group. Even if the money they get helps them, in that case it's obvious that a major goal is just to be a pain in order to inconvenience other countries like the US. A lot of more prolific groups these days are either suspected or known to be state-sponsored, which is definitely something else to consider; maybe being a pain in the ass for random people _is_ really their main intent, as long as those people are from the wrong country.

"We'll just train our people not to click links in emails, Jerry!" Love it. Like many others, I found your channel recently and I've added it to my group of science education channels. ALSO, you mention in a couple of videos that you have a Patreon, and I'm not sure if I just can't find it, or if I fell for the joke.

Think back to when you were working on your PhD dissertation. Imagine a few days before you were planning to submit your dissertation, you got hit with a malware attack. Your dissertation and most of your data were encrypted. And the malware got most of your backups as well. The only backup you have is a month old offline backup on a flash drive. There's nothing they've locked up that you can't replace in time. But your dissertation is due in two days. You could turn in your dissertation late, or you could pay the $100 ransom, be done with it, and get your dissertation in on time. Which would you do? This is the type of person these ransomware attacks are targeting. They're looking for people who happen to have extremely time-critical data they can lock up. Or think of a company that is operating a big industrial facility like a big factory or oil refinery. If critical systems get locked up, that facility being down might cause the company millions of dollars for each day they're shut down. If your facility being down is costing your company $1000/minute, and the scammers only want $5000 to unlock it, you will pay that ransom. It's literally the most profitable option available to you. Ransomware economics are a lot like those of conventional spam. The vast majority of the people that will be infected either can't pay (lack funds or can't figure out how to buy bitcoin) or have no need to pay (all data is easily replaceable and not time critical.) But for every hundred individuals or organizations they infect, one of them will be unlucky enough to have extremely time-critical improperly backed up data encrypted (like the hypothetical grad student) or a large expensive operation made inoperable (like the large industrial operation.) And even for those unlucky few, the scammers don't ask for obscene amounts. They ask for a few hundred to a few thousand. Their goal isn't to ask the highest price they can; their goal is to make paying the ransom the cheapest or most time-efficient option available to you. Yes, the vast majority of people or organizations won't be those unlucky few. Maybe only 1 in 100 actually get infected; and only 1 in 100 have enough time-critical data for paying the ransom to be worth it. And so perhaps the scammers only have a 1 in 10,000 success rate. But again, that's just like spam. Very few people actually fall for spam scams, but if you can send millions of spam messages for a a few pennies, the costs become worthwhile. Maybe only 1 in 10,000 times will the ransomware scammers succeed, but if they can successfully target millions of people and institutions, it becomes profitable. And they can do that; they're not personally writing individual emails to target individual people. It's all highly automated. One person can send messages to millions of people and institutions. You might target 1 million people and only succeed with a hundred of them (1 in 10,000). But if you manage to get $300 on average from each of those people, that's still a $30,000 profit. That's a very fine annual wage in many countries (and near median for most developed countries.) You have to dig and process cubic meters of earth to get a single fleck of gold, yet people have been profitably mining gold since the dawn of civilization. A single raindrop has almost no gravitational potential energy in it; but if you can build a dam and capture cubic kilometers of raindrops, you can use their energy to power a nation.

I used to work at a cellphone store selling phones, plans, and doing small repair. The shear amount of meemaws who came in because they were ransomed into sending iTunes gift cards to people was staggering. Never underestimate how shitty people will be for meager amounts of money. Edit: and it's not about their pictures. In many cases seniors depend on a single iPad to pay their bills and other things that are difficult or impossible for them to now do in an analog manor. It's often the sole authenticator in 2FA, so often they lose access to every account they've ever had, permanently. And more and more medical devices like insulin pumps are starting require a paired Apple device to operate. Even without stolen credit cards or identity theft, it can seem like an existential threat to many seniors. It takes a lot of money and technical skill to replace bricked devices and accounts.

