Mr. Pat Larkin:

I would suspect – and this is speculation in general points – that these guys typically do it for a business reason. The reason that one could speculate more generally as to why they would do this is perhaps political pressure. If they are operating from environments where there is ambivalence towards them, perhaps they have broken a norm. In general terms, if they were attacking a non-aligned, more neutral state, with whom perhaps the state in which they operate might not necessarily have an axe to grind, it may be that they are taking the heat off themselves. It may be that they have made a decision to say that, for argument’s sake, the extorted is not going to pay and, therefore, they still can monetise this by virtue of selling the records on the dark web. That is still quite lucrative. There is much data out there that the price of these records is dropping in the marketplace, but in general, it is still quite a lucrative form of additional pay to the business model.

I will take a general posture and say they do it for a business reason. The business reason, generally, may be expediency. It may be that they transgressed a line. Many of these ransomware providers make sure that their software does not attack the states in which they operate. Quite specifically built into the engineering of the software is to look and see before they attack, just in case there is inadvertent deployment or collateral damage deployments, and that they do not attack the environments that are ambivalent to them or in which they operate because obviously that brings heat on them.

That is general speculation but I have no knowledge as to why they would have-----