[martey]

> Someone could create ransomware that will never decrypt, even after the ransom is paid.

This already exists: http://arstechnica.com/security/2016/07/posing-as-ransomware...

> "Once it executes it, it pops up a ransom message looking like any other ransomware," Earl Carter, security research engineer at Cisco Talos, told Ars. "But then what happens is it forces a reboot, and it just deletes all the files. It doesn't try to encrypt anything—it just deletes them all."

[djsumdog]

Makes me wonder if it's just buggy or intentional.

[nom]

Considering that the operators must actively keep the backend alive and support the users, it's more likely they abandoned it for whatever reason.

[happy-go-lucky]

In that case, the victims could refuse to pay ransom and the criminals will go out of business.

[JoeAltmaier]

But a virus has zero marginal cost. Even one guy paying and they make money.

[TeMPOraL]

They have to weigh in the risk of getting caught, especially if they piss off enough people. So one paying victim may not be enough for a criminal to go this route.

[majewsky]

They are probably located in a country where it is easy to bribe the policemen, and factor that into their cashflow calculation.

[jasonm23]

It really depends on how much noise/attention they attract.

Bribing one policeman or a department, or a national level LE body, and so on?

Due to the nature of the internet and social media there is an ever decreasing chance of flying under the radar.

Even if a country's entire infrastructure is corrupt, you would still have to deal with a never ending list of 'beaks to wet'.

[TeMPOraL]

Bribing a LEO seems to be a risky business - how risky depends on the conditions. If you're the only one bribing an officer, you'd better ensure you have that consistent cashflow. It's easier if everyone is bribing the police. But still, the moment you interact with law enforcement, you appear on their radar. It's always better to avoid that unless absolutely necessary.

> Due to the nature of the internet and social media there is an ever decreasing chance of flying under the radar.

I disagree with this statement though. I think that Internet as it is now only makes it easier to fly under the radar - simply because people generate such a huge amount of noise that it's barely possible to handle. As long as you don't get too greedy, you can get away with a lot, simply because nobody is going to bother looking for you (hence e.g. spam).

[EdHominem]

That's actually a bigger risk.

If there's no police protection for the victims there's also little police protection for the criminal.

If I were a ransomware scammer I'd rather be caught and jailed than killed by irate victims or competing criminals.