Tuesday , November 26, 2024

Security Notes: Ransomware: A Strategic Response

When two hackers share a beer, they lament the diminishing returns from hacked privteware, as they call it. “My clients get angry when I sell them private credentials of people that had been hacked before,” says one. “You cannot re-steal a Social Security number! Monetizing becomes a challenge.”

“So go ransomware!” his pal cheers him up. “Instant monetizing, safe, secure. You can build a solid business. Paying clients get their decryption key with utmost courtesy, along with detailed instructions, a help page, and, a ‘most-frequent questions’ log. Like an honorable business, you offer a warranty to your clients against re-attack for 90 days or a year. And, most intriguing, you can gauge the price to be just below the level of refusal and a report to the authorities. Some get creative, using two or three encryption keys and releasing them gradually only if the victim keeps quiet.”

Cyberspace is under a strategic attack that requires a strategic response. Alas, security companies ride on ransomware fears and tout their tools as “anti-ransomware,” while in fact the tools are just regular fences, walls, and filters of all sorts. Ransomware per se deserves head-on countermeasures.

Here’s a two-pronged strategy: core technology and digital payment vulnerability. From a technology point of view, the fundamental countermeasure to a ransomware attack is best captured in one word: rewind. That involves a built-in bitwise capability to run the clock back. A common back-up system may be regarded as a course-resolution rewind, and today it is the best one can do. However, a finer-resolution rewind would minimize any damage from a ransomware attack, and a complete bitwise rewind would put ransomware out of business.

Today, a new rewind technology is capable of bytewise rewind. Instead of erasing the data, one keeps the data around and marks it as “dead,” specifying “time of death.” When a crypto crawler garbles your data, you stop the clock and rewind. When the clock returns to a past point, the computer scans all its data and brings up every byte that was still alive at that time point, while keeping away every byte of data that was not yet born at that time point.

This process faithfully rebuilds your data as it was at a time before the attack. But it is memory-costly. Consider an account balance. Each time it changes, the old figure is not erased. It is preserved and assigned a “time of death.” The dead data builds up. Fortunately, memory is cheap and getting cheaper. Also, old history can be safely erased.

Ransomware flourishes because of cash-like digital payment. But distributed-ledger payments are definitely not cash transfers. The big difference: witnesses. I can pass to you a $100 bill in a process that involves me, you, and the banknote. If I do the same with Bitcoin, everyone knows about our transaction.

True, we transact while wearing masks, but masks can be ripped off. It is a matter of the community coming together to put the “scarlet letter”’ on accounts receiving ransom payments. A distributed ledger of shame will give pause to any recipient of money coming out of a condemned account.

Together, core technology and disabling the payment route are strategic responses to this threat that becomes ever more popular on account of its strategic advantages to the hackers.

When Alan Turing and John Von Neumann designed their computing machine in the first part of the 20th century, hacking was not on the horizon, and the machines they built reflected this innocence. It may be necessary to go to first principles to make cyberspace livable.

—By Gideon Samid, gideon@bitmint.com

Check Also

Discover’s Next Merger Steps and other Digital Transactions News briefs from 11/26/24

Discover Financial Services said it will file restatements of “certain prior period financial statements” and will …

Digital Transactions