how to hack a telescope | ransomware sucks

To be fair to Jerry, we all have hare brained moments once in a while. I could imagine doing something like that over 7am coffee and immediately face-palming myself.

"I get that some people make a living scamming people…landlords."

In a ransomware attack, nobody's really stealing the data, they're just inconveniencing the victim then demanding extortion. Some people are lazy enough to pay to undo the inconvenience, which is a low-hit rate but also low-effort business. And sometimes the attacker gets lucky and scrambles the data for something really important at a really inconvenient time, like a hospital with digitized patient orders where people might die in the time it takes to undo the damage by hand. Those are pretty much the only times where people get paid for this.

Your string theory video got recommended to me a week ago and I’ve been watching all your videos since. Your content is top notch and I hope your channel gets the audience it deserves!

Security Engineer here, keeping some systems up for 99.99% of the time (not an exaggeration) is often in the service level agreements for large business to business companies. Randomware is not generally targeted when it’s pushed through things like phishing emails, so some groups will automate every step banking that a company or an individual does not have backups. Fault tolerance is quite hard when the systems get sufficiently complex which is why meemaw can get her photos back and have you reinstall her machine but a giant corporation might just have to suck it up and pay a ransom.
It’s why we only started seeing ransomware after something like bitcoin was ubiquitous; before there was just not an easy way to get paid as a bad guy without getting caught.

A couple things worth mentioning:
Ransomware payouts from big organizations tend to be massive, so even if a tiny percent of victims actually pay the ransom, that doesn't necessarily make it unprofitable. According to a quick Google search the average ransomware payout is almost a quarter million dollars; that's enough that you only really need one, maybe two payouts in an entire _year_ for it to be worthwhile, and the cost of hitting a lot of targets isn't really that high.
WannaCry is also an interesting thing to mention, since that one is now known to have been created by a North Korean state-sponsored group. Even if the money they get helps them, in that case it's obvious that a major goal is just to be a pain in order to inconvenience other countries like the US. A lot of more prolific groups these days are either suspected or known to be state-sponsored, which is definitely something else to consider; maybe being a pain in the ass for random people _is_ really their main intent, as long as those people are from the wrong country.

I work as a software developer. A few years ago, a team other than mine got an email that basically said "we hacked your webcams and have compromising footage of you. Pay us and it won't get out. Here's a btc wallet address." This spread around the whole office bc it was obviously an empty threat and very funny. But also, like, btc transactions are public, you just look up the wallet address, so I checked it. The scammer was raking in thousands of dollars. They didn't even do anything, they just sent an email. Insane.

Think back to when you were working on your PhD dissertation. Imagine a few days before you were planning to submit your dissertation, you got hit with a malware attack. Your dissertation and most of your data were encrypted. And the malware got most of your backups as well. The only backup you have is a month old offline backup on a flash drive. There's nothing they've locked up that you can't replace in time. But your dissertation is due in two days. You could turn in your dissertation late, or you could pay the $100 ransom, be done with it, and get your dissertation in on time. Which would you do?
This is the type of person these ransomware attacks are targeting. They're looking for people who happen to have extremely time-critical data they can lock up. Or think of a company that is operating a big industrial facility like a big factory or oil refinery. If critical systems get locked up, that facility being down might cause the company millions of dollars for each day they're shut down. If your facility being down is costing your company $1000/minute, and the scammers only want $5000 to unlock it, you will pay that ransom. It's literally the most profitable option available to you.
Ransomware economics are a lot like those of conventional spam. The vast majority of the people that will be infected either can't pay (lack funds or can't figure out how to buy bitcoin) or have no need to pay (all data is easily replaceable and not time critical.) But for every hundred individuals or organizations they infect, one of them will be unlucky enough to have extremely time-critical improperly backed up data encrypted (like the hypothetical grad student) or a large expensive operation made inoperable (like the large industrial operation.) And even for those unlucky few, the scammers don't ask for obscene amounts. They ask for a few hundred to a few thousand. Their goal isn't to ask the highest price they can; their goal is to make paying the ransom the cheapest or most time-efficient option available to you.
Yes, the vast majority of people or organizations won't be those unlucky few. Maybe only 1 in 100 actually get infected; and only 1 in 100 have enough time-critical data for paying the ransom to be worth it. And so perhaps the scammers only have a 1 in 10,000 success rate. But again, that's just like spam. Very few people actually fall for spam scams, but if you can send millions of spam messages for a a few pennies, the costs become worthwhile. Maybe only 1 in 10,000 times will the ransomware scammers succeed, but if they can successfully target millions of people and institutions, it becomes profitable. And they can do that; they're not personally writing individual emails to target individual people. It's all highly automated. One person can send messages to millions of people and institutions. You might target 1 million people and only succeed with a hundred of them (1 in 10,000). But if you manage to get $300 on average from each of those people, that's still a $30,000 profit. That's a very fine annual wage in many countries (and near median for most developed countries.)
You have to dig and process cubic meters of earth to get a single fleck of gold, yet people have been profitably mining gold since the dawn of civilization. A single raindrop has almost no gravitational potential energy in it; but if you can build a dam and capture cubic kilometers of raindrops, you can use their energy to power a nation.

