To be fair to Jerry, we all have hare brained moments once in a while. I could imagine doing something like that over 7am coffee and immediately face-palming myself.

"I get that some people make a living scamming people…landlords."

In a ransomware attack, nobody's really stealing the data, they're just inconveniencing the victim then demanding extortion. Some people are lazy enough to pay to undo the inconvenience, which is a low-hit rate but also low-effort business. And sometimes the attacker gets lucky and scrambles the data for something really important at a really inconvenient time, like a hospital with digitized patient orders where people might die in the time it takes to undo the damage by hand. Those are pretty much the only times where people get paid for this.

Your string theory video got recommended to me a week ago and I’ve been watching all your videos since. Your content is top notch and I hope your channel gets the audience it deserves!

A couple things worth mentioning: Ransomware payouts from big organizations tend to be massive, so even if a tiny percent of victims actually pay the ransom, that doesn't necessarily make it unprofitable. According to a quick Google search the average ransomware payout is almost a quarter million dollars; that's enough that you only really need one, maybe two payouts in an entire _year_ for it to be worthwhile, and the cost of hitting a lot of targets isn't really that high. WannaCry is also an interesting thing to mention, since that one is now known to have been created by a North Korean state-sponsored group. Even if the money they get helps them, in that case it's obvious that a major goal is just to be a pain in order to inconvenience other countries like the US. A lot of more prolific groups these days are either suspected or known to be state-sponsored, which is definitely something else to consider; maybe being a pain in the ass for random people _is_ really their main intent, as long as those people are from the wrong country.

Security Engineer here, keeping some systems up for 99.99% of the time (not an exaggeration) is often in the service level agreements for large business to business companies. Randomware is not generally targeted when it’s pushed through things like phishing emails, so some groups will automate every step banking that a company or an individual does not have backups. Fault tolerance is quite hard when the systems get sufficiently complex which is why meemaw can get her photos back and have you reinstall her machine but a giant corporation might just have to suck it up and pay a ransom. It’s why we only started seeing ransomware after something like bitcoin was ubiquitous; before there was just not an easy way to get paid as a bad guy without getting caught.

Think back to when you were working on your PhD dissertation. Imagine a few days before you were planning to submit your dissertation, you got hit with a malware attack. Your dissertation and most of your data were encrypted. And the malware got most of your backups as well. The only backup you have is a month old offline backup on a flash drive. There's nothing they've locked up that you can't replace in time. But your dissertation is due in two days. You could turn in your dissertation late, or you could pay the $100 ransom, be done with it, and get your dissertation in on time. Which would you do? This is the type of person these ransomware attacks are targeting. They're looking for people who happen to have extremely time-critical data they can lock up. Or think of a company that is operating a big industrial facility like a big factory or oil refinery. If critical systems get locked up, that facility being down might cause the company millions of dollars for each day they're shut down. If your facility being down is costing your company $1000/minute, and the scammers only want $5000 to unlock it, you will pay that ransom. It's literally the most profitable option available to you. Ransomware economics are a lot like those of conventional spam. The vast majority of the people that will be infected either can't pay (lack funds or can't figure out how to buy bitcoin) or have no need to pay (all data is easily replaceable and not time critical.) But for every hundred individuals or organizations they infect, one of them will be unlucky enough to have extremely time-critical improperly backed up data encrypted (like the hypothetical grad student) or a large expensive operation made inoperable (like the large industrial operation.) And even for those unlucky few, the scammers don't ask for obscene amounts. They ask for a few hundred to a few thousand. Their goal isn't to ask the highest price they can; their goal is to make paying the ransom the cheapest or most time-efficient option available to you. Yes, the vast majority of people or organizations won't be those unlucky few. Maybe only 1 in 100 actually get infected; and only 1 in 100 have enough time-critical data for paying the ransom to be worth it. And so perhaps the scammers only have a 1 in 10,000 success rate. But again, that's just like spam. Very few people actually fall for spam scams, but if you can send millions of spam messages for a a few pennies, the costs become worthwhile. Maybe only 1 in 10,000 times will the ransomware scammers succeed, but if they can successfully target millions of people and institutions, it becomes profitable. And they can do that; they're not personally writing individual emails to target individual people. It's all highly automated. One person can send messages to millions of people and institutions. You might target 1 million people and only succeed with a hundred of them (1 in 10,000). But if you manage to get $300 on average from each of those people, that's still a $30,000 profit. That's a very fine annual wage in many countries (and near median for most developed countries.) You have to dig and process cubic meters of earth to get a single fleck of gold, yet people have been profitably mining gold since the dawn of civilization. A single raindrop has almost no gravitational potential energy in it; but if you can build a dam and capture cubic kilometers of raindrops, you can use their energy to power a nation.

