»Come to the dark side! We have radical insurance groups & ransomware.«
2018-10-16, 09:30–10:15, Europe

Ransomware is a volume crime, and one that is very quantifiable. Cyber insurance likes the quantifiable risks, with a large body of actuarial data, to be confident about sustainably financing solutions. However, those profiteering gluttons always try to turn a profit! How much profit?

To find out, we would need to see what a not-for-profit model of ransomware looked like. So, we tried to imagine one and fill in the values.

Come, see how an economic model can be built from real-world data on ransomware!

Or, if the talk doesn't interest you, enjoy the Italo Calvino-Storm Trooper Wordcloud.

Ankit is young, talented, and diligent. Eireann is old, tired, and skeptical.

They worked on the same subjects independently, until a chance MISP correlation brought them together to collaborate on spreadsheets, risk, ransomware, forensic accounting, and other action movie adventures.

Ransomware was analysed at scale, by different people with different backgrounds. The focus was on the monetisation vectors, and how to estimate the cost to society. So, this time, the reverse engineers tried to view it as a risk and fiscal problem, and took the time to document the economics meticulously. They tried to figure out the maximum and minimum each strand of ransomware could have made, and what it did earn. They tried to figure out how to fund a ransomware team at low or zero cost to the ransomware victim (a la Richard Clayton's 'Might Gov't clean up malware').

If ransomware is approached as a societal problem instead of a technical one, it becomes much easier to imagine solutions. Some of those solutions turn out to be surprisingly viable. Do we understand enough about the ransomware economics ecosystem? Does engaging diverse and multidisciplinary teams advances the world of forensics and DFIR?

Don't come to this talk if you think insurance is about capitalism. Go see a different talk, if you think ransomware is a code problem. Come to this talk if you want to think about how to fund anti-ransomware operations for your organisation or the world.

Trigger Warning: There will be liberal equations in this presentation. We encourage you to use maths responsibly.