| Most ransomware cases aren't targeted they are opportunistic, ransomware spreads like normal malware rather than some targeted "APT" operation. And while initially ransomware operators quite "solid" and for lack of a better word "trustworthy" the popularization of it lead to everyone and their mother writing ransomware in hopes to get a quick buck. In those cases you can't even rely on the encryption being recoverable because the malware it self is utter garbage and the criminals don't care or don't even have the technical skills to operate a full ransom cycle campaign. It's not uncommon to see even fairly fresh ransomware examples in the wild with dead BC wallet addresses, banned paypal, skrill (and other transaction providers accounts), incorrect routing numbers etc. This ins't 5-10 years ago where some ransomware would actually give you a voip phone-number/skype/email to call or mail and you would get to speak to some Russian or Malaysian guy give them the money and actually get a key to recover your data. Sure some ransomware operators still operate that way, some have more sophisticated automated systems with C&C servers but most figured it out that it doesn't matter because they are in it for the quick buck and well if you are going to commit a crime then what not fraud/scam your target in the same swoop. Ironically this reality lead to the more established organized crime organizations that employ ransomware to generate income to actively fight against the new waves of quick cash ransom scams because they need people to still have some trust in the fact that they can get their data back if they pay. |