I work as a software developer. A few years ago, a team other than mine got an email that basically said "we hacked your webcams and have compromising footage of you. Pay us and it won't get out. Here's a btc wallet address." This spread around the whole office bc it was obviously an empty threat and very funny. But also, like, btc transactions are public, you just look up the wallet address, so I checked it. The scammer was raking in thousands of dollars. They didn't even do anything, they just sent an email. Insane.

I used to work at a cellphone store selling phones, plans, and doing small repair. The shear amount of meemaws who came in because they were ransomed into sending iTunes gift cards to people was staggering. Never underestimate how shitty people will be for meager amounts of money. Edit: and it's not about their pictures. In many cases seniors depend on a single iPad to pay their bills and other things that are difficult or impossible for them to now do in an analog manor. It's often the sole authenticator in 2FA, so often they lose access to every account they've ever had, permanently. And more and more medical devices like insulin pumps are starting require a paired Apple device to operate. Even without stolen credit cards or identity theft, it can seem like an existential threat to many seniors. It takes a lot of money and technical skill to replace bricked devices and accounts.

The point of most ransomware isn't how valuable your data is to sell to someone else, it's whether you will pay the thieves to get it back. Like a ransom kidnapping - there isn't a lively black market for your kid (Law & Order and conspiracy theories aside), but you're likely to be the most highly motivated customer to get your kid back. So the two questions are always: "is the encryption of the ransomware attack secure enough to foil recovery", to which the answer is usually "yes", and "is your data plus the risk of embarrassment (which may have a financial cost, too) worth more to you than the cost of either paying the thieves to unlock it, or regenerating it (if possible). I admit, I can't imagine public astronomy is a terribly lucrative target, but businesses often are even if their data is not really sellable to a third party - not having it may put them out of business. Just my read. Paying is often an extra risk, since you've put a target on yourself as an organization that has paid in the past, and thief always has the option of leaving critical files infected as time bombs to go off later on with no additional phishing required.

When you mentioned 1:10 in a note that dust is very interesting in astronomy, it reminded me of Brian May (guitarist of Queen) finally finishing his astrophysics PhD in 2008 with the thesis titled "A Survey of Radial Velocities in the Zodiacal Dust Cloud".

"We'll just train our people not to click links in emails, Jerry!" Love it. Like many others, I found your channel recently and I've added it to my group of science education channels. ALSO, you mention in a couple of videos that you have a Patreon, and I'm not sure if I just can't find it, or if I fell for the joke.

Angela! I got so excited because I thought YOU hacked the telescope. I was a little let down but your story telling ability made up for it. You're the best!

Let me give an example of a theoretically successful ransomware: I worked at a vehicle r&d company. We worked on high profile development jobs with weeks worth of simulation data which were extremely a) time sensitive b) very secret. If, through my computer a ransomware simply blocked data on our server, our project is delayed. "Why is it delayed?" - asks the customer. We'd reply "oh we are lame" or "oh we got hacked". We just lost the customer either way. We are talking about millions of dollars here. Data is nothing, but it is an aswer to a question: can we manufacture 10000 of this engine next month? If we give no answer in time, we are screwed.

I think the thing that matters to companies for whether they pay the ransomware or not is less dependent on how important that data/systems are and more about how quickly they need that data/systems up and running. Because the company can eventually get their data/systems back, but probably not quickly. So it needs to cost them enough money to where they would save money to pay and use their systems right away, compared to waiting the month or 2 to get that data/system back. That's what happened to Colonial Pipeline, I think.