"We'll just train our people not to click links in emails, Jerry!" Love it.
Like many others, I found your channel recently and I've added it to my group of science education channels.
ALSO, you mention in a couple of videos that you have a Patreon, and I'm not sure if I just can't find it, or if I fell for the joke.

Let me give an example of a theoretically successful ransomware: I worked at a vehicle r&d company. We worked on high profile development jobs with weeks worth of simulation data which were extremely a) time sensitive b) very secret. If, through my computer a ransomware simply blocked data on our server, our project is delayed. "Why is it delayed?" - asks the customer. We'd reply "oh we are lame" or "oh we got hacked". We just lost the customer either way. We are talking about millions of dollars here. Data is nothing, but it is an aswer to a question: can we manufacture 10000 of this engine next month? If we give no answer in time, we are screwed.

The point of most ransomware isn't how valuable your data is to sell to someone else, it's whether you will pay the thieves to get it back. Like a ransom kidnapping - there isn't a lively black market for your kid (Law & Order and conspiracy theories aside), but you're likely to be the most highly motivated customer to get your kid back. So the two questions are always: "is the encryption of the ransomware attack secure enough to foil recovery", to which the answer is usually "yes", and "is your data plus the risk of embarrassment (which may have a financial cost, too) worth more to you than the cost of either paying the thieves to unlock it, or regenerating it (if possible). I admit, I can't imagine public astronomy is a terribly lucrative target, but businesses often are even if their data is not really sellable to a third party - not having it may put them out of business. Just my read. Paying is often an extra risk, since you've put a target on yourself as an organization that has paid in the past, and thief always has the option of leaving critical files infected as time bombs to go off later on with no additional phishing required.

so, I think you've got a misconception about what actually occurs in a ransomware attack, because in fact it's reasonably likely that the attackers never saw the data they were ransoming, and also never targeted the telescope specifically. Ransomware, at it's core, uses cryptography. The malware goes through every file on all of the systems it gets access to, and instead of deleting it, or attempting to send it all back over a small network connection to the attacker, it uses a cryptographic algorithm to scramble it reversibly with a key, and then deletes it's copy of the key, leaving only the attacker with knowledge of how to unscramble all of that data. So, if there was any data not backed up, or if the backups also got encrypted, this leaves the victim with two options: either pay the attacker, or accept that the data is lost forever. And there's many things this data could be. One is, like you mentioned, potentially observations of things that happened in the past, but this is actually probably not what was being targeted. Instead, they were probably hoping to hit proprietary software necessary to run a business, potentially a very profitable business, where every day of downtime caused by not having access to important software represents massive amounts of money. And that's the other thing: these attacks are not targeted. Mostly, the phishing emails that actually get people to install the ransomware (although it's worth noting that there are other ways to get ransomware onto a system) are sent by computers infected by a different kind of malware on mass to any email address they have on their list. The ransomware is probably designed to be able to exploit all the most common types of computers, and even if it wasn't, because it's so easy to make attacks like this it doesn't really matter whether or not it actually works every time. In the case of ALMA, they just happened to get a telescope.

I used to work at a cellphone store selling phones, plans, and doing small repair. The shear amount of meemaws who came in because they were ransomed into sending iTunes gift cards to people was staggering. Never underestimate how shitty people will be for meager amounts of money.
Edit: and it's not about their pictures. In many cases seniors depend on a single iPad to pay their bills and other things that are difficult or impossible for them to now do in an analog manor. It's often the sole authenticator in 2FA, so often they lose access to every account they've ever had, permanently. And more and more medical devices like insulin pumps are starting require a paired Apple device to operate. Even without stolen credit cards or identity theft, it can seem like an existential threat to many seniors. It takes a lot of money and technical skill to replace bricked devices and accounts.

