#but when they were flashing all of john’s blog titles on screen i was like heh. | Explore Tumblr Posts and Blogs

queerchoicesblog · 3 years

Text

The Movie Party (SC Titanic, Zetta x Adele Series, Ch. 17)

So, folks, the SC Titanic Zetta x Adele Series has come to an end: this is the final chapter. It’s time for Zetta and Adele to have a reunion at last.

I want to thank all those who supported this crazy project of mine. This series has been quite important and will somehow still be, even if the original story is no longer available and it’s the end. But I will be grateful to the authors who crafted it: it was one of the few times I felt truly seen as represented as a wlw in a game.

You must forgive me if this chapter will be a bit longer but I wanted to bid a farewell to the various characters who made this story one hard to forget. It’s the finale: you either go big or go home, right? And you will find the explanation of the title of the series, if you haven’t figured it out already...

Little disclaimer-favor: especially since the tags don’t seem to be working anymore, if you do enjoy it, please consider supporting the author & sharing this. A little gesture that means a lot!

Stay tuned next week for the Epilogue!

Zetta x Adele Tag: @storyscaped @storyscapefanficarchive @marmolady @animus-and-anima @hayley-carter19 @escako @everlastingchoices @indescribablechoices @ahrielstuff @bornonawdnsday @nazario-sayeed @h-doodles @adele-serda @marlcasters @brightpinkpeppercorn @michelleconnoly @charliejane-blog @ghost-of-yuri @choicesgremlin @lanzhansguqin @orange-elephants @wonder-falcon

Zetta x Adele Series Tag: @eternal-langdon @nydeiri

➡️ Ch. 1, Ch. 2/1, Ch. 2/2, Ch. 3, Ch. 4, Ch. 5, Ch. 6, Ch. 7, Ch. 8/1, Ch. 8/2, Ch. 9, Ch. 10/1, Ch. 10/2, Ch. 11/1, Ch. 11/2, Ch. 12, Ch. 13, Ch. 14, Ch. 15 , Ch. 16

___________________________

The night of the Surviving the Titanic premiere, I walk into the venue at the arm of Richard, my little Napoleon in tow, 'fashionably late' as my fiancé puts it. We are greeted by the flash powder and shouts of the reporters and the awe of the guests gathered in the dashing foyer, waiting in line to show a steward their invitation. I wave at them, smiling and searching the crowd, while Richard tips his hat. Sadly, I do not see any familiar face or I don't recognise any before we walk past them and disappear behind the red velvet curtains of the auditorium. Another steward takes care of our coats while a colleague leads us to the honorary seats reserved for us and the rest of the crew.

We seat and wait. To keep my mind busy, I fix Richard's bow tie leaning to the side. I chat a bit with Sabine and compliment her outfit once again: I'm touched she decided to wear the pearl headband I gifted her when I made it into the movie industry. A birthday gift: she kept repeating she couldn't accept a gift like that but eventually I prevailed. Seeing it again after all those years...I'm so grateful she didn't listen to me and refused to bring it with her on our trip to Europe: "I'd rather not, Madam: I don't think I will have occasion to wear it", she said. I'm incredibly happy she deemed this night a right occasion. I'm so used to see her in her maid uniform that I forgot how she looks in an evening gown and the little detail makes her look like the friend she is to me. I'm pretty happy and proud of my outfit too. I picked it myself: I knew exactly what I wanted when I commissioned it to a New York fashion designer à la mode. I don't usually wear black, I much prefer colors, but lately I've been reconciling with it. And it seemed appropriate for the night: black is the color of mourning, right? What is tonight, this movie if not a commemoration of all those who aren't with us tonight, all those who sacrificed their lives for people like me and all the other survivors we managed to trace back, gathered here tonight? I'm not naive enough to ignore there is more to it, something less poetic, but I hold onto the remembrance of the lives lost. Onto that night: I hope the meaning of my sapphire necklace, the same one I wore on my birthday night, is not lost to those who were there. A hand on my shoulder, a gentle touch. As my heart races a bit faster I turn...but no, it's only my colleague, my fictional sister greeting me at the arm of John, Richard's right hand. I kiss her cheeks and invite the two of them to join us. She is visibly excited when she announces that the foyer is packed: she had never seen a crowd like that. It's a delight to hear but I can only hope in that crowd are a few familiar faces I long to see. One dear face I desperately long to see. One last time, at least if that's what it must be but I need to see her, to make amends and tell her the truth. She must know: I owe her that. When the stewards eventually open the velvet curtains, the auditorium fills fast, women in fur stoles and men in tuxedo swarm in like bees, chatting lively as they take a seat. I stretch my neck to see if I can find her face but my eyes only meet tycoons, socialite and strangers. Is that man over there checking the night programme Felix? I certainly hope so: if he's here, Lawrence must be too. And God knows how I need him tonight. After what feels like an eternity, it's time. The premiere begins. "Here goes nothing" Richard sighs, taking my hand into his as they dim off the lights. I wish I could have spotted Adele before darkness fall on the auditorium and the projector starts crackling. Apparently, uncertainty must torture me a bit longer.