The point of most ransomware isn't how valuable your data is to sell to someone else, it's whether you will pay the thieves to get it back. Like a ransom kidnapping - there isn't a lively black market for your kid (Law & Order and conspiracy theories aside), but you're likely to be the most highly motivated customer to get your kid back. So the two questions are always: "is the encryption of the ransomware attack secure enough to foil recovery", to which the answer is usually "yes", and "is your data plus the risk of embarrassment (which may have a financial cost, too) worth more to you than the cost of either paying the thieves to unlock it, or regenerating it (if possible). I admit, I can't imagine public astronomy is a terribly lucrative target, but businesses often are even if their data is not really sellable to a third party - not having it may put them out of business. Just my read. Paying is often an extra risk, since you've put a target on yourself as an organization that has paid in the past, and thief always has the option of leaving critical files infected as time bombs to go off later on with no additional phishing required.

Let me give an example of a theoretically successful ransomware: I worked at a vehicle r&d company. We worked on high profile development jobs with weeks worth of simulation data which were extremely a) time sensitive b) very secret. If, through my computer a ransomware simply blocked data on our server, our project is delayed. "Why is it delayed?" - asks the customer. We'd reply "oh we are lame" or "oh we got hacked". We just lost the customer either way. We are talking about millions of dollars here. Data is nothing, but it is an aswer to a question: can we manufacture 10000 of this engine next month? If we give no answer in time, we are screwed.

so, I think you've got a misconception about what actually occurs in a ransomware attack, because in fact it's reasonably likely that the attackers never saw the data they were ransoming, and also never targeted the telescope specifically. Ransomware, at it's core, uses cryptography. The malware goes through every file on all of the systems it gets access to, and instead of deleting it, or attempting to send it all back over a small network connection to the attacker, it uses a cryptographic algorithm to scramble it reversibly with a key, and then deletes it's copy of the key, leaving only the attacker with knowledge of how to unscramble all of that data. So, if there was any data not backed up, or if the backups also got encrypted, this leaves the victim with two options: either pay the attacker, or accept that the data is lost forever. And there's many things this data could be. One is, like you mentioned, potentially observations of things that happened in the past, but this is actually probably not what was being targeted. Instead, they were probably hoping to hit proprietary software necessary to run a business, potentially a very profitable business, where every day of downtime caused by not having access to important software represents massive amounts of money. And that's the other thing: these attacks are not targeted. Mostly, the phishing emails that actually get people to install the ransomware (although it's worth noting that there are other ways to get ransomware onto a system) are sent by computers infected by a different kind of malware on mass to any email address they have on their list. The ransomware is probably designed to be able to exploit all the most common types of computers, and even if it wasn't, because it's so easy to make attacks like this it doesn't really matter whether or not it actually works every time. In the case of ALMA, they just happened to get a telescope.

When you mentioned 1:10 in a note that dust is very interesting in astronomy, it reminded me of Brian May (guitarist of Queen) finally finishing his astrophysics PhD in 2008 with the thesis titled "A Survey of Radial Velocities in the Zodiacal Dust Cloud".

Angela! I got so excited because I thought YOU hacked the telescope. I was a little let down but your story telling ability made up for it. You're the best!

I work as a software developer. A few years ago, a team other than mine got an email that basically said "we hacked your webcams and have compromising footage of you. Pay us and it won't get out. Here's a btc wallet address." This spread around the whole office bc it was obviously an empty threat and very funny. But also, like, btc transactions are public, you just look up the wallet address, so I checked it. The scammer was raking in thousands of dollars. They didn't even do anything, they just sent an email. Insane.

The hackers likely were not targeting the telescope - they just have a list of thousands (maybe millions) of e-mail addresses that they send these phishing e-mails to and then if a person clicks on the link it will encrypt all the data it can get access to (which if the computer is on a network without tight security controls may be a lot) and then demain a payment to get the data unencrypted. Given that it would typically cost a whole bunch of money to lose all the data for an organization - payment can be the cheaper option.

I think the thing that matters to companies for whether they pay the ransomware or not is less dependent on how important that data/systems are and more about how quickly they need that data/systems up and running. Because the company can eventually get their data/systems back, but probably not quickly. So it needs to cost them enough money to where they would save money to pay and use their systems right away, compared to waiting the month or 2 to get that data/system back. That's what happened to Colonial Pipeline, I think.