I'm an IT-professional, have a mandatory security training every year and it still takes a couple of seconds for me to recognize a scam AFTER I have clicked on dodgy link. The truth is, that everyone can fall for a scam. Including UA-camrs, so watch out.

When you mentioned 1:10 in a note that dust is very interesting in astronomy, it reminded me of Brian May (guitarist of Queen) finally finishing his astrophysics PhD in 2008 with the thesis titled "A Survey of Radial Velocities in the Zodiacal Dust Cloud".

Angela! I got so excited because I thought YOU hacked the telescope. I was a little let down but your story telling ability made up for it. You're the best!

The statement about who falls for a scan I think is somewhat more complicated, because more technical users use computers so much more. Everyone can fall for a scam, they’re called “accidents”, not “on purposes”, and thinking that you’re too technical to fall for a scam is the first step in falling for a scam

Dust is so interesting I've drapped my apartment in it.

I think the thing that matters to companies for whether they pay the ransomware or not is less dependent on how important that data/systems are and more about how quickly they need that data/systems up and running. Because the company can eventually get their data/systems back, but probably not quickly. So it needs to cost them enough money to where they would save money to pay and use their systems right away, compared to waiting the month or 2 to get that data/system back. That's what happened to Colonial Pipeline, I think.

The hackers likely were not targeting the telescope - they just have a list of thousands (maybe millions) of e-mail addresses that they send these phishing e-mails to and then if a person clicks on the link it will encrypt all the data it can get access to (which if the computer is on a network without tight security controls may be a lot) and then demain a payment to get the data unencrypted. Given that it would typically cost a whole bunch of money to lose all the data for an organization - payment can be the cheaper option.

Hey, your first new video since the algorithm showed me your videos and I bunge watched your whole channel and subscribed.
Good title. I showed my 11 year olds the movie Hackers for the first time today. It is surprisingly accurate to the technology of the day, except for the visuals. Still holds up.

Hackers encrypt your data and sell it back to you. That's the point. There are a lot of hospitals, schools, public services etc that don't have budgets for proper IT services. They get hacked and pay ransom. Hospitals are especially good targets, if they don't pay their patient may suffer/die.

I feel like I fall into multiple parts of your plot. I run Fortran physics simulations on supercomputers for my job, but I also don't think I'd know how to get something from a phone to a projector, and I definitely don't know how to bitcoin (though that last one is mostly intentional)... Admittedly I do know how to google, and all tech support is just googling "how to *" and skimming the first 6 stack exchange links... But still, conference room projectors are black magic as far as I'm concerned.

"I'm running this channel on tech, and data and science, and this is the second time buttplugs have come up." Never before have I thumbs uped a video so fast

Laughed harder than recent Last Week Tonight episodes (which usually make me want to cry after laughing). You're feeding all the endorphin rushes - intelligent content, science history, and "it's fine..." Brilliant! Keep it up!

They claim hardly anyone pays the ransoms, but they often do. They just keep it on the down low for a couple of reasons. Instead of embarrassingly announcing they paid the random, they'll say they defeated the hackers through sheer determination, plus the FBI wants to discourage hackers by making it seem like they never succeed. And it's true that if Meemaw's photo of you when you were 3 years old was stolen, you yourself are still safe. But memories have value. Sometime's that data can't be recreated. And even in cases where it could, it takes time... and time is money.

Good luck and best wishes! Keep doing what you do so eloquently! I love watching your well deserved growth trajectory.

As someone who has taken a class on computer security at MIT I felt very attacked by your transitions 😅😅
But yeah fair point on this (we didn't cover ransomware in the class at all really, which ig tells you how much the professionals take this seriously)

i’ve been binge watching your videos this week and i’m low key so inspired by you. really good work!!

Sometimes these hacks can have motivations other than financial... "hacktivists" may just want to disrupt the target for various reasons. It can be as simple as bragging rights "just cuz" up to state-sponsored attacks. Most of the time, it is a financial motivation, but not always.