As story unfolds on screen, I hear the audience hold their breath in awe and fear and for a moment I am reminded why I love my job: to give people feelings, to make them live lives they would never live even if for a fleeting moment. Their wonder, their tears of sorrow and joy are the best reward, the only reward I look for, even more important than the generous checks I receive for my performances: it makes me feel alive, it makes me believe that for a moment our hearts beat at unison and we're connected. When my character and her sister hug in the lifeboat and watch the sinking ship, the muffled sounds and sniffling around me tell me that no matter how hard performing that scene was, the message got trough. I am incredibly happy about this.

After the screening and a round of thunderous applauses, stewards lead us to the theater lobby. I have a look around while reporters and guests join us. Richard insisted to take care of the decorations and the whole movie party himself...well, with his staff: he claimed that he had asked of me too much already and he was happy to help and give Sabine a few days off. My little Napoleon was taken aback by the decision: she has always supervised every party, every mundane event. I look at her and I have to stifle a laugh at her unimpressed face. She's right: just like the picture, the decorations aren't grand enough, not luxurious enough and I have no doubt she would have done so much better than this. There isn't even music... I hear the clinking sound of camera and flash powder igniting and before I know it, a bunch of reporters are taking pictures. I put on my best smile and pose with Richard. When he agrees we offered enough coverage of the events for the moment, he guides me away from them towards a waiter in high uniform offering champagne glasses. He hands me one and takes one for himself. "To our success, to our night" he smiles, rising his glass. I repeat his toast and we cling glasses. I have just tasted the cold alcoholic sweetness of it that guests approach us. I do my best to be polite and charming: I know it's my duty even if it distracts me from my most important search for my love. Is she even here? Maybe she just tossed my invitation into the fireplace after my disappearance...oh, no, I don't wanna picture such thing! And I know it's selfish of me, maybe even my note was selfish...it probably would make things easier for her if I disappeared and let her live her life, if I let her forget me soon. Strip away the memory of the time we shared together like a band-aid. Maybe even engaging romantically with her was selfish of me in my situation...oh, I'm tormenting myself again! Focus, Zetta, focus! The guests profusely compliment and comments are awfully predictable: the jewelled wife of a well known mogul dramatically claims that the picture was "a true masterpiece" and she totally felt "as if she was there too that night". A young socialite nods and echoes her words: is she her daughter? I flash them a smile and say I am overjoyed to hear so, it was the effect we were hoping for. I am stuck into conversations like these until the party is in full swing. My head almost hurt at the insane amount of stale nonsense I hear: maybe Lawrence was right when he once said that the problem with fiction is that the audience hardly takes it as such and cannot distinguish between documentary and fictional movies. They will go to bed tonight truly convinced they know what we survivors felt that night, they will tell friends encouraging them to go see the picture (hopefully) but the truth is...they know nothing. They have no idea how terrifying it was, how gruesome. They have no idea what suddenly not knowing if you or your dear ones will see another dawn or hearing gunshots and screams of terror all around you feel. It's like ice flowing into your veins instead of blood, a clutching fear I will never forget. Their heart would have broken in a thousand pieces too hearing the despair in the voices of the poor souls swimming in the frozen water begging for a help that never came. Maybe this picture was a mistake after all, I don't know. I keep jumping from one conversation to another, peering across the crowd gathered on the balcony and below but I cannot spot anyone I know. Instead, a young man out of the blue asks me news of James: they're acquaintances and he was hoping to meet him here tonight. I sense Richard tensing up at my side as he sinks his glass of champagne. He was on the ship too, the young man continues, is he alright. I have no idea if the rumor of what happened at my birthday party has spread or if it faded away after the tragedy so I offer him a quick smile. I conceal how his reminding me of my fallen little prince is making my wound bleed again. James is fine as far as I know - I tell him - but sadly couldn't make it tonight, a previous engagement he couldn't postpone. My merciful lie seems to be enough for him as he tips his hat and asks me to bring him his greetings. As we part from them, I excuse myself and head away from the crowd "to fix my hair and rouge". Thankfully, Richard understands. He takes my glasses and places a quick kiss on my temple, whispering that it's alright, he will cover for me. He winks at me before greeting a colleague. I make a beeline for the restroom to catch some breath: I'm starting to feel a bit overwhelmed by this party but I must be patient, this night is nowhere close to be over soon. I take a deep breath, one last check and return to the lobby.

