Ransomware: useful in more ways than one

There’s an interesting article over at Silicon Republic saying that Ransomware is the best problem that the security industry has had in decades.  There are a few things I don’t exactly love about this article — but there was enough of a seed there that I thought was useful to devote some time responding to it.

First of all, what I don’t like.  First, the article is a bit on the fluffy side.  No offense to them intended by that — it’s clear it’s not intended for a practitioner audience, so the level of detail is probably appropriate.  Second, the basic gist of it seems to be that 1) ransomware is good for infosec by virtue of the FUD it generates and 2) it’s so blatant that people can’t deny that there’s a problem. Yeah, both of those things are true.  It absolutely generates massive FUD, which does tend to get people (in the short term anyway) to take actions about stuff.  Maybe that’s not the best thing ever.  No reputable vendor or security practitioner will cultivate FUD to make a sale or to promote their own agenda, right?  But if that FUD comes from somewhere else?   And a practitioner can harness it to useful effect?  Well, I don’t love it but it’s probably the truth.

What I did absolutely respond to about this is that ransomware, at least in aggregate, is beneficial to the security industry beyond what was explicitly discussed in this article.  It’s true in at least one discrete, self-serving kind of way.  It’s also probably true in a broader, more altruistic-focused kind of way.

First, it’s of benefit in self-serving way because it helps to sell products.  The same way that the FUD helps get the interest level up for the profession as a whole, it also drives product sales.  Therefore, it brings in money to the professional space.  Is that a good thing?  Probably not.  But it’s the truth.

The more “altruistic” goal it serves is that it exposes issues that were there anyway and could have potentially been employed to some more subtle purpose somewhere else.  For example, the EternalBlue issue has been around for years – the US government had it and so did the Russians.  Yes, there are still some systems out there that are vulnerable to the issue, but I guarantee that there are a lot less of them now then there were before Petya and WannaCry.

So is it ultimately a good thing?  Maybe in some ways…  still stinks to go through it though.