RE: Backups - Adversaries will always go after the backups, to delete them or modify them. The number of orgs that backup data correctly and securely (and test restoring data) are more rare than they should be.

It's worth mentioning that many organisations, although they have tech savvy people on board, may not have backups or ways to spin up systems again if they're wiped out.
Ive been lucky enough to work as a software development consultant for the last 8 years, and honestly it is genuinely shocking how exposed companies can be under the guise of ALWAYS MOVE FORWARD! No time to stop and shore up security, test backups, pay tech debt, etc.
I'd say 70% of the companies I worked for would have no choice but to pay ransomware, as it would be that or let the house of cards collapse, with no guarantee that theres enough money available to build it up again.

I was shown your String Theory Lied to us and then i binged your whole channel in a week lol

RLM and you are the only channel who genuinely makes me crack out loud.
Yes, Landlords are scammers. It's the same even here in the subcontinent.
Man. Just don't stop making videos even if you post it after 3 to 4 months just don't stop and I am eagerly looking forward to your Halloween video this year.

The delivery of 'or like landlords' was perfect.

Love your videos! My daughter is starting college as a freshman Chem major this fall. She’s determined to continue through to a PhD. I just wanted to say your First Generation Grad Student video answered a lot of questions for both of us.
I got my BS going to night school and partly online. There are so many questions about traditional college I couldn’t answer initially, but we are figuring it out. Your video gave us some great info about grad school that I never could have answered in a million years. Thank you!

The customer service aspect of ransomware always got me. There's gotta be 100s other scams you could run where you don't also need to have a dedicated customer service line where you teach meemaw all about bitcoin / monero so you can get that little sliver of crypto in your wallet.

Genius
Hacker
MIT
Loved it! Great video! :D

Ransomeware works because a surprising amount of especially small-medium sized companies have/had really shitty IT practices. Like the IT people have setup an NFS share that's remotely backed up and everything, but Jerry just saves all the important documents to the desktop of his computer. Restoring from backup can also cost more in disruption than the ransom. And finally, many groups reportedly offer secrecy about the breach if the ransom is payed, which can be attractive for a company that relies on having a reputation for being secure. Example: friend of mine works at a biotech company that suffered a ransomware attack, lots of data would have been lost because the employees didn't follow guidelines and they try to keep it under the radar.

In general companies and organizations currently have a huge issue with scaling cybersecurity programs and staffing them properly. Hopefully events such as this help push organizations to invest in their security more. As it is there hundreds of unfilled cybersecurity jobs. People need to take this stuff more seriously… as you mentioned I’m surprised this wasn’t a bigger news story.

Angela's "it's fine" should become my meditation mantra.

To answer your question Ransomware attacks work best when they disrupt vital operations. When the U.S pipeline hack happened it was payed off because those systems NEEDED to be online
Side Note: The Bitcoin thing is a meme even amongst Crypto currency that's not considered the most private and in fact the FBI tracked down the infrastructure hack

There are two main kids of those attacks, "normal" phishing is just thrown at the wall to see what sticks, because the chances aren't that bad to hit something important like business records or to just overwhelm people with shock and stress. Also often the "customer support" on how to get crypto is pretty good.
Normally such operations don't target organisations like that, as I said they just throw it at the wall.
Oh and the reason they are all from Russia is the legal protection, Russia only persecutes hacking of Russias and does not expedite to Western countries

It's because phishing scams are not directed. They are spammed out to email lists pretty randomly.

Ransomware in the commercial space has always fascinated me because the solution is so simple and something that *should* be the basis of all IT operations. Like... Even if you have a business and you have even a single computer, you should have a backup.
The problem is, having worked at every level of IT, NOBODY WANTS TO DO IT. Like, small businesses think it's too expensive to even buy an external hard drive that they plug in and back everything up to once a day. Big companies will often cobble together half-ass solutions to placate the grossly overburdened actual IT people, but often won't even allow them to properly test disaster recovery, so when they actually need it, it doesn't work.
It's just wild... It's the most basic thing in IT - have backups, and make sure they work, and yet, I would bet it's the single biggest potential point of failure in the IT world. That's why these scams still exist, the odds of landing on someone who can't or won't do the most basic stuff are just too good.

