Things Matt Wrote


In October of 2020, the Treasury Department issued a warning to domestic financial institutions that facilitating ransom payments on behalf of ransomware victims could be an Office of Foreign Asset Control (OFAC) violation. The warning noted that many ransomware attackers are seated in countries that are on the OFAC sanction list. These countries include North Korea, Russia, Ukraine, Iran, and Syria. Shortly after that warning was issued I published an article titled “Ransom and Rats” where I explained why law enforcement strongly discourages ransom payments. Paying the ransom perpetuates and broadens the crime by rewarding the bad guys for their criminal conduct. I likened the ransomware actors to the rats used by psychologist B.F. Skinner. If every time the rat hits the bar it gets food then it is going to keep hitting the bar. If ransomware actors continue to get paid they are going to keep spreading ransomware!

Of the classical criminological theories that can be applied to cyber-enabled crime, the Rational Choice Theory fits perfectly when applied to ransomware actors. The theory holds that people are free to choose their behavior and makes these choices based on the avoidance of pain and pursuit of pleasure. People choose to commit crime because it is in some way rewarding, either mentally, physically, or financially. Offenders will commit a crime when it is fun, satisfying, easy, and financially rewarding. Crime is discouraged through the fear of punishment. If offenders believe they will be identified, captured, and punished, they are less likely to engage in a given criminal activity. People consider the cost to benefit factors when deciding to commit a crime and act accordingly in their own best interest. They make a rational choice.

This is the basis of the current ransomware epidemic. Ransomware attacks are easy to facilitate, there is a low likelihood of identification or capture, and it is profitable. If you have no moral convictions prohibiting you from engaging in criminal activity there is no reason to not give ransomware a try. It is a rational choice.

Did I mention that ransomware attacks are profitable?


Bitcoin is surging with the price breaking the $28,000 price point this week. By all accounts, it will continue to rise through the new year. An Internet search yields dozens of explanations for this meteoric price increase but one of them, and probably the true reason, is rarely discussed. The current price of bitcoin is being driven not only by speculation but by crime.

Legitimate investors are purchasing Bitcoin for much the same reason you place your money in any investment instrument. You hope to sell your holdings at a price much higher than you paid for them thereby yielding a profit. Whether corporate stocks, artwork, real estate, or Pokeman cards, you hope to turn your money into more money as the price of the property you hold becomes more valuable over time. Digital currency is no different. People are purchasing bitcoin in the hopes of selling it at a later date for a much higher price than they paid for it.

The steep rise in Bitcoin price over the past few months has drawn the attention of the media. As people learn about the price increase they decide to enter the game and try to ride the rising tide to profitability. As more and more people buy the price continues to rise. As the price rises so does the media attention which brings more people into the game. It is a perfect example of the snowball effect.

But the real question should be, what spurred the initial increase in price from it's 2020 low price of $4900 in March?


Today is Black Friday, traditionally named because it was the day where retail sales altered merchant’s balance books from red to black. The Internet and the current Covid-19 crisis have effectively made this annual shopping festival nothing but symbolic. The true event will occur in three days with Cyber Monday. Most retailers, however, have already altered their business models and black Friday has become Cyber Black Friday blurring the lines between the two events.

I have previously written about RDDOS or Dedicated Denial of Service for Ransom. This is a double punch attack on Internet services that combines a traditional DDOS offensive with demand for payment to make it stop. What better time to launch such an attack than the days preceding the largest Internet sales event of the year?


There is no doubt that small and medium business owners are caught between the proverbial rock and a hard place when confronting a ransomware attack on their network. Unlike large businesses and expansive corporations, they are unlikely to have a dedicated security team. In fact, they are lucky to have a person there just to keep the Internet-connected and the printers online. A dedicated IT security person is an abstract luxury. And back-ups? John the Office Manager copied an excel spreadsheet of the client listing to a USB thumb drive a few months ago. It is on his desk. Or maybe his winter coat pocket.

It is completely understandable why any business leader chooses to pay the ransom payment. In most cases, they are out of options and desperate. Obviously, they wouldn’t pay thousands or hundreds of thousands of dollars if they had some alternative choice. But they don’t, so there they are.

In some cases, an insurance company is in the driver’s seat and they have analyzed the options down to an actuarial decimal point. The decision is calculated on a cost to benefit analysis based on dollars and cents not right or wrong, or what is best for the business or society.

Why is paying the ransom so bad? Why are law enforcement and security professionals so adamant that ransom demands never get satisfied if it’s a quick and easy fix that is in the best financial of the business?


I regularly speak to groups about cybercrime, or “Internet facilitated crime” for your industry elites that abhor the term cyber. I provide an example scenario where attackers utilize a dedicated denial of service (DDOS) attack to target small businesses. I classify it as a crime of extortion and explain how modern cyber-criminals use new technology to commit age-old crimes.

The scenario places a small independent florist at the mercy of a cyber attacker the week before St. Valentine's day. The floral shop's website is suddenly unreachable right at the most crucial time of the busiest week for a florist. A call to the website designer yields no results. Calls to website hosting provider add only more frustration from department transfers, language barriers, and offers for higher valued services that add more costs and “may” alleviate the problem.

After the site has been down for about 24 hours the first email arrives. An offer for help. From the devil himself, of course. The email tersely explains the website is under attack and it can stop for a one-time payment of 5 BTC. What is a BTC the panic shopkeeper thinks, and how the hell do I get some? The small business has little choice but to pay the ransom or lose even more by having the website offline during the busiest week of the year!