At the corner of my eye, I finally notice a familiar couple quietly having a drink in a defiled spot by the railing. Friendly faces, at last! I call their names and they turn. "Here's the belle of the ball!" Lawrence exclaims, approaching. He is charming as usual: he takes my hand and gallantly raised to his lips, smiling. He still looks tired and older than he actually is. I pull him into a quick hug. "You came, you old dog!" I joke, making him laugh. "And you too!" I wink at Felix who blushes slightly. When we part, I throw the two of them a look that - I hope - will convey my deep affection more than my words can. "I am incredibly happy you are here tonight" I smile softly. "We were incredibly happy to receive your invitation to the party, dear Zetta" Lawrence twists my words with his kindness. I take a look at him and flash him a sheepish smile. "You hated it, I know" He sighs before laughing, a gentle laugh. I speak again before he can formulate an excuse. "I can only hope I made up for it. My performance at least, the champagne..." "You were magnificent, Zetta. As usual" His smile is genuine, affectionate. Sweet dear Lawrence... "Tell you what, I had to give the gentleman here my handkerchief in the finale" he adds, a playful yet equally affectionate smile on his lips, nodding to his companion. Felix sighs, shaking his head. He cannot refrain a smile. I laugh and hug him. "That is such a great compliment, thank you, darling!" He's always been a big fan of me, he notes and Lawrence is quick to confirm it. We share a long look, quiet, safely away from the loud crowd. When will I see the two of them again? "Lots of people here tonight" Lawrence comments, after a moment, his blue eyes roaming the lobby packed with guests. "Yeah..." I sigh. "Yet you are the first friendly faces I bump into tonight. Well, apart from Sabine. Can you believe it?". I'm not surprised that he understands the unsaid. I'm relieved, actually: concealing my vulnerability but not to the point a man like him cannot sense it, underneath my words. He shares a quick look with Felix before reaching for my hand and giving it an encouraging squeeze. "Maybe it's just because you got stuck with those socialites in high hats and furs and embarrassingly expensive jewels" He winks at me and I laugh, a liberating laugh I needed so much. "Maybe" I concede before adding, hesitant. "I don't even know what I should hope for, Lawrence". He considers my words and when his eyes meet mine again, I don't want to let go of his hand. I want to hold onto him. "The night is not over, right?". I smile weakly at him: he's right but I have no idea if it's a good thing or not. Maybe it will only mean my agony is far from ending anytime soon. He seems to be reading my own thoughts. "Chin up, dear Zetta. And if you need us, we will be downstairs. Just say the word" Sometimes I wonder what I did good to have a man like him being so kind and thoughtful with me. I nod and try to recollect myself. I wish I could stay with them a bit longer but I see reporters approaching and a proper host cannot disappear forever. Sadly I must go, they know it. After one last lingering look, I take my leave. Evading the reporters is a lost war, so I surrender and pose again. How many pictures do they need, goddammit? Oh boy, this flock of vultures wants statements too. Fine, I know what to say. Marvel at how many people gather here tonight, tell how important this movie is to you, how you hope it will help bring along the memory of the tragedy...and start over. Then, with nonchalance and a charming, unreadable smile, walk away. Thank God, it works. I look for Richard or Sabine but they are both nowhere in sight. I shake hands with a couple of New York socialites when I hear a voice behind me calling my name, quietly almost shyly. I turn and see a young woman in a floral dress, red hair in elegant waves and big green eyes looking at me in awe. "Miss Serda, I just wanted to thank you for your invitation and say how flawless your performance was tonight". I flash her a smile. Have we met already? I cannot tell... "Did you enjoy the picture?" "Yes, quite a lot! Even if it's not the same, of course..." she lowers her eyes as if ashamed to anger me with such an undeniable truth. "Were you on the ship?" I inquiry, in my most reassuring voice. "Yes" she nods. "I was..." she pauses before shaking her head, a brighter smile relaxing her face. "Actually I was Adele's cabinmate. Your secretary's cabinmate, I mean". I gape and take a better look at the redhead in front of me. But of course! I saw her on the deck with a Adele as we were playing shuffleboard with the Baron. I tell her so, hoping to make her happy. It works, apparently: she looks pleasantly surprised I remember her. "You're...Clorinda!" I exclaim, reminiscing Lucille's words at our dinner, when she recognised Adele's dress as one of her own creation, a gift to her favourite model. She laughs, but her laugh is weak. "I was Clorinda, yes". "Lucille sang your praises during our journey" I smile. "Will I see you soon at her upcoming show?". "I'm afraid not, Miss Serda" her lips twist in a pained smile. "I no longer work for Mrs Duff-Gordon". Seeing my surprised face, she continues.