Others have covered most of what I wanted to say, but one thing I want to point out is that there's a bit of self-selection skewing the data, a bit. If a company gets hit by a ransomware attack, and opts not to pay the ransom, it usually becomes public knowledge, either because the company needs to explain why their service is down, or the hacker claims responsibility. But when a company gets hit by a ransomware attack, and then pays the ransom, most of the time the public never hears about it. While I'd expect that it is still more likely than not that a victim doesn't pay the ransom, I think it's important to remember that it's probably more common for the victim to pay than the available data would suggest.

Anyone who does regular backups in secure locations is obviously safe. Ransomware works in the instances where that isn't the case. If their backups weren't properly gapped, and the worm spread to them and encrypted them, too, they'd probably pay the ransom, because it would be cheaper than the cost of collecting the lost data again, or going on without archival data which can't be reproduced. You can look into instances where universities have paid ransoms to get their data decrypted, too.
It's basically the price you pay for bad IT security. There are now ransomware conglomerates with decent custimer service, too. They'll work with you on payment plans, etc. It's a business to them. When they get in, they evaluate what they can ask for, and they'll typically shoot for just under what they think the data is worth, given the image of the company.

"someone got a phishing email, clicked--"
"Oh oh"
"Downloaded it"
"Ok"
"Werent suppose to"
Its like poetry, it rhymes.

Sometimes it's better not to announce that you've been hacked. It gives validation to the hackers.

The thing with ransomware is this: it costs almost nothing for the ransomer to send out, so you don't need to have a high hit rate to make a lot of money. Also, a lot of them are in countries that have a MUCH lower standard of living than the US, so a few hundred bucks per successful ransomware is a good payout.

"Some people make a living scamming, like the landlords"
This channel is officially "based" like the kids would say. 10/10

This type of hack can be a feather in the cap of a loser/immature hacker; trying to get kudos to a more master hacker or "the in crowd of hackers". ☮

"How often do ransomware scams work?" Very often. So much so that when it happens to the US GOV, their guidelines is to pay.

oh shit wasn't expecting a new vid so soon after discovering and binging this channel :o

Binge watched nearly all your videos today after watching the String Theory vid. What a nice surprise to see a new one pop up at the end of the day.
Keep up the good work!

There was a time in the 2010's where fortune 500 companies were buying bitcoin (and skimping on their insurance) so that in the event that they got ransomwared they could pay the ransom as quickly as possible.
If you're a big company and you loose access to even 25% of your IT infrastructure that's a lot. Even if you have all the data, and it's just a matter of setting up the 25% computers again that's a ton of work.
More work than your in house IT team can do quickly. God forbid you lose critical data or infrastructure in the attack... In these cases paying the ransom starts to see like an option.
Like you mention though, ransomware is a volume game - Almost all cybercrime and fraud are. Unlike a phone scam though ransomware can be highly automated. All the instructions are in the ransomware.
Also the Blackhat reference was amazing.

Infosec guy for the last two decades chiming in. Apologies up front, this is really long.
A lot of these attacks are automated software bots and the equivalent of someone going up and down the street looking for unlocked doors and open windows. That’s not to say there aren’t any targeted attacks (if you absolutely have to get in, target the humans). Hospitals, banks and other data rich environments are targeted by all sorts of things, but the random person is usually collateral damage.
From the ransomware developers perspective, selling reliable and effective software makes sense, especially when you’ve inserted backdoors in the ransomware and are getting a cut of any ‘ransoms’. This is part of the reason ransomware groups have been setting up call centers. They’ve literally molded it after the pop ups one gets when the license for whatever crappy A/V program people use has expired. Users have been trained to click on things and it’s not always easy to distinguish between an actual system alert/message and one created by an attacker.
When they get into a network, or on a host, they’re are also looking for evidence of backups and will encrypt those as well. If you’re doing backups correctly, the ransomware might be a small blip in an otherwise productive day (lots of variables that can change this), but software is complicated and there’s often no single ‘correct way’ to do something.
Every decision/tweak has risks associated with it and attackers, automated or otherwise, are trying to find and slip through those risks. Networks, and software (especially on the enterprise server side of things), has gotten so insanely complicated that it’s incredibly rare for a small group, let alone a single infosec person, to understand where all the data is flowing and how each segment is protected. This is even worse in legacy (i.e. hospitals, utilities, etc.) systems because nobody remembers all the quirks and people are, generally, really bad at keeping documentation accurate (especially when someone leaves that company).
There’s a few papers on the profitability of spam (“Do Blog Spam Comments Actually Make Money?”) and it still ends up being a huge dollar figure even if hardly anyone takes/clicks the bait. When you’re sending out trillions of comments/messages, you only need a small percentage of victims to make money. Ransomware is pretty much the same way.
They also try to make paying the ransom as frictionless as possible, that way people are more inclined to pay, just to get it over with (lots of interesting psychology at work).
I’ve worked at places where being down for a day could easily cost hundreds of millions of dollars. Unfortunately, a lot of execs and board members don’t see the value in infosec until it’s far too late. They tend to think a “well run” company will never be ‘hacked’. Then tend to be surprised when you tell them it’s not a matter of if they can be hacked, it’s about how you respond/plan for when you are hacked.