As someone who has taken a class on computer security at MIT I felt very attacked by your transitions 😅😅 But yeah fair point on this (we didn't cover ransomware in the class at all really, which ig tells you how much the professionals take this seriously)

I feel like I fall into multiple parts of your plot. I run Fortran physics simulations on supercomputers for my job, but I also don't think I'd know how to get something from a phone to a projector, and I definitely don't know how to bitcoin (though that last one is mostly intentional)... Admittedly I do know how to google, and all tech support is just googling "how to *" and skimming the first 6 stack exchange links... But still, conference room projectors are black magic as far as I'm concerned.

I'm an IT-professional, have a mandatory security training every year and it still takes a couple of seconds for me to recognize a scam AFTER I have clicked on dodgy link. The truth is, that everyone can fall for a scam. Including KZbinrs, so watch out.

They claim hardly anyone pays the ransoms, but they often do. They just keep it on the down low for a couple of reasons. Instead of embarrassingly announcing they paid the random, they'll say they defeated the hackers through sheer determination, plus the FBI wants to discourage hackers by making it seem like they never succeed. And it's true that if Meemaw's photo of you when you were 3 years old was stolen, you yourself are still safe. But memories have value. Sometime's that data can't be recreated. And even in cases where it could, it takes time... and time is money.

Hackers encrypt your data and sell it back to you. That's the point. There are a lot of hospitals, schools, public services etc that don't have budgets for proper IT services. They get hacked and pay ransom. Hospitals are especially good targets, if they don't pay their patient may suffer/die.

The statement about who falls for a scan I think is somewhat more complicated, because more technical users use computers so much more. Everyone can fall for a scam, they’re called “accidents”, not “on purposes”, and thinking that you’re too technical to fall for a scam is the first step in falling for a scam

Hey, your first new video since the algorithm showed me your videos and I bunge watched your whole channel and subscribed. Good title. I showed my 11 year olds the movie Hackers for the first time today. It is surprisingly accurate to the technology of the day, except for the visuals. Still holds up.

RE: Backups - Adversaries will always go after the backups, to delete them or modify them. The number of orgs that backup data correctly and securely (and test restoring data) are more rare than they should be.

Laughed harder than recent Last Week Tonight episodes (which usually make me want to cry after laughing). You're feeding all the endorphin rushes - intelligent content, science history, and "it's fine..." Brilliant! Keep it up!

Love your videos! My daughter is starting college as a freshman Chem major this fall. She’s determined to continue through to a PhD. I just wanted to say your First Generation Grad Student video answered a lot of questions for both of us. I got my BS going to night school and partly online. There are so many questions about traditional college I couldn’t answer initially, but we are figuring it out. Your video gave us some great info about grad school that I never could have answered in a million years. Thank you!

There are two main kids of those attacks, "normal" phishing is just thrown at the wall to see what sticks, because the chances aren't that bad to hit something important like business records or to just overwhelm people with shock and stress. Also often the "customer support" on how to get crypto is pretty good. Normally such operations don't target organisations like that, as I said they just throw it at the wall. Oh and the reason they are all from Russia is the legal protection, Russia only persecutes hacking of Russias and does not expedite to Western countries

RLM and you are the only channel who genuinely makes me crack out loud. Yes, Landlords are scammers. It's the same even here in the subcontinent. Man. Just don't stop making videos even if you post it after 3 to 4 months just don't stop and I am eagerly looking forward to your Halloween video this year.

It's worth mentioning that many organisations, although they have tech savvy people on board, may not have backups or ways to spin up systems again if they're wiped out. Ive been lucky enough to work as a software development consultant for the last 8 years, and honestly it is genuinely shocking how exposed companies can be under the guise of ALWAYS MOVE FORWARD! No time to stop and shore up security, test backups, pay tech debt, etc. I'd say 70% of the companies I worked for would have no choice but to pay ransomware, as it would be that or let the house of cards collapse, with no guarantee that theres enough money available to build it up again.

Sometimes these hacks can have motivations other than financial... "hacktivists" may just want to disrupt the target for various reasons. It can be as simple as bragging rights "just cuz" up to state-sponsored attacks. Most of the time, it is a financial motivation, but not always.

i’ve been binge watching your videos this week and i’m low key so inspired by you. really good work!!

The customer service aspect of ransomware always got me. There's gotta be 100s other scams you could run where you don't also need to have a dedicated customer service line where you teach meemaw all about bitcoin / monero so you can get that little sliver of crypto in your wallet.

Good luck and best wishes! Keep doing what you do so eloquently! I love watching your well deserved growth trajectory.