The hackers likely were not targeting the telescope - they just have a list of thousands (maybe millions) of e-mail addresses that they send these phishing e-mails to and then if a person clicks on the link it will encrypt all the data it can get access to (which if the computer is on a network without tight security controls may be a lot) and then demain a payment to get the data unencrypted. Given that it would typically cost a whole bunch of money to lose all the data for an organization - payment can be the cheaper option.

so, I think you've got a misconception about what actually occurs in a ransomware attack, because in fact it's reasonably likely that the attackers never saw the data they were ransoming, and also never targeted the telescope specifically. Ransomware, at it's core, uses cryptography. The malware goes through every file on all of the systems it gets access to, and instead of deleting it, or attempting to send it all back over a small network connection to the attacker, it uses a cryptographic algorithm to scramble it reversibly with a key, and then deletes it's copy of the key, leaving only the attacker with knowledge of how to unscramble all of that data. So, if there was any data not backed up, or if the backups also got encrypted, this leaves the victim with two options: either pay the attacker, or accept that the data is lost forever. And there's many things this data could be. One is, like you mentioned, potentially observations of things that happened in the past, but this is actually probably not what was being targeted. Instead, they were probably hoping to hit proprietary software necessary to run a business, potentially a very profitable business, where every day of downtime caused by not having access to important software represents massive amounts of money. And that's the other thing: these attacks are not targeted. Mostly, the phishing emails that actually get people to install the ransomware (although it's worth noting that there are other ways to get ransomware onto a system) are sent by computers infected by a different kind of malware on mass to any email address they have on their list. The ransomware is probably designed to be able to exploit all the most common types of computers, and even if it wasn't, because it's so easy to make attacks like this it doesn't really matter whether or not it actually works every time. In the case of ALMA, they just happened to get a telescope.

Laughed harder than recent Last Week Tonight episodes (which usually make me want to cry after laughing). You're feeding all the endorphin rushes - intelligent content, science history, and "it's fine..." Brilliant! Keep it up!

i’ve been binge watching your videos this week and i’m low key so inspired by you. really good work!!

Good luck and best wishes! Keep doing what you do so eloquently! I love watching your well deserved growth trajectory.

I'm an IT-professional, have a mandatory security training every year and it still takes a couple of seconds for me to recognize a scam AFTER I have clicked on dodgy link. The truth is, that everyone can fall for a scam. Including KZfaqrs, so watch out.

Dust is so interesting I've drapped my apartment in it.

The statement about who falls for a scan I think is somewhat more complicated, because more technical users use computers so much more. Everyone can fall for a scam, they’re called “accidents”, not “on purposes”, and thinking that you’re too technical to fall for a scam is the first step in falling for a scam

I feel like I fall into multiple parts of your plot. I run Fortran physics simulations on supercomputers for my job, but I also don't think I'd know how to get something from a phone to a projector, and I definitely don't know how to bitcoin (though that last one is mostly intentional)... Admittedly I do know how to google, and all tech support is just googling "how to *" and skimming the first 6 stack exchange links... But still, conference room projectors are black magic as far as I'm concerned.

Hey, your first new video since the algorithm showed me your videos and I bunge watched your whole channel and subscribed. Good title. I showed my 11 year olds the movie Hackers for the first time today. It is surprisingly accurate to the technology of the day, except for the visuals. Still holds up.

Love your videos! My daughter is starting college as a freshman Chem major this fall. She’s determined to continue through to a PhD. I just wanted to say your First Generation Grad Student video answered a lot of questions for both of us. I got my BS going to night school and partly online. There are so many questions about traditional college I couldn’t answer initially, but we are figuring it out. Your video gave us some great info about grad school that I never could have answered in a million years. Thank you!

KZfaq recommended me your mass video a few weeks ago and now I can't get enough of your content! Keep up the great work!

They claim hardly anyone pays the ransoms, but they often do. They just keep it on the down low for a couple of reasons. Instead of embarrassingly announcing they paid the random, they'll say they defeated the hackers through sheer determination, plus the FBI wants to discourage hackers by making it seem like they never succeed. And it's true that if Meemaw's photo of you when you were 3 years old was stolen, you yourself are still safe. But memories have value. Sometime's that data can't be recreated. And even in cases where it could, it takes time... and time is money.