"I had an accident during the sinking. I am no longer suited to work as a mannequin" she explains, quickly lowering her eyes before meeting mine again and adding, cheerfully: "But it's alright. I am here, I am alive and I am in America...it's all that matters, right?". We smile weakly at each other for a moment. I feel sorry for this girl even if she seems stronger than she looks. "Adele talked of you" I tell her and I'm glad to see the mix of surprise and excitement on her face. "You're the big fan of mine who kindly borrowed the posters and memorabilia for my birthday party at the Cafe Parisien. Seeing the old and new posters, reading the little notes you wrote...it meant so much to me, truly. I have never had a chance to thank you properly but I will always remember your kindness to me". A hint of red spreads over her cheeks as she smiles a big bright smile. "Oh, it was nothing, Miss Zetta...I was honoured to give my humble contribution to your birthday. If it made you happy, I'm happy, overjoyed!". I laugh softly at her contagious enthusiasm. Adele told me it was quite endearing and she was right. Her cabinmate speaks again, still gleaming but recovering the initial shyness. "Miss Serda, I was wondering if I could...well, if I could get your autograph? I was hoping to ask you during the crossing but then.." "But of course!" I smile and beckon a steward over. When he's back with a promotional picture and a pen, I look back at my fan. "What name should I write?" "Oh, Lena. Lena Montague but Lena is just perfect". I write my dedication and hand it to her. She takes a step forward, limping a little, and I get a glimpse of her wooden leg as she looks down at the picture with reverence. "There, for you. And your new collection, maybe" I wink.