"I'm running this channel on tech, and data and science, and this is the second time buttplugs have come up." Never before have I thumbs uped a video so fast

I was shown your String Theory Lied to us and then i binged your whole channel in a week lol

In general companies and organizations currently have a huge issue with scaling cybersecurity programs and staffing them properly. Hopefully events such as this help push organizations to invest in their security more. As it is there hundreds of unfilled cybersecurity jobs. People need to take this stuff more seriously… as you mentioned I’m surprised this wasn’t a bigger news story.

To answer your question Ransomware attacks work best when they disrupt vital operations. When the U.S pipeline hack happened it was payed off because those systems NEEDED to be online Side Note: The Bitcoin thing is a meme even amongst Crypto currency that's not considered the most private and in fact the FBI tracked down the infrastructure hack

Ransomeware works because a surprising amount of especially small-medium sized companies have/had really shitty IT practices. Like the IT people have setup an NFS share that's remotely backed up and everything, but Jerry just saves all the important documents to the desktop of his computer. Restoring from backup can also cost more in disruption than the ransom. And finally, many groups reportedly offer secrecy about the breach if the ransom is payed, which can be attractive for a company that relies on having a reputation for being secure. Example: friend of mine works at a biotech company that suffered a ransomware attack, lots of data would have been lost because the employees didn't follow guidelines and they try to keep it under the radar.

It's because phishing scams are not directed. They are spammed out to email lists pretty randomly.

Ok I’m on my like 15th video of yours and you are just an absolute natural at this. Love the science, obvs, but also your manner of speech, sense of timing and whole persona. May you absolutely prosper as much as you want to at KZbin and literally no more than that much.

Dust is so interesting I've drapped my apartment in it.

There was a time in the 2010's where fortune 500 companies were buying bitcoin (and skimping on their insurance) so that in the event that they got ransomwared they could pay the ransom as quickly as possible. If you're a big company and you loose access to even 25% of your IT infrastructure that's a lot. Even if you have all the data, and it's just a matter of setting up the 25% computers again that's a ton of work. More work than your in house IT team can do quickly. God forbid you lose critical data or infrastructure in the attack... In these cases paying the ransom starts to see like an option. Like you mention though, ransomware is a volume game - Almost all cybercrime and fraud are. Unlike a phone scam though ransomware can be highly automated. All the instructions are in the ransomware. Also the Blackhat reference was amazing.

KZbin recommended me your mass video a few weeks ago and now I can't get enough of your content! Keep up the great work!

Binge watched nearly all your videos today after watching the String Theory vid. What a nice surprise to see a new one pop up at the end of the day. Keep up the good work!

"Some people make a living scamming, like the landlords" This channel is officially "based" like the kids would say. 10/10

Just found your channel as a fellow astrophysicist (graduate school) and I love your content. Keep doing what you're doing, this is some of the best content on youtube!

I have to say your science content is one of the most original and thought provoking there is, please never stop doing these videos!

I can listen you for hours on the topics I'd never thought be interesting to me. I started with the string theory video and now I'm like - OK the next one will bore me, TF I care about adjuncts at academia, and then I watch the whole thing, enjoy it and learn new stuff. You must be an absolutely amazing at teaching.

This type of hack can be a feather in the cap of a loser/immature hacker; trying to get kudos to a more master hacker or "the in crowd of hackers". ☮

glad I wasn't the only one who saw the computer room at Jerry Day Care as an alien cyber security worst case scenario worthy of its own episode.

Angela's "it's fine" should become my meditation mantra.

Sometimes it's better not to announce that you've been hacked. It gives validation to the hackers.

Others have covered most of what I wanted to say, but one thing I want to point out is that there's a bit of self-selection skewing the data, a bit. If a company gets hit by a ransomware attack, and opts not to pay the ransom, it usually becomes public knowledge, either because the company needs to explain why their service is down, or the hacker claims responsibility. But when a company gets hit by a ransomware attack, and then pays the ransom, most of the time the public never hears about it. While I'd expect that it is still more likely than not that a victim doesn't pay the ransom, I think it's important to remember that it's probably more common for the victim to pay than the available data would suggest.

Business interruptions can be very expensive. Recovering from it might take a while getting it even more expensive. Some might just pay to recover quickly, especially when ransom is orders of magnitude smaller.

