In some not-so-distant future dystopia, ransomware hackers will morph into a file encryption service w/ optional data exfiltration as a backup. Just don't stop paying the bill.
Or at least that's where we're headed if companies keep giving in to the ransom demands.
Blaming companies for paying a ransom is like blaming a ship captain for surrendering to a pirate on the high seas. It’s ransom or death. The captain’s nation wasn’t providing adequate security against piracy, another nation was condoning privateers. What do you expect them to do?
Or better yet, what happened with privateering amongst the nations in history? First each nation unleashed its own privateers, then they built up and deployed their own navies, and the countries that couldn’t keep up fell under a new Pax Romana aside from fits and struggles. Where are we in this process today?
RWaaS. It should come with indemnity against other ransomware hackers where your RWaaS provider will either provide you with backups &/or go after (negotiate, hack, or physically assault) the other hackers.
I'm tempted to clone my backups to an unsecure computer deliberately infected with ransomware that exfiltrates data so that I have a tertiary, albeit very expensive, offsite backup. At least if I could negotiate negligible maintenance payments with a balloon payment should I ever need to pursue file restoration.
But if REvil etc. are going to branch out like that, they really need to follow the traditional protection racket and engage in, let's say, aggressive counter measures with the potential for rapid bodily disassembly of any competitors that come along.
Or at least that's where we're headed if companies keep giving in to the ransom demands.