Wednesday, November 10, 2021

The Ransomware Guys Realize they Hacked the Wrong Person

 Matt Levine:

Ahahahahahahaha hahahahahaha hahahahaha:

In October, the infamous ransomware gang known as Conti released thousands of files stolen from the UK jewelry store Graff.

Now, the hackers would like the world to know that they regret their decision, perhaps in part because they released files belonging to very powerful people. …

“We found that our sample data was not properly reviewed before being uploaded to the blog,” the hackers wrote in an announcement published on Thursday. “Conti guarantees that any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review.”

“Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience,” the hackers added.

Imagine being a big-time ransomware hacker, thinking that you’re pretty tough, fancying yourself a master criminal, giving yourself an intimidating online alias, maybe even being able, in certain circumstances, to call down violence on your enemies, and then realizing one day that you’d accidentally hacked a guy who had a journalist kidnapped, tortured to death and then dismembered with a bone saw for criticizing him.

They are adding new compliance procedures to make sure this won’t happen again:

The hackers also said that other than publishing the data on their site, they did not sell it or trade, and that from now on they will “implement a more rigid data review process for any future operations.”

We have talked before about the compliance function at ransomware firms. If you run a legal company, you have a compliance department to make sure that you don’t do anything illegal, or at least, if your company is really big, to keep the illegality within acceptable limits. If you run a criminal gang, you have concerns that are different in degree but directionally similar: Your whole business is doing illegal things, sure, but you don’t want to do too many things that are too illegal. You want to do crimes that make you money, but not crimes that get you shut down. You want to steal information from rich people and extort money from them. But not Mohammed bin Salman! Good lord!

No comments: