You can't police the world.
I mean, it's just extortion. Nothing is being ransomed, you don't get something back and you can't really secure something already lost. It suffers from the same problems as other forms of extortion, namely that you can't really trust the other party to do what you want and really they have no incentive to do so.
Why not just offer a monthly subscription "service"?
Appeasement has never worked.
The only factor that matters is the adversaries residing in a jurisdiction with a lack of enforcement.
The only sustainable solution is to make crime no longer pay. Nothing else will work.
Basically making crime no longer pay best
And there's of course paths to pay without losing face, like hiring a negociator or a recovery firm that acts like a bridge for the money[0]. We came to accept that companies don't act ethically and will only maximize profit, yet the narrative is still stuck on that weird assumption they care about the future of society regarding ransomware.
[0] https://zendata.security/2025/07/08/ransomware-negotiator-sc...
The reason they didn't pay is because they conducted a cost benefit analysis and decided it's not worth it to them.
Don’t pay the ransom, hackers release a subset to the public for free, then sell the rest privately
Good on Quantas for not negotiating, bad on them for shit security.
they probably didnt feel that there was a threat, as privacy of their customer's data wasn't very high on their priority list - after all, they didnt secure that data very well in the first place leading to the stolen data!
Curious, what's the worst a bad actor do with name, email address, phone number and birth date?
> global data was stolen between April 2024 and September 2025 and includes personal and contact information of the companies’ customers and employees, including dates of birth, purchase histories and passport numbers.
which contradicts the previous statement
we'd like to think these scams are stupid but unfortunately they work
«Happy birthday! As a loyal Quantas customer, we would like to offer you a sneak peek of our upcoming Black Friday deals. Consider it a little birthday present from us.»
> “No company wants to see, you know, hundreds of thousands, or, millions of records of their customers just on the internet,” Kirk said. “That’s awful. It’s awful for the companies. It’s awful for the people affected.”
This reads to me like : "Well yeah sorry to our customers, but we're not taking a loss for our incompetance"
There's no winners here.
Workaccount2•4h ago
So all things that have likely been leaked 30 times already? Perhaps except the fly miles
amelius•4h ago
sidpatil•4h ago
ceejayoz•4h ago
dns_snek•3h ago
A system where they didn't get our address at all would be great but I think we would also need alternative payment providers that don't share any billing-related address information with the business.
atonse•3h ago
I suppose that’s still better cuz then it also creates a centralized point and resources for securing the database.
LPisGood•4h ago
I feel like if you have someone’s name, it’s not hard at all to find their birthday
esseph•3h ago