She thanks me but I insist that it's my line. And a sudden idea crosses my mind. "Thank you for coming, Miss Montague. I am glad I got a chance to make your acquaintance. And I was wondering...I remember expressing the wish to invite you for breakfast after being informed of your lovely gesture, to thank you. Would you accept a belated invitation? Let's say next week?". I have never seen such starry eyes on a face of a fan. "And who would be so foolish to turn down an invitation from you, Miss Serda? Sure thing!" "Excellent! I'll send my maid to you then, she's here somewhere...enjoy the party, Miss Montague". I kiss her cheeks and offer her one last smile before going back to my guests. I search Sabine but I find Richard instead, who introduces me to a couple of survivors he shook hands with. It doesn't take long before I realise why he wanted me to meet them: they say they were on my lifeboat and it was thanks to my intervention that they survived that awful night. They will be eternally grateful. I...I don't know what to say. I see Richard smiling proudly down at me while a faint blush spread over my cheeks. I tell them I am sure they would have helped too if the roles were reversed and wish them a happy new life in America. As they part, I finally spot my little Napoleon approaching, imperturbable as the Sphinx, quietly observing the stewards moving from one side of the hall to other. You can take away her apron but not her inquisitive gaze, I suppose: no rest for Sabine... "Ah, here you are!" I greet her, before teasing her. "I feared I lost you in the crowd" She offers me a quick amused smile. "I wasn't lost, Madam, just mingling. An impressive crowd tonight, n'est pas?" "Beyond our wildest expectations, yes!" Richard confirms, eyes roaming the upper floor.

"I am glad to hear, Monsieur King. A well deserved success" my maid bows her head, concealing once again the disappointment for not being involved in the party setting. Then she turns towards me and continues, with a nonchalance that is only pretended. I know it quite well... "By a fortunate coincidence, I bumped into Miss Carrem just a moment ago". I can only hope my face doesn't betray my feelings, the turmoil her words provoked inside me. Adele is here, she came. I will get to see her at least one last time, I will talk to her. My words will be a poor consolation to her maybe but...I will see her again. "Carrem...Carrem, Carrem...oh right, your secretary on board, huh?" Richard exclaims but I barely register what he's saying. All I can think of is Adele, Adele here, tonight. Oh God, thank you! "Oui, precisement" my little Napoleon confirms on my behalf as I cannot speak. "An exquisite young lady, if I say so myself. The best candidate we had in ages, Monsieur, and I am not easily impressed, I assure you". Richard says something about how he would love to make her acquaintance and thank Miss Carrem personally but I am not listening just like the night of our arrival when he was stroking my hand but my head was far away with he woman I foolishly a abandoned at the pier. "I left her in the main hall downstairs. She's with her sister" Sabine adds, addressing me. Snapping out of my reverie, I manage to remind Richard that I talked a little about them. They were on my lifeboat too, we stayed together on the Carpathia...but I am extremely grateful to the providential steward who beckons him over. He sighs and excuses himself, saying he will be back before we know it. As soon as he's out of earshot and someone else interrupts me again, I wrap my arm around Sabine's and lead her to the side, by the railing. Now that Richard is gone, I can show my concern more freely. To some extent, obviously but I think I am safe with my little Napoleon.

"How is she? Did she look alright?" I inquiry, checking over my shoulder. Sabine ponders her words, as if thinking how to describe the impression her brief meeting with Adele left on her. After what feels like an eternity for my tormented heart, she speaks. "If I may, she looks...troubled". I knew it, I feared so. But hearing it put down into words makes me frown. "Troubled? But of course...what a fool I have been! I shouldn't have invited her here tonight, I should have visited her and-" But I can't bring myself to finish my own sentence. "Troubled with grief, I mean. With with the weight of what happened that night. Mourning, you would say, perhaps". Then she sighs, a deep sigh, shaking her head. "It's such a pity to see a young woman like her taking the world over her shoulders, all that sorrow, all that pain". "She wouldn't be Adele if she didn't" I smile, thinking of every time she spoke of her fight for women's rights, the days she spent in jail for it. My sweet revolutionary is indeed a little Atlas and I fear no one can change that, it's simply her nature. But it pains me to see her so miserable and I cannot shake away the feeling that my disappearance played a role in it. At the very least I added salt on her injury. "But Mademoiselle Carrem is strong" Sabine interrupts my somber train of thoughts. "She just needs time, that's all, I think. Time and a little joie de vivre, don't you think, Madam?".