6:42 "and now you have ALMA data" is a nice pun lol Also, two things: 1) The data may not be real, but the feelings some people have for them are. Falling for a scam really is a feeling thing, the goal of the scammer is to force you into irrational decisions. 2) Most, if not all, businesses have IT policies that dictate exactly what they will do if a ransomware invades their systems. It's not about things "making sense or not", it's just the policy. As a general rule of thumb, systems are instantly shut down, accesses are blocked and the ransom is never paid.

The delivery of 'or like landlords' was perfect.

Pretty sure one of the groups in my dept. got hit with a ransomware attack while I was a grad student. It was definitely something that could have easily been fixed if they had backed up. I don't think they actually paid - I don't think they even could legally use lab funds to pay a ransom because federal grants (another obvious problem with ransomware). Feels like the feeling of power that a loser gets from kicking over someone's sandcastle is the real objective. The very rare low-effort payout might just be a bonus

I absolutely love this channel! She's like Jenny Nicholson but astrophysicist! Or like Swell Entertainment except it's more like Infinite Expansion of the Universe Entertainment lol!

The lead up and delivery of “You’ve scammed memaw, she can’t see her grandchildren anymore” was honestly one of the funniest things I’ve ever heard

The biggest real targets are corporate entities and SMEs. We have several clients who have managed, through their terrible internal policies and incredible incompetence, to end up with ransomware on their ERP server, which to them is everything. Unless they have backups held outside that server (which they should, but some don't because of the previously mentioned policies and incompetence) then it is essential they recover the data, and spending a few thousand to recover it seems like the logical decision, versus losing essentially the whole business.

"someone got a phishing email, clicked--" "Oh oh" "Downloaded it" "Ok" "Werent suppose to" Its like poetry, it rhymes.

oh shit wasn't expecting a new vid so soon after discovering and binging this channel :o

As someone who works is the business: Ransomware attacks nowadays are targeted at organizations that have critical data, but are not tech-savvy enough to defend effectively. Hospitals are a good example: without the patient data available they are unable to work and at risk of liability (I mean, lives are at risk, after all). Or look at the company Evotec that had a ransomware attack and *didn't* pay. They lost their position in a stock index, which is a hugely expensive thing to happen (in terms of stock prices going down, "shareholder value", in other words). And the conclusion "nobody will pay ransom", while understandable, is wrong: in 2022 an estimated amount of $600 million have been paid in ransom. This is usually not publicized by the affected organizations, for obvious reasons, but even if only 5% of affected organizations pay, since it costs almost nothing to do the attack, it is an easy and almost risk-free way of making income. And "almost risk-free" it is, as well. Don't think the attackers sit in the US or Australia, or Western Europe. The known groups are mostly from Russia and North Korea. And they are usually either left alone for some percentage, or outright state actors - with all the sanctions, North Korea has to have a way of making money to advance their nuclear program, after all.😉

This video had me in hysterics. If every "genius, hacker, MIT" had been voiced individually it would have been perfect. Love your vids Angela.

We all hate KZbin algorithm and for a good reason. But sometimes it throws a real gem, such as this channel. Just as I got really tired of all these polished almost TV-quality shows by "independent" teams of ten people with minute-long promotion rolls within the video. It's nice to see there are still really independent creators who can build educational content with interesting narrative while being passionate, honest and moderately emotional. And it does not include a VPN ad as a bonus. Going to binge-watch the channel today.

Most ransomware does not steal data. It just encrypts the files on your disk. What you're paying for is the decryption key. Yes, if you have backups, the right response is to just wipe the machine and restore the data. Sometimes people don't have backups, or even worse, the backup gets corrupted by the ransomware. For most people this is not a real problem, but for some creators, it could result in significant impact to their livelihood.

Genius Hacker MIT Loved it! Great video! :D

So most likely they were just launching probing attacks against a number of organizations in a massively parallel way hoping that a small fraction of their successful hacks will actually pay the ransom. Possibility two is just that an0nymous just wants to troll because one persons cringe is another persons roflcopter.

Being lame may be intentional. In the Nigerian prince scam, it is definitely intentional: Scammers from other regions than Nigeria pretend they are from Nigeria. The point is to sort out everybody who can recognise a scam. Because the manual part starts later, and takes time. You want sort out people who would understand it is a scam before they pay.