I think you're underestimating the depths of viciousness that malignant trolls descend to for its own sake.
Which is kinda sweet.

The lead up and delivery of “You’ve scammed memaw, she can’t see her grandchildren anymore” was honestly one of the funniest things I’ve ever heard

UA-cam recommended me your mass video a few weeks ago and now I can't get enough of your content! Keep up the great work!

Business interruptions can be very expensive. Recovering from it might take a while getting it even more expensive. Some might just pay to recover quickly, especially when ransom is orders of magnitude smaller.

Ok I’m on my like 15th video of yours and you are just an absolute natural at this. Love the science, obvs, but also your manner of speech, sense of timing and whole persona. May you absolutely prosper as much as you want to at UA-cam and literally no more than that much.

The answer is pretty simple. People pay the ransom because shutting down operations is expensive and private data can be valuable.

glad I wasn't the only one who saw the computer room at Jerry Day Care as an alien cyber security worst case scenario worthy of its own episode.

I have to say your science content is one of the most original and thought provoking there is, please never stop doing these videos!

“increasing technical skill…anyone who has used a terminal”
I…totally forgot that’s not a thing that normal, sane people do. Thanks, you single handedly cured my imposter syndrome :’)

Just found your channel as a fellow astrophysicist (graduate school) and I love your content. Keep doing what you're doing, this is some of the best content on youtube!

Being lame may be intentional. In the Nigerian prince scam, it is definitely intentional: Scammers from other regions than Nigeria pretend they are from Nigeria. The point is to sort out everybody who can recognise a scam. Because the manual part starts later, and takes time. You want sort out people who would understand it is a scam before they pay.

Pretty sure one of the groups in my dept. got hit with a ransomware attack while I was a grad student. It was definitely something that could have easily been fixed if they had backed up. I don't think they actually paid - I don't think they even could legally use lab funds to pay a ransom because federal grants (another obvious problem with ransomware).
Feels like the feeling of power that a loser gets from kicking over someone's sandcastle is the real objective. The very rare low-effort payout might just be a bonus

Was the ALMA hack targeted at ALMA specifically? The hacker could have just bought a database of email addresses that included Jerry's and blasted out a bunch of emails with a hacked file that the hacker built using a tool the hacker bought from a malware website. Then when Jerry opened the file it took over whatever network he was on. As long as the hackers can send out enough emails to keep the lights on they will keep doing it.
Looks like a lot of the people who know how do all that had to high tail it out of Russia recently and are still a little nervous about starting up again from their new digs because they are worried about being sent back to their homeland.

"really upset at Jerry" missed opportunity to have a picture of Tom 😂

"It's so lame I 'WannaCry'" 😂 solid reference

I absolutely love this channel! She's like Jenny Nicholson but astrophysicist! Or like Swell Entertainment except it's more like Infinite Expansion of the Universe Entertainment lol!

I can listen you for hours on the topics I'd never thought be interesting to me. I started with the string theory video and now I'm like - OK the next one will bore me, TF I care about adjuncts at academia, and then I watch the whole thing, enjoy it and learn new stuff. You must be an absolutely amazing at teaching.