Binge watched nearly all your videos today after watching the String Theory vid. What a nice surprise to see a new one pop up at the end of the day. Keep up the good work!

Hackers encrypt your data and sell it back to you. That's the point. There are a lot of hospitals, schools, public services etc that don't have budgets for proper IT services. They get hacked and pay ransom. Hospitals are especially good targets, if they don't pay their patient may suffer/die.

As someone who has taken a class on computer security at MIT I felt very attacked by your transitions 😅😅 But yeah fair point on this (we didn't cover ransomware in the class at all really, which ig tells you how much the professionals take this seriously)

I was shown your String Theory Lied to us and then i binged your whole channel in a week lol

Ok I’m on my like 15th video of yours and you are just an absolute natural at this. Love the science, obvs, but also your manner of speech, sense of timing and whole persona. May you absolutely prosper as much as you want to at KZfaq and literally no more than that much.

"I'm running this channel on tech, and data and science, and this is the second time buttplugs have come up." Never before have I thumbs uped a video so fast

The customer service aspect of ransomware always got me. There's gotta be 100s other scams you could run where you don't also need to have a dedicated customer service line where you teach meemaw all about bitcoin / monero so you can get that little sliver of crypto in your wallet.

I have to say your science content is one of the most original and thought provoking there is, please never stop doing these videos!

RE: Backups - Adversaries will always go after the backups, to delete them or modify them. The number of orgs that backup data correctly and securely (and test restoring data) are more rare than they should be.

Sometimes these hacks can have motivations other than financial... "hacktivists" may just want to disrupt the target for various reasons. It can be as simple as bragging rights "just cuz" up to state-sponsored attacks. Most of the time, it is a financial motivation, but not always.

I can listen you for hours on the topics I'd never thought be interesting to me. I started with the string theory video and now I'm like - OK the next one will bore me, TF I care about adjuncts at academia, and then I watch the whole thing, enjoy it and learn new stuff. You must be an absolutely amazing at teaching.

oh shit wasn't expecting a new vid so soon after discovering and binging this channel :o

Just found your channel as a fellow astrophysicist (graduate school) and I love your content. Keep doing what you're doing, this is some of the best content on youtube!

It's worth mentioning that many organisations, although they have tech savvy people on board, may not have backups or ways to spin up systems again if they're wiped out. Ive been lucky enough to work as a software development consultant for the last 8 years, and honestly it is genuinely shocking how exposed companies can be under the guise of ALWAYS MOVE FORWARD! No time to stop and shore up security, test backups, pay tech debt, etc. I'd say 70% of the companies I worked for would have no choice but to pay ransomware, as it would be that or let the house of cards collapse, with no guarantee that theres enough money available to build it up again.

I love this channel and your work. You're a serious breath of fresh air in KZfaq science communication. Thank you so much!

This channel is so refreshing. Thanks for the videos :)

Yet another new fan after yt pushed your videos, Love them! ❤

RLM and you are the only channel who genuinely makes me crack out loud. Yes, Landlords are scammers. It's the same even here in the subcontinent. Man. Just don't stop making videos even if you post it after 3 to 4 months just don't stop and I am eagerly looking forward to your Halloween video this year.

So glad your string theory vid got recommended to me, your content is amazing

It's because phishing scams are not directed. They are spammed out to email lists pretty randomly.

There are two main kids of those attacks, "normal" phishing is just thrown at the wall to see what sticks, because the chances aren't that bad to hit something important like business records or to just overwhelm people with shock and stress. Also often the "customer support" on how to get crypto is pretty good. Normally such operations don't target organisations like that, as I said they just throw it at the wall. Oh and the reason they are all from Russia is the legal protection, Russia only persecutes hacking of Russias and does not expedite to Western countries

I feel blessed to see this video tonight. I was really craving some snarky physics adjacent content :)

In general companies and organizations currently have a huge issue with scaling cybersecurity programs and staffing them properly. Hopefully events such as this help push organizations to invest in their security more. As it is there hundreds of unfilled cybersecurity jobs. People need to take this stuff more seriously… as you mentioned I’m surprised this wasn’t a bigger news story.

Angela's "it's fine" should become my meditation mantra.

I don't know how this channel wound up on my suggested list, but I'm glad it did!