I think the idea is that the malware could somehow impede the flow of business, costing the victim large amounts of money to deal with. They effectively hold your business at ransom, and if it’s costing you a bunch of profits per day it might make sense to pay up. Of course, that also seems like a bad idea because they are already in your system. Not sure why they would go for a scientific establishment.

I feel blessed to see this video tonight. I was really craving some snarky physics adjacent content :)

I'm an IT professional in the healthcare sector, with prior consulting experience with accounting and financial consulting clients. I'm afraid to say it, but some organizations actually do pay the ransoms. Not every organization, probably not even the majority of organizations, but enough that it's worth the effort of threat groups. There's a few reasons they might do this, but it basically boils down to a cost analysis. The main two reasons are a) the company's backup practices kinda suck and the value of the data is more than what the attacker is asking, or b) the ransomer exfiltrated data the company had a fidiuary duty to protect, and the estimated cost of lawsuits and/or lost revenue is more than what the attacker is asking to keep the data off of a name and shame website.

Not every business can recover from ransomware without paying. My father runs an IT business as an MSP (Managed Services Provider) for small businesses and one of clients he was working with got hit with a ransomware attack. They were a construction business, and the ransomware encrypted all their project files, marketing, contracts, and accounting data. Since they declined a backup solution, their only options were either to pay the ransom, or flat out close the business. Of course they paid. Some ransomware will also target backups. There is malware out there that will lay low and check for cloud backup software, steal credentials and then send a message to the backup servers to delete all backups. Also, a lot of business do backup really badly. You need to be regularly testing your backups to make sure your data is backed up properly, and that isn't trivial to do, so many businesses, particularly small ones, skip out on testing. Then when things go wrong, they discover that their backups aren't actually functional like they thought! It's also usually way cheaper to pay the ransom than not. Even restoring from backup can be expensive, especially for larger systems. Baltimore got hit with a ransomware attack asking for $76,000, and chose not to pay. It ultimately cost the city $18 million (!!) to recover.

you have this low key "world is burning, i don't care, give me coffee" energy that im 100% here for

The primary problem is how the cost to spam computers aggregates to zero. It's like cheap products that break - they sell enough until the word gets out to pay for the cost of production, and then profits trickle in from the ignorance that remains. Love the videos BTW - don't stop (or let it change you - that's difficult) - you're awesome.

The naming part I understand. Naming variables and files becomes hard as you continue writing scripts and programs

Needs more GENIUS HACKER MIT

Was the ALMA hack targeted at ALMA specifically? The hacker could have just bought a database of email addresses that included Jerry's and blasted out a bunch of emails with a hacked file that the hacker built using a tool the hacker bought from a malware website. Then when Jerry opened the file it took over whatever network he was on. As long as the hackers can send out enough emails to keep the lights on they will keep doing it. Looks like a lot of the people who know how do all that had to high tail it out of Russia recently and are still a little nervous about starting up again from their new digs because they are worried about being sent back to their homeland.

The answer is pretty simple. People pay the ransom because shutting down operations is expensive and private data can be valuable.

I think you're underestimating the depths of viciousness that malignant trolls descend to for its own sake. Which is kinda sweet.

love the videos. always interresting and informative. a look in the mind of an intelligent person and a scientist. i'm an IT dude with no education worth mentioning which makes it even more interresting. I bet you'll find out how ransomware works. Funny thing is what jerry did can happen to anyone: the mail is fabricated to look familiar and before you know it you clicked shit and you're like 'oh shit, hope that wasnt a hack'. Anyway, keep it up. edit: and funny

Hackers do not care what kind of data are there, only if there is data to be stolen, and if there is somebody wanting their data back. Yes, it is controversial opinion that data is not a real thing, because data is irreplaceable. One thing is if data was stolen, or if data is locked, or how important or valuable is the work product that data represents. And I am speaking here as a person who lost all my photos in hard drive failure, not ransomware. If It was a ransomware i would rather pay and keep my photos (around 50GB of photos, memories) but alas...