I smile sadly at her words. "Don't we all need it, ma chére Sabine? A little joie the vivre...". Yes, it certainly would be nice. But is it even possible? Even for people like me and Adele or are we forced to be content with cheap surrogates that keep us floating on the water surface? I wish I had an answer... "I will go talk to her" I sigh, straightening my skirt. "I am sure MademoIselle Carrem will be delighted to see you, Madam". "I hope so, Sabine". Yes, I do hope so. We look at each other for a moment before I speak again. "Oh, before I forget...would you mind getting Miss Montague's address and find out when I can meet her for breakfast next week or so?" I ask, nodding at my fan's figure in the hall downstairs. "And book a table to the Plaza or the St Regis. They're both fine...oh and please, send Miss Montague a poster of Surviving the Titanic. I'll ask Richard to sign it too". I fill her in about the details of Lena's life before the sinking and her troubled arrival: the incident, the loss of her job and the end of her modelling career. Sabine bows her head. "Certament, Madam". "In the meantime, I'll see if I can find a way to do more. I wish I could do more for her, somehow" I continue, lost in my thoughts. My little Napoleon nods and goes quiet, pondering. Around us, the sound of laughters and clinging glasses. When she speaks again, she almost startles me. "I'll be on my way" she announces, standing straighter. Before taking her leave, she looks at me and comments quietly that it has just come to her mind that I still haven't found a new secretary since our arrival. I know that look, that pretended nonchalance once again. As Richard approaches, I give her arm a gentle squeeze, a faint smile crossing my lips. "Go find Miss Montague, Sabine. And not a word on this before I speak to the girl". She throws me a conspiratorial look and walks away. When I turn, Richard is offering me his arm. "Fancy a trip downstairs, darling?". "I thought you never asked!" I smirk, wrapping my arm around his.

As we start walk down the stairs, I can feel my heart beating faster in my chest at the thought of my proximity to Adele, how close we are after all this months...even if it's also different now. But it doesn't matter: I don't want it to matter now...what did she say on the deck of the sinking ship? ‘All I care about is that you're here with me, and safe’. Yes, that it's all I care about too. I...saw her. She's with Hileni by a small table with hors d'ouvres and a pyramid of champagne glasses. Be still my heart, I beg you, be still...but it doesn't listen. I cannot control it anymore now that I know for sure she's here. She's wearing a green dress that it or just perfect for her but it enhances her beauty, if it's even possible. Oh, Adele...you have no idea how badly I have missed you! I feel my face lighten up and my lips curl into a bright, happiest smile. See what hold you have on me, my love? I don't even pay attention to those who greet and part as I walk by: I only have eyes for one guest now, for her. The first who spots me is Hileni: her eyes widen at the sight of me. I suppose she has never seen me in all my glory before; on the Carpathia, even if I was still wearing the outfit of my birthday party underneath the coat a kind fan gave me, I was out of my element just like the rest of us. Adele turns a moment later, following her sister's gaze. When our eyes meet, I almost feel my knees get weak. I hope she can see that this smile is meant for her only. I think she does, she brightens up almost immediately I turn towards Richard. "Will you excuse me a moment? I want to say hi to a dear friend I haven't seen in a while...". Dear friend: the euphemism is an insult to what Adele means to me but it will do. Just like the fiction, it's what the world can take. "Sure, go ahead. I'll go find John" he smiles, parting. I immediately glide over to my love, heart racing in my chest. "Adele"

I call her name and the sweet sound of her name fills my mouth. I place my hand on her upper arms and kisses both her cheeks. Restraining myself from pulling her into a tight embrace and linger in that closeness is a Herculean effort. Her perfume, the shade of red spreading over her cheeks, her shy smile. How I missed you... "Let's you and I catch up" I say, still smiling so brightly. I turn to Hileni and ask: "Mind if I borrow your sister for a moment?". She nods, still looking awed. Without hesitation, I take Adele's arm and lead her to a corner of the room apart from the other guests. For a moment, none of us can't find words. Funny how words are most difficult to find with those who are dearest to our heart. But I know what it is...I feel it too. The weight of our past between us. The memory of our brief happiness together.

