Krebs did not name either the firm or the website — which gets its name from the noise a Windows computer makes when it boots while infected with malware — but linked to both and charged them with "trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organised crime".
He added, "Often the rationale behind couching these events as newsworthy is that the attacks involve publicly traded companies or recognisable brands, and that investors and the public have a right to know. But absent any additional information from the victim company or their partners who may be affected by the attack, these kinds of stories and blog posts look a great deal like ambulance chasing and sensationalism."
However, Krebs himself recently reported an alleged ransomware attack, based on hearsay from a reader who had "heard" from a source at a hospital about an attack.
Bleeping Computer founder Lawrence Abrams has created a niche for his site as hardly any sites are exclusively devoted to ransomware.
iTWire reports regularly on ransomware for two reasons: writing about such attacks regularly focuses attention on the lackadaisical approach to security taken by firms that deal in personally identifiable information; it also highlights the casual attitude towards ransomware taken by Microsoft.
Ransomware gangs have recently begun stealing data as part of their modus operandi, making every attack effectively a data breach. Like businessmen and businesswomen, they try to monetise their assets and make money repeatedly off a single break-in; thus paying the ransom is never recommended by law enforcement or info security advisers.
Krebs positioned his coverage of ransomware as being in the public spirit by writing: "KrebsOnSecurity has sought to highlight ransomware incidents at companies whose core business involves providing technical services to others - particularly managed service providers that have done an exceptionally poor job communicating about the attack with their customers. Overall, I've tried to use each story to call attention to key failures that frequently give rise to ransomware infections, and to offer information about how other companies can avoid a similar fate."
Abrams often quotes the people behind ransomware attacks and this could be interpreted as encouraging cyber criminals. However, it is common practice for reporters to interview people who have committed crimes in other areas.
Cyble is also not doing anything unusual. Many other firms like Kaspersky, Trend Micro, Check Point, FireEye, Mandiant (part of FireEye), ESET, Sophos, Recorded Future, Lookout and Trustwave use similar information as Cyble does as a marketing tool.
Asked why he had singled out Bleeping Computer and Cyble, Krebs responded: "They were just the most recent examples from many of late, as you have just noted."
When iTWire asked whether Krebs had noticed that he was also guilty of the same things he was accusing this site and company of, he said that as in the article, when he had written about ransomware incidents it had almost invariably been because he had heard from multiple customers of the affected company, and because the affected company did a poor job of communicating with their customers about the attacks.
"I would hardly call customers of a victim company unreliable, especially when I am hearing the same thing from multiple customers. And I don't think I've ever written about a victim of ransomware without first getting some kind of confirmation from the victim first. And in many of those stories, I've actually interviewed the head of the company and included information about how the compromise happened and what the victim firm did in response to it," Krebs said.
"I don't spend a lot of time looking at the various ransomware crime gang blogs. However, I do spend quite a bit of time working with trusted sources to identify and alert companies that are being targeted for ransomware attacks. I probably do one or two of these notifications per week, sometimes more. And I almost never write about those victims, even when I know they are victims. The case of Florence, Alabama, was one recent exception."