Ransomeware and the Teamsters

The backlog of ransomeware attacks is coming to light, some from the pre-COVID19 era, including an attempted extortion of the International Brotherhood of Teamsters (IBT) on Labor Day in 2019.

Of course comments in the technical press is full of snickering about the notion that someone would try to extort an organization that many identify with corruption, but if you're stuck in that era, you're missing the point of why the IBT didn't pay.

Unlike the usual "don't encourage the terrorists/kidnapper/extortionists" mantra from the FBI, this time the IBT was encouraged to pay the $USD1.1M they negotiated. Maybe it was because the FBI already was planning on tracking the ransome demanders, contradicting the delusion that electronic currencies are somehow anonymous that some are just learning today.

Whatever the logic behind the FBI's advice, the real story here is that the IBT decided it was a better move to recreate the data held hostage than to pay. The IBT had a card up their sleeve that seems to be increasingly ignored or forgotten: the old methods of storage like file cabinets, are hard to remotely compromise.

It is easy to laugh at organizations that maintained acres and acres of paper files. They are dinosaurs in the face of an incoming comet or asteriod, waiting for extinction while the smart people (TM) were digitizes everything. Those smart people (TM) were saving storage and access costs, including in expensive real estate in places like New York City and Washington, DC.

But those smart people (TM) also raised their dependence on third parties, and data storage became increasingly abstracted from their control. Digitization initially meant moving from paper files to servers, then some 15 years ago it started to move from servers the Cloud. Most people still are unclear about what exactly this Cloud thing is but seem to rest easier since it's someone else's responsibility now, and an organization's IT staff aren't haunted by 3 AM pages about outages. It certainly seemed like a win, and most C-levels appreciate moving costs away from labor, "below-the-line", to "above the line" outsourced services. Healthcare benefits don't apply to service providers.

Yet behind every third party and the more abstracted services they provide is more surface area others can exploit. The trust granted to them means wasted file-cabinet dwelling real estate is freed up.

Most organizations under pressure from investors and competition opt for the cheap way, and don't think out the consequences. Maybe it's a very US-centric view, but that pressure is increasingly global.

Those alleged dinosaurs might not notice the incoming comet, but they also can sweat a lot less than the smart people (TM), who never imagined the potential costs of their assumptions.

The same logic applies to the extortionists. They imagined that electronic currencies were anonymous, and the retrieval of the Colonial Pipeline funds illustrated the funds were traceable.

Maybe the extortionists should have also learned the lesson that often the best antidote to a digital attack is analog. In their case it's called hard cash currency.

George is a co-founder and CTO of ClearOPS. By trade, George is a systems administrator out of BSD Unix land, with long-time involvement in privacy-enhancing technologies. By nature, he thrives in creating unorthodox solutions to ordinary problems.