I really enjoyed this book, but it may be largely due to my experience and interests. I was an FBI agent on the very first high-tech squad in Silicon Valley in the 1990s and I have a longtime interest in cryptography and computers. I was dismayed at the unflattering (but accurate) portrayal of the FBI and its response (or non-response) in the middle of the book. But I was pleased to see by the end that the FBI has upped its game and works well with the private sector to combat this scourge of ransomware.
The book is not a technical manual. It spends most of its time on the lives of the team members, the mostly young people who selflessly devote their time and talents to breaking ransomware or otherwise helping victims recover their encrypted files without paying ransom, or sometimes by helping to reduce the ransom through negotiation. The team who does this is an informal but real group, many of whom have never met the others, scattered around the western world. Their technical skills are formidable, but they are often socially somewhat inept, the stereotypical computer nerds from TV and movies. The reality is these people are heroes.
The ransomware business is more complicated than I’d imagined, and the book gives fascinating insights about it. I hadn’t realized, for example, that many American businesses profit from it. Insurance companies make money insuring against it and there are unethical companies who claim to help victim companies recover their files through their technical expertise and not pay ransom, but actually just pay the demanded ransom and charge the victim that amount plus a premium. The ransomers vary in geographic locale and in their conscience (e.g. not victimizing hospitals), but the worst of them are in Russia, Iran, or Belarus. Read the book to learn more.