Show Transcript

Say Hello to My Little Friend

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown f[AA1] or November 12, 2021. Our podcast is possible thanks to support from Experian. Each week, we look at the most recent events and trends related to data security and privacy. This week we explore a theoretical question: which would you rather be – a drug trafficker in 1992 or one of the ransomware operators in 2021. Don’t answer just yet because we are going to do the math.

Crime in the popular culture of the 1980s and early 1990s was fueled by the cocaine trade. Crockett & Tubbs were cops running around Miami in flashy clothes and flashier cars while Al Pacino’s Tony Montana uttered the memorable catchphrase that gives us the title of today’s episode – Say Hello to my little friend.

In Scarface, as in the real world, a life of crime seemed glamorous until the shooting started. Sure, there was lots of money, but there were also some pretty serious downside risks too.

Advantages & Disadvantages of Being Drug Dealers

Coveware, the cybersecurity company specializing in ransomware recovery, has done us all a favor and compared the relative advantages and disadvantages of being a drug dealer in the early 1990s – before the rise of cybercrime – or one of the ransomware operators today.

Let’s start with our friend Tony Montana, a purveyor of the refined coca leaf.

You’re the boss and you demand your team meet certain key performance indicators (KPIs) that you use to manage the business.

Your base unit of product is the kilogram of cocaine, and you generate $60,000 for each “key” sold. That key costs you $5,000 to produce and prepare for sale, including marketing and distribution costs. That leaves you with a cool $55,000 in net profit for a margin of 91 percent. Not too bad, considering you are dealing in a cash business with no taxes.

However, there are downside risks to your upside potential. There is a 50/50 chance you’re going to be arrested and sent to prison. There is a 25 percent chance you will be killed in a hail of gunfire or by ingesting your own product. The barrier to entry is also very high since you will likely have to kill someone or several someone’s to take the top spot in your illegal pharma empire.

Advantages & Disadvantages of Being Ransomware Operators

Now, let’s look at the current crime wave sweeping the world – ransomware. You and your hoodie-wearing clan have a base unit of measurement of an attack against a company. That company may hold the data of many different companies or individuals that you hold hostage unless a ransom is paid. A single attack generates an average of $140,000 in late 2021, according to Coveware. However, the raw material cost is only $2,500. Your net income before paying your pirate’s share to your crew is $137,500, or a positive margin of 98 percent.

Like our fictional drug dealer, there are downsides to being ransomware operators. However, unlike our cocaine peddling friend, you only face a one (1) in 8,000 chance of going to jail. Your one in four chance of dying from lead poisoning as a drug dealer goes to zero, and your barrier to entry is limited only by your technical skills and a conscience.

I ask again, which would you rather be – a rich drug pusher under constant threat of arrest and death, or one of the filthy rich ransomware operators who, with decent skills and a safe harbor outside the U.S., can have a long career free from any serious threat of jail or early demise.

Findings Illustrate Why Cybercrimes Are on the Rise

This discussion is not intended to make light of the very serious issue of ransomware. Instead, it is to explain why cybercrimes are increasing and why ransomware operators (cybercriminals) launch direct attacks against businesses that indirectly impact individuals whose data becomes the hostage. It’s easy to get in the business, you can make scads of money, and generally speaking, no one shoots at you. 

Until we can find a way to disrupt this business model, Thomas Anderson – respectable citizen by day – the hacker Neo by night – will continue to be the role model for this generation of criminal kingpins.

Contact the ITRC

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for our sister podcast, the Fraudian Slip, when we talk about protecting yourself from the latest retail fraud scams this holiday season with Julie Ferguson of the Retail Merchants Council and ITRC CEO Eva Velasquez. Be sure to join us next time for another episode of the Weekly Breach Breakdown.