RE: Ransomeware

[Nick FitzGerald <nick () virus-l demon co uk>]

Richard M. Smith wrote:

> I gave a security talk in NYC this past week and brought up this ransomeware
> virus.  Most people in the room hadn't heard of this kind of extortion
> scheme before.  The first question I was asked was how does the perp collect
> his $300 without being caught.

This doesn't take much to answer...

How do scammers working stolen identity and CC info profit from such 
without getting caught?  There are basically two ways -- simply sell 
the ID info (so, if caught, you are only guilty of generally 
significantly lesser crimes, or at least, in practice, crimes that 
generally receive significantly lesser sentences if ever caught and 
brought to trial), or use a (chain of) mule(s) to make the money trail 
much harder to follow (insist that at least one link in the chain does 
transfers via Western Union or old-fashioned spy-story "cold drop", and 
change mule trains often).


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.