I absolutely love this channel! She's like Jenny Nicholson but astrophysicist! Or like Swell Entertainment except it's more like Infinite Expansion of the Universe Entertainment lol!

Ransomeware works because a surprising amount of especially small-medium sized companies have/had really shitty IT practices. Like the IT people have setup an NFS share that's remotely backed up and everything, but Jerry just saves all the important documents to the desktop of his computer. Restoring from backup can also cost more in disruption than the ransom. And finally, many groups reportedly offer secrecy about the breach if the ransom is payed, which can be attractive for a company that relies on having a reputation for being secure. Example: friend of mine works at a biotech company that suffered a ransomware attack, lots of data would have been lost because the employees didn't follow guidelines and they try to keep it under the radar.

We all hate KZfaq algorithm and for a good reason. But sometimes it throws a real gem, such as this channel. Just as I got really tired of all these polished almost TV-quality shows by "independent" teams of ten people with minute-long promotion rolls within the video. It's nice to see there are still really independent creators who can build educational content with interesting narrative while being passionate, honest and moderately emotional. And it does not include a VPN ad as a bonus. Going to binge-watch the channel today.

Ransomware in the commercial space has always fascinated me because the solution is so simple and something that *should* be the basis of all IT operations. Like... Even if you have a business and you have even a single computer, you should have a backup. The problem is, having worked at every level of IT, NOBODY WANTS TO DO IT. Like, small businesses think it's too expensive to even buy an external hard drive that they plug in and back everything up to once a day. Big companies will often cobble together half-ass solutions to placate the grossly overburdened actual IT people, but often won't even allow them to properly test disaster recovery, so when they actually need it, it doesn't work. It's just wild... It's the most basic thing in IT - have backups, and make sure they work, and yet, I would bet it's the single biggest potential point of failure in the IT world. That's why these scams still exist, the odds of landing on someone who can't or won't do the most basic stuff are just too good.

The primary problem is how the cost to spam computers aggregates to zero. It's like cheap products that break - they sell enough until the word gets out to pay for the cost of production, and then profits trickle in from the ignorance that remains. Love the videos BTW - don't stop (or let it change you - that's difficult) - you're awesome.

"someone got a phishing email, clicked--" "Oh oh" "Downloaded it" "Ok" "Werent suppose to" Its like poetry, it rhymes.

I like to think you say buttplugs because you're actually a really good comedian with great timing. It's always unexpected and very funny

This was first in my list of recommended videos. The algorithm gods are blessing you, I feel like you're about to be famous. You deserve it.

Genius Hacker MIT Loved it! Great video! :D

Your data set presentation is the best tableau theme i have ever seen. I'm gonna update my presentation on TPS reports.

excellent! also the john oliver one! and it's nice to be included in your bell curve thingie, even if i'm at the wrong end.

glad I wasn't the only one who saw the computer room at Jerry Day Care as an alien cyber security worst case scenario worthy of its own episode.

To answer your question Ransomware attacks work best when they disrupt vital operations. When the U.S pipeline hack happened it was payed off because those systems NEEDED to be online Side Note: The Bitcoin thing is a meme even amongst Crypto currency that's not considered the most private and in fact the FBI tracked down the infrastructure hack

You made a lot of great points in this video. Great work, keep it up!

I just wanted to one up the dude who gave you $9.99. I also love the Meemaw lore, I was waiting for "and now Meemaw is out for vengeance". Awesome videos, keep it up!

This type of hack can be a feather in the cap of a loser/immature hacker; trying to get kudos to a more master hacker or "the in crowd of hackers". ☮

God, I cant get any work done today. Just keep watching your videos. Saw the thumbnail for this one. was like "Oh god, now I'm going to watch this one too" :P

I am a cybersecurity student and I had not heard of this breach. Thank you for sharing! often these events are not widely reported as the relevant organization is somewhat embarrassed by their security being compromised. Although the information is needed to prevent further attacks of a similar nature.

