Breach Fatigue.... On the Normalisation of Cybercrime...
Ransomwere, data breeches and digital extortion have become part and parcel of daily life online...
It can cost victims a fortune to clear up the mess caused by a hack - remember when hackers hit the British Library back in 2023 with ransomware, they shut down their systems, leaked sensitive data and cost the BL around £7 million!
Cybercrime today is mainly carried out by experienced gangs, often spread across different countries, and the criminals are organised like businesses: there are developers building ransomware, affiliates spreading it, negotiators handling the ransom talks, even customer support teams. Except these guys don't really offer a service, they peddle misery and chaos.
The Rise of Professionalised Cybercrime Response
So it's maybe unsruprising that a whole professionalising industry has developed protecting against digital crime: digital forensics teams, incident response consultants and even professional negotiators, to name just a few services out there!
Companies like NCC Group and others now have full-on incident response units. When an attack happens, forensic specialists dig in:
They investigate questions such as are the hackers still inside? How did they get in? What did they take? And they have professional negotiators to deal with the crims.
Officially, you’re not supposed to pay ransoms. But lots of companies do because the cost is simply lower than the money lost due to downtime.
And there's also the fact that people are so blaze about data breeches that it's rational for companies to pay up.....
The normalisation of cybercrime...
The problem with companies paying cyber criminals means that more cyber criminals are going to spring up, which is why it's ever-present....
I guess it's a cycle.... companies don't like to advertise it if they get hacked, customers don't really care enough to talk about it, so we just end up with this secretive set of institutions which deal with all of this quitly.
Of course there is some discernment....firms actually analyze which ransomware gangs settle for less, who actually gives you a working decryption key, and who leaks your data anyway. Paying a ransom isn’t a desperate move anymore—it’s just business math.
Final Thoughts...
Crime isn’t just causing chaos. It’s become its own shadow market.
his isn’t just an IT problem. It’s a commentary about how fragile our digital world really is.
Nobody’s safe. Libraries, hospitals, retailers, logistics companies—everyone’s a target. When their systems go down, it’s not a small hiccup. It messes with paychecks, supply chains, research, even healthcare. As more of our lives move online, the targets just keep growing.
For regular people, this whole “breach fatigue” is toxic. If we just shrug and accept that our data will leak eventually, we lose trust—not just in companies, but in the whole system.
I expect there are plenty of incidents we never hear about. We need systems that focus on security, but it can compromise usability. The systems I work on are not so exposed to the world, so it's less of an issue, but there's an arms race going on. A lot of the crooks may rent software that does the work for them and I expect AI is being used to find vulnerabilities or for social engineering. It's scary.
https://www.reddit.com/r/hacking/comments/1rltakw/ransomware_has_created_an_entire_industry_of/
This post has been shared on Reddit by @davideownzall through the HivePosh initiative.