Why was this REvil attack different? Should businesses pay ransoms? Plus... is the NFT market in a bubble?
This week on the CoinMarketRecap podcast, Sophos security researcher Chester Wisniewski joined us to discuss REvil’s latest ransomware attack — and DappRadar’s Ian Kane talked us through the latest trends in the world of NFTs.
Here are 11 things we learned:
1. This Ransomware Attack Was Very Different
Chester explained that ransomware attacks have been traditionally done one break-in at a time — meaning that it’s very unusual for hundreds of companies scattered around the world to be affected in one go. He explained:
“We believe that upwards of 1,500 different businesses were impacted literally at the click of a mouse.”
2. The Attack Has Affected Everyday Consumers
Although the REvil attack appears to have caused “minimal damage” for U.S. businesses, the same can’t be said for other countries.
During the interview, Chester revealed that train networks and supermarkets were among the companies that saw their systems hit by the ransomware.
“Obviously these are things that everyday people are going to notice, and it has an impact on their lives.”
3. Victims Can Be Found Around the World
Sweden appears to have been especially affected by the ransomware attack, but Chester revealed that victims have also been identified in New Zealand, the U.K, Germany and the U.S. “Lots of countries were impacted,” he said.
4. Paying a Ransom is a Big Dilemma
Companies that pay ransomware demands help encourage cybercriminals to keep attacking victims — and cybersecurity professionals, the FBI, Europol and law enforcement agencies around the world are all in agreement that it’s a bad idea.
But as Chester explained during the interview, things can look very different from the perspective of a business that has been targeted — given how it can affect their employees and customers.
“You start getting a lot softer in your emotions toward whether someone should pay or not when you realize it literally could be a business-ending event for a smaller mid-sized business. In Sweden, people were literally not able to buy their groceries or get a train ticket.”
Given how the negative impacts of paying can be outweighed by the negative impacts on society, Chester said about 50% of ransomware victims pay up in his experience.
5. Paying Up Isn’t Easy
Assuming that a ransomware victim ends up coughing up Bitcoin or Monero to get their files back, they might not have a happy ending.
Chester revealed that just 8% of victims who paid got all their files back — and the typical victim only ends up getting 64% of their documents returned. He added:
“There’s some effort made by the crooks to make you whole and get you your files back, but it's often slow, complicated and unreliable.”
Victims also risk wearing a mark that shows they were willing to pay. In the U.K., some companies who settled ransomware demands ended up getting targeted a second time by another criminal group.
6. An Unusual Trick for Avoiding Ransomware
REvil appears to be Russia linked — and according to Chester, consumers and businesses could end up using this to their advantage.
He revealed that computer viruses actually check the computer for the keyboard’s language settings — and won’t infect the machine if it’s Cyrillic or Russian. This is probably to ensure that hackers don’t upset local law enforcement. He quipped:
“I guess as a defense, you could just set the language to Russian on all your computers. It would be rather inconvenient if you don't speak Russian, but it does mean you won't probably have a ransomware incident anytime soon.”
Of course, the most important thing for businesses is to rely on good prevention technologies.
7. The Full Extent of the Damage
Chester cited a recent Sophos survey of 5,400 businesses that revealed that it often costs 10 times the amount of ransom paid for a company to get back to normal after an attack — a painstaking process that can take many months.
8. NFTs Are in a ‘Growth Phrase’
Changing our focus to the NFT interview with DappRadar, and Ian Kane said he doesn’t believe that non-fungible tokens are in a bubble — in his view, the sector continues to be in a “growth phase.”
9. Consumer Tastes Are Changing
Although there has been a cooldown in popular collections and marketplaces such as NBA Top Shot, Ian explained that a number of new NFTs are starting to capture the public’s imagination — Bored Ape Yacht Club being one of them. He also revealed that there has been growing demand for lower-value NFTs — a far cry from Beeple and CryptoPunk tokens that have sold for millions of dollars.
9. Crypto Art is Down, Virtual Land is Up
Ian explained that popularity is especially increasing in virtual worlds that have been “slowly maturing for some time already” thanks to their long development roadmaps. He said:
“Decentraland really is a leading example of something like that. Crypto art does seem to be cooling down a little bit and also the high-end art side.”
10. High Ether Fees May Have Been a Good Thing
Although rising gas fees earlier this year did have an impact on Ethereum marketplaces, there may have been an unexpected silver lining.
Ian said the high costs associated with this blockchain “kind of got rid of the trash” from the NFT sector, adding:
“It stopped every Tom, Dick and Harry from listing their NFT that they just drew on the back of a napkin and took a chance on.”
11. NFTs Could Transform Gaming
One of the big problems associated with gaming right now is that expensive loot boxes can’t be sold on to other players — or taken to another game.
NFTs could change all of this, Ian said, giving us flexibility.
When asked whether the likes of Sony, Microsoft and Nintendo are exploring these opportunities, he said:
“Surely they can see the value in, for example, if they do allow you to shift on your items, they can always take a percentage of that. At the moment, they're steeped in tradition and the way that they do business and I'm sure they would be quite against the idea and they have all the users in their pockets. Do I think that will change? Yes, I do. Because it has to, because people will demand it to change.”