Love your lectures professor 😊

There was a time in the 2010's where fortune 500 companies were buying bitcoin (and skimping on their insurance) so that in the event that they got ransomwared they could pay the ransom as quickly as possible. If you're a big company and you loose access to even 25% of your IT infrastructure that's a lot. Even if you have all the data, and it's just a matter of setting up the 25% computers again that's a ton of work. More work than your in house IT team can do quickly. God forbid you lose critical data or infrastructure in the attack... In these cases paying the ransom starts to see like an option. Like you mention though, ransomware is a volume game - Almost all cybercrime and fraud are. Unlike a phone scam though ransomware can be highly automated. All the instructions are in the ransomware. Also the Blackhat reference was amazing.

love the videos. always interresting and informative. a look in the mind of an intelligent person and a scientist. i'm an IT dude with no education worth mentioning which makes it even more interresting. I bet you'll find out how ransomware works. Funny thing is what jerry did can happen to anyone: the mail is fabricated to look familiar and before you know it you clicked shit and you're like 'oh shit, hope that wasnt a hack'. Anyway, keep it up. edit: and funny

Sometimes it's better not to announce that you've been hacked. It gives validation to the hackers.

Wow I'm early. Looking forward to the video!

you have this low key "world is burning, i don't care, give me coffee" energy that im 100% here for

Business interruptions can be very expensive. Recovering from it might take a while getting it even more expensive. Some might just pay to recover quickly, especially when ransom is orders of magnitude smaller.

The hoodie thumbnail, spectacular!

Love the genius, hacket, MIT slides in between!

Others have covered most of what I wanted to say, but one thing I want to point out is that there's a bit of self-selection skewing the data, a bit. If a company gets hit by a ransomware attack, and opts not to pay the ransom, it usually becomes public knowledge, either because the company needs to explain why their service is down, or the hacker claims responsibility. But when a company gets hit by a ransomware attack, and then pays the ransom, most of the time the public never hears about it. While I'd expect that it is still more likely than not that a victim doesn't pay the ransom, I think it's important to remember that it's probably more common for the victim to pay than the available data would suggest.

The delivery of 'or like landlords' was perfect.

The lead up and delivery of “You’ve scammed memaw, she can’t see her grandchildren anymore” was honestly one of the funniest things I’ve ever heard

"It's so lame I 'WannaCry'" 😂 solid reference

"How often do ransomware scams work?" Very often. So much so that when it happens to the US GOV, their guidelines is to pay.

Loving your stuff!

Pretty sure one of the groups in my dept. got hit with a ransomware attack while I was a grad student. It was definitely something that could have easily been fixed if they had backed up. I don't think they actually paid - I don't think they even could legally use lab funds to pay a ransom because federal grants (another obvious problem with ransomware). Feels like the feeling of power that a loser gets from kicking over someone's sandcastle is the real objective. The very rare low-effort payout might just be a bonus

Completely loved the fact that you linked John Oliver.

Needs more GENIUS HACKER MIT

6:42 "and now you have ALMA data" is a nice pun lol Also, two things: 1) The data may not be real, but the feelings some people have for them are. Falling for a scam really is a feeling thing, the goal of the scammer is to force you into irrational decisions. 2) Most, if not all, businesses have IT policies that dictate exactly what they will do if a ransomware invades their systems. It's not about things "making sense or not", it's just the policy. As a general rule of thumb, systems are instantly shut down, accesses are blocked and the ransom is never paid.

I was half expecting you to say that all thousand papers were written by Avi Loeb

If the hacker could also get to the backups... the ransomware can make sense 😂 Love you channel bye!

10:18 Hey, hey, you're gonna upset the quantum information people.

“increasing technical skill…anyone who has used a terminal” I…totally forgot that’s not a thing that normal, sane people do. Thanks, you single handedly cured my imposter syndrome :’)

The naming part I understand. Naming variables and files becomes hard as you continue writing scripts and programs

So most likely they were just launching probing attacks against a number of organizations in a massively parallel way hoping that a small fraction of their successful hacks will actually pay the ransom. Possibility two is just that an0nymous just wants to troll because one persons cringe is another persons roflcopter.

The way you have like a mantra that you repeat at the beginning of every chapter is very Chuck Palahniuk 😄 Genius! Hacker! MIT!

Hey, off topic, but thoughts on Europa Clipper?

"Or like landords" killed me

I use terminal all the time but I've never run a powerpoint on a phone through a projector - unsure how worried I should be.