Children can do this, and to them, it is absolutely HILARIOUS & thrilling, past the point of getting the high score in a game, and much more than dropping a water balloon on a car. When the combination of an elder sibling and much younger happen to have a social chemistry to put together a "scam" ... we get the digital equivalent of firecrackers in a crowd after somebody yells gun. We are adults, and misdiagnose these catastrophes as capitalism-driven adult-type themes. But they don't have to be, and probably usually aren't.
Remember being a kid? and remember the kids you knew growing up? ☮ 😀

6:42 "and now you have ALMA data" is a nice pun lol
Also, two things: 1) The data may not be real, but the feelings some people have for them are. Falling for a scam really is a feeling thing, the goal of the scammer is to force you into irrational decisions.
2) Most, if not all, businesses have IT policies that dictate exactly what they will do if a ransomware invades their systems. It's not about things "making sense or not", it's just the policy. As a general rule of thumb, systems are instantly shut down, accesses are blocked and the ransom is never paid.

I like to think you say buttplugs because you're actually a really good comedian with great timing. It's always unexpected and very funny

I'm an IT professional in the healthcare sector, with prior consulting experience with accounting and financial consulting clients. I'm afraid to say it, but some organizations actually do pay the ransoms. Not every organization, probably not even the majority of organizations, but enough that it's worth the effort of threat groups.
There's a few reasons they might do this, but it basically boils down to a cost analysis. The main two reasons are a) the company's backup practices kinda suck and the value of the data is more than what the attacker is asking, or b) the ransomer exfiltrated data the company had a fidiuary duty to protect, and the estimated cost of lawsuits and/or lost revenue is more than what the attacker is asking to keep the data off of a name and shame website.

Hackers do not care what kind of data are there, only if there is data to be stolen, and if there is somebody wanting their data back. Yes, it is controversial opinion that data is not a real thing, because data is irreplaceable. One thing is if data was stolen, or if data is locked, or how important or valuable is the work product that data represents. And I am speaking here as a person who lost all my photos in hard drive failure, not ransomware. If It was a ransomware i would rather pay and keep my photos (around 50GB of photos, memories) but alas...

Not every business can recover from ransomware without paying. My father runs an IT business as an MSP (Managed Services Provider) for small businesses and one of clients he was working with got hit with a ransomware attack. They were a construction business, and the ransomware encrypted all their project files, marketing, contracts, and accounting data. Since they declined a backup solution, their only options were either to pay the ransom, or flat out close the business. Of course they paid.
Some ransomware will also target backups. There is malware out there that will lay low and check for cloud backup software, steal credentials and then send a message to the backup servers to delete all backups. Also, a lot of business do backup really badly. You need to be regularly testing your backups to make sure your data is backed up properly, and that isn't trivial to do, so many businesses, particularly small ones, skip out on testing. Then when things go wrong, they discover that their backups aren't actually functional like they thought!
It's also usually way cheaper to pay the ransom than not. Even restoring from backup can be expensive, especially for larger systems. Baltimore got hit with a ransomware attack asking for $76,000, and chose not to pay. It ultimately cost the city $18 million (!!) to recover.

As someone who works is the business: Ransomware attacks nowadays are targeted at organizations that have critical data, but are not tech-savvy enough to defend effectively. Hospitals are a good example: without the patient data available they are unable to work and at risk of liability (I mean, lives are at risk, after all). Or look at the company Evotec that had a ransomware attack and *didn't* pay. They lost their position in a stock index, which is a hugely expensive thing to happen (in terms of stock prices going down, "shareholder value", in other words).
And the conclusion "nobody will pay ransom", while understandable, is wrong: in 2022 an estimated amount of $600 million have been paid in ransom. This is usually not publicized by the affected organizations, for obvious reasons, but even if only 5% of affected organizations pay, since it costs almost nothing to do the attack, it is an easy and almost risk-free way of making income.
And "almost risk-free" it is, as well. Don't think the attackers sit in the US or Australia, or Western Europe. The known groups are mostly from Russia and North Korea. And they are usually either left alone for some percentage, or outright state actors - with all the sanctions, North Korea has to have a way of making money to advance their nuclear program, after all.😉

12:46 “it’s so lame I WannaCry” is a bar. Excellent writing, if it’s written, amazing coincidence if it’s not.

"They're attacking your buttplugs" were not words that I was expecting to hear, today.

I was half expecting you to say that all thousand papers were written by Avi Loeb

you have this low key "world is burning, i don't care, give me coffee" energy that im 100% here for

I'm a cybersecurity engineer. Stealing the data for sale isn't usually the point. For instance, they didn't just steal the data, they stole the ability to operate ALMA or Chapters. What's 48 days of telescope time or bookstore sales worth? I'm not sure, but probably less than the ransom. People do pay, and in some cases their insurance company pays. However, there may be an incentive to not admit that you've paid. This keeps happening because it works often enough to make it worth it to scummy people.
Imagine the data that was encrypted was your dissertation. Right before it was done or due. And it wasn't backed up. I imagine you'd be tempted to pay for the data.