Speaking of Meema, the character Sheldon Cooper in the Big Bang Theory was one of my career bosses. It is so eerily similar in every context, in fact our group of four would pal around. We had the same group dynamics, and yes, I had a white board over my fireplace. My boss had all of the same idiosyncratic mannerisms, humor, sensibility, empathy, and humor but he had one additional behavior to his CV I won't mention. My boss, his boss, Kip Thorne.

One of the coolest real life stories I've ever followed was of the guy who stopped the WannaCry attack, he had been a hacker who wrote ransomware as a teenager, he got arrested by the FBI after he stopped the attack (and had become sort of a hero), it was a whole thing. One of the parts of the story that I remember is that for him crime literally didn't pay, when he went legit and got offered a regular legal job they offered him way way more than he had ever earned criminally.

I love this channel and your work. You're a serious breath of fresh air in KZbin science communication. Thank you so much!

A local medium sized car dealership chain paid their ransomware. A pretty big hospital network got hit and they were down for a long time. Few companies take security or backups seriously.

The thing with ransomware is this: it costs almost nothing for the ransomer to send out, so you don't need to have a high hit rate to make a lot of money. Also, a lot of them are in countries that have a MUCH lower standard of living than the US, so a few hundred bucks per successful ransomware is a good payout.

I just wanted to one up the dude who gave you $9.99. I also love the Meemaw lore, I was waiting for "and now Meemaw is out for vengeance". Awesome videos, keep it up!

I'm a cybersecurity engineer. Stealing the data for sale isn't usually the point. For instance, they didn't just steal the data, they stole the ability to operate ALMA or Chapters. What's 48 days of telescope time or bookstore sales worth? I'm not sure, but probably less than the ransom. People do pay, and in some cases their insurance company pays. However, there may be an incentive to not admit that you've paid. This keeps happening because it works often enough to make it worth it to scummy people. Imagine the data that was encrypted was your dissertation. Right before it was done or due. And it wasn't backed up. I imagine you'd be tempted to pay for the data.

The word "hacker" has a really interesting history. Originally it meant something like "tinkerer", and then in the 60s and 70s became associated a vaguely countercultural movement, focused on understanding and exploiting technical sustems. As computers became more central in the 80s and 90s, as computers became more central, there were more high-profile hacks for monetary gain. These quickly overtook the original meaning of the word "hacker", at least in popular understanding. The remnants of the former meaning are part of why "hacker" can still have a positive connotation in some contexts. In this view, someone spreading ransomware isn't a hacker.

I am a cybersecurity student and I had not heard of this breach. Thank you for sharing! often these events are not widely reported as the relevant organization is somewhat embarrassed by their security being compromised. Although the information is needed to prevent further attacks of a similar nature.

This was first in my list of recommended videos. The algorithm gods are blessing you, I feel like you're about to be famous. You deserve it.

"How often do ransomware scams work?" Very often. So much so that when it happens to the US GOV, their guidelines is to pay.

Infosec guy for the last two decades chiming in. Apologies up front, this is really long. A lot of these attacks are automated software bots and the equivalent of someone going up and down the street looking for unlocked doors and open windows. That’s not to say there aren’t any targeted attacks (if you absolutely have to get in, target the humans). Hospitals, banks and other data rich environments are targeted by all sorts of things, but the random person is usually collateral damage. From the ransomware developers perspective, selling reliable and effective software makes sense, especially when you’ve inserted backdoors in the ransomware and are getting a cut of any ‘ransoms’. This is part of the reason ransomware groups have been setting up call centers. They’ve literally molded it after the pop ups one gets when the license for whatever crappy A/V program people use has expired. Users have been trained to click on things and it’s not always easy to distinguish between an actual system alert/message and one created by an attacker. When they get into a network, or on a host, they’re are also looking for evidence of backups and will encrypt those as well. If you’re doing backups correctly, the ransomware might be a small blip in an otherwise productive day (lots of variables that can change this), but software is complicated and there’s often no single ‘correct way’ to do something. Every decision/tweak has risks associated with it and attackers, automated or otherwise, are trying to find and slip through those risks. Networks, and software (especially on the enterprise server side of things), has gotten so insanely complicated that it’s incredibly rare for a small group, let alone a single infosec person, to understand where all the data is flowing and how each segment is protected. This is even worse in legacy (i.e. hospitals, utilities, etc.) systems because nobody remembers all the quirks and people are, generally, really bad at keeping documentation accurate (especially when someone leaves that company). There’s a few papers on the profitability of spam (“Do Blog Spam Comments Actually Make Money?”) and it still ends up being a huge dollar figure even if hardly anyone takes/clicks the bait. When you’re sending out trillions of comments/messages, you only need a small percentage of victims to make money. Ransomware is pretty much the same way. They also try to make paying the ransom as frictionless as possible, that way people are more inclined to pay, just to get it over with (lots of interesting psychology at work). I’ve worked at places where being down for a day could easily cost hundreds of millions of dollars. Unfortunately, a lot of execs and board members don’t see the value in infosec until it’s far too late. They tend to think a “well run” company will never be ‘hacked’. Then tend to be surprised when you tell them it’s not a matter of if they can be hacked, it’s about how you respond/plan for when you are hacked.

Well, here is the thing. You mentioned heaters. I live on a boat and have a diesel (great for the environment) heater, and several months ago late at night right at the beginning of a snow period my heater stated shutting down and the connection the product’s server was unavailable. My heater (heats my water and the space) had failed? I bought another several days to install but learned when picking it up after explaining the experience they said that there had been an issue. Sure enough when I got home the server was up and my heater was working normally. Jerry in the US arm of this 5 billion dollar company had clicked an email, but the hackers loaded hacked data into the heaters all over Europe and the US. Remember the hack of Iran’s centrifuges? Same deal. Last week the same thing happened again, only it was fixed in half a day. But another example was from the guy on the boat opposite who is an IT guy was called in to assist to unravel a ransomeware hack of a Europe wide supplier of commercial cleaning products. This was a serious hack which nearly collapsed the company because every aspect of their business was compromised. What did the hackers get from this? Some speculation here, but it is believed the hacker acted for another company that was entering the market. So the hacker extracted the company’s customer list, the price list, the formulations (IP), the employee list, much more, and the Hacker’s contractor obtained a clear space to expand into the market. I have a real story from New Zealand of how this works in the small business world, computers or not. Why did they pick on my water heater?? Twice?

The threat to companies can be very real. Consider the situation with ALMA. The site is down for 48 days - that downtime *COSTS* *MONEY.* You have a lot of staff who are getting paid, and none of the normal work is being done. I have no idea how it works for an observatory, but let's say some hospital is shutdown for 30 days until they recover from a data breach. Not only are a lot of patients put in danger, but that's 30 days where the hospital has no income because the hospital is unable to conduct any business. Employees have to be paid, gas and electric has to be paid, all the loans they've taken out for building new hospital wings need to be paid, and yet there is zero money coming in. (and even if it is coming in, the hospital may have no way to use that money. It's not coming in as $100 bills, it's coming in *via* *computers* ). I don't want to write a more complete rundown of where all the dangers are, because it will very quickly sound like I'm just ranting. Let me just note that I work at a college which was hit by some outside-the-US attacker on the weekend before finals week in the spring semester. Given all your experience with working at colleges, just think of how disruptive it would be if on the *weekend* before finals, all computers on campus had to be completely shutdown for three weeks. All of them. All passwords on every single computer account on campus had to be locked, and every user needs to create a new password before we can let them access anything. A senior needs transcripts for the college they're going to for grad school? Not possible to do. Etc. But even with your example of someone attacking some grandmother, the attack can be more serious than losing photos of loved ones _(not just photos of _*_grandchildren,_*_ but photos off all loved ones - including people who died many years ago)._ The computer may also contain all the information the grandmother needs for all her bank accounts and social security, for instance. Even if the bad guys are unable to break-in to her accounts, the effort she will need to go through to clean up the mess can be *very* time-consuming and tedious. In any case, I've watched several of your videos in the last few weeks, and it's clear you put a lot of time into investigating the facts and presenting them in a way which makes a lot of sense. For me to provide that kind of well-done overview of the seriousness of ransomware would take me much too long. Certainly not something I can do a good job on in one night! However I will echo one of the comments you made: People and companies should *not* pay any ransomware unless the situation is such they really have no choice.

I don't know how this channel wound up on my suggested list, but I'm glad it did!

They might not be sophisticated, but the difference in damage you are imagining and the actual damage may be wider then you seem to know. And much of the damage and payouts is kept private for obvious reasons.

The hoodie thumbnail, spectacular!