I feel blessed to see this video tonight. I was really craving some snarky physics adjacent content :)

love the videos. always interresting and informative. a look in the mind of an intelligent person and a scientist. i'm an IT dude with no education worth mentioning which makes it even more interresting. I bet you'll find out how ransomware works. Funny thing is what jerry did can happen to anyone: the mail is fabricated to look familiar and before you know it you clicked shit and you're like 'oh shit, hope that wasnt a hack'. Anyway, keep it up. edit: and funny

10:18 Hey, hey, you're gonna upset the quantum information people.

If you write a book and don't have a working backup and someone locks away your only copy of it: Sure, you might be able to write a new version of it, but it will take time and you might have forgotten a subplot or a bit of phrasing you remember liking and have a deadline with the publisher. Substitute book for any other job that involves creating documentation that is important to get right for the next stage in the process or digital photos of loved ones who are dead now. That's when people are more likely to pay the ransom.

Most ransomware does not steal data. It just encrypts the files on your disk. What you're paying for is the decryption key. Yes, if you have backups, the right response is to just wipe the machine and restore the data. Sometimes people don't have backups, or even worse, the backup gets corrupted by the ransomware. For most people this is not a real problem, but for some creators, it could result in significant impact to their livelihood.

I am a cybersecurity student and I had not heard of this breach. Thank you for sharing! often these events are not widely reported as the relevant organization is somewhat embarrassed by their security being compromised. Although the information is needed to prevent further attacks of a similar nature.

Well, here is the thing. You mentioned heaters. I live on a boat and have a diesel (great for the environment) heater, and several months ago late at night right at the beginning of a snow period my heater stated shutting down and the connection the product’s server was unavailable. My heater (heats my water and the space) had failed? I bought another several days to install but learned when picking it up after explaining the experience they said that there had been an issue. Sure enough when I got home the server was up and my heater was working normally. Jerry in the US arm of this 5 billion dollar company had clicked an email, but the hackers loaded hacked data into the heaters all over Europe and the US. Remember the hack of Iran’s centrifuges? Same deal. Last week the same thing happened again, only it was fixed in half a day.
But another example was from the guy on the boat opposite who is an IT guy was called in to assist to unravel a ransomeware hack of a Europe wide supplier of commercial cleaning products. This was a serious hack which nearly collapsed the company because every aspect of their business was compromised. What did the hackers get from this? Some speculation here, but it is believed the hacker acted for another company that was entering the market. So the hacker extracted the company’s customer list, the price list, the formulations (IP), the employee list, much more, and the Hacker’s contractor obtained a clear space to expand into the market.
I have a real story from New Zealand of how this works in the small business world, computers or not.
Why did they pick on my water heater?? Twice?

A local medium sized car dealership chain paid their ransomware. A pretty big hospital network got hit and they were down for a long time. Few companies take security or backups seriously.

Needs more GENIUS HACKER MIT

The Ashley Madison hack is an example of one that (in theory) managed to steal very sensitive user data. The target still didn't pay (or in that case, comply with shutting down their site), but that is a case in which the stolen data absolutely damaged the brand, as well as ruining marriages, causing suicides, etc.

So most likely they were just launching probing attacks against a number of organizations in a massively parallel way hoping that a small fraction of their successful hacks will actually pay the ransom. Possibility two is just that an0nymous just wants to troll because one persons cringe is another persons roflcopter.

For companies, it's just a money calculation. If restoring the backup costs more than the ransom demand, they're paying. There's no emotion involved.
The trick for the scammers is to find this balance, sniff out the maximum amount of money they can demand where the restoration is still more expensive.

Hi computer scientist here and yeah, the ransomware business model relies entirely on just how low-effort and low-risk any given attack is. I would recommend looking into the union protocol, it is extremely cool and extremely important for the general ecosystem of the internet (computerfile did a video on it back in the day). But it (by design) makes tracing specific actions impossible (that is, impossible while still respecting any privacy law worth having).

Completely loved the fact that you linked John Oliver.