A last, I summon up enough courage to finally speak. "Ad-" "I-" We start talking at the same time, then burst into laughter. Look at us, two fools lost to love! "I feel...almost nervous. Ridiculous, aren't I?" I keep my smile on but I know, just know she sensed the vulnerability reverberating in my voice who has suddenly lost the confidence I had before with my guests. She smiles too, gesturing that it's alright. "Zetta, it's...so good to see you again". I am sure my mind now is less cheerful. Time for my poor apologies. "I'm sorry, Adele. I should have written or visited" I sigh. "I've just been so busy..." To my surprise, she interrupts me, understanding, smiling. "I understand. You've been making the film, and you're getting married..." But she suddenly lose the train of whatever else she had planned to say. Adele, you and I can try to behave normally around each other, to act as if nothing happened...but we simply fail all the time. Our feelings always get in the way, my love, and God knows if I don't know it too well. And this, this sadness cutting off your words is all my fault. "I know you're upset" I frown.

She meets my eyes again in a silent, unnecessary apology. You have nothing to apologise for, I do. And I owe you the cruel truth, at last. I take in a deep breath to steady myself and let my mask fall. I drop my voice to a whisper so that only she can hear. "I've been agonizing over what I'd say when I saw you. And I never came up with a good answer". Adele, if only you knew the nights I spend writing you the most ardent, sorrowful letters! "I love you. I want to be with you. But this marriage has to go forward or my career's done". Do you understand my impossible position, my dearest? But please, I beg you never doubt my feelings. "Doubt thou the stars are fire, doubt the sun doth move, doubt truth to be a liar...but never doubt I love". When she speaks, her voice is a pained whisper and her words an excruciating plea. "Zetta, please don't do this. I want us to spend our lives together". I couldn't ask for anything better, sweet Adele, but...there is always a cruel but for us. "Even if that life had to be kept secret?" I grimace. "If people knew about us, it would destroy everything I've worked for". Look what malicious rumours brought on Lawrence and Felix even without a solid evidence of their relationship. Look what the world does to people like us. These guests, my adoring fans crowd the movie theaters to see me fall in love with the hero, the dashing heartthrob 'every woman daydream of' without asking me what I really want. They smile and awe at me tonight but they wouldn't hesitate to drag me down into the gutter if they knew who my heart truly belongs to. "I...I can't have both you and my career".

I lower my eyes unable to sustain her gaze any longer. I am so incredibly sorry, Adele, so sorry.... She reaches for my hand, shyly, and I am reminded of the first time she took my hand into hers in my private projection room on board of the Titanic. The soothing warmth of her hand over mine felt so intimate, calming...just like now. I look back at her and I have to fight back tears. She looks over her shoulder then she speaks, her voice low. "I don't care if no one knows about us. All I care about is that there is an us. I need you, Zetta". My eyes widen as I register the meaning of her words. Does she...does she mean it? "Are you sure?" I ask her, unsure whether she is fully aware of what she's proposing. "This won't be like it was on the Titanic, bathhouses and stolen kisses. It won't be easy..." She searches my eyes and nods. I...I would have never thought nor hoped for such a hopeful end of this conversation I feared so much. Oh my dear...not losing Adele, being with Adele! Out of instinct, I move to kiss her but I refrain myself just in time, painfully aware of the surroundings. I must long for your lips a bit longer, my love...but it doesn't matter, we're together now. "We'll need to come up with a plan..." I consider. "How do you feel about being my publicist?". "About as confident as I felt about being your secretary" she beams. I laugh as I laughed with her in the most dire moments...incredible what a light she casts on me, even when I am at my lowest. I regard her fondly as a newfound sweet joie de vivre starts spreading inside me, and I put my hand to her cheek. "This is the happiest I've felt in months...knowing you'll be at my side" I whisper, my voice trembling with the swirl of feelings taking hold of me. "Always" she whispers back, slightly leaning to the touch.

Suddenly we're both brought back to the party by the flash powder igniting around us. As I unwillingly retrieve my hand we're surrounded by journalists shouting my name. I am too overjoyed by our sweet reunion to be annoyed by them. I wish they could have forgotten about me a bit longer, granting me more time with Adele but they are oddly bearable this time.

I see her leaning closer and putting her mouth to my ear. The words she whispers send my heart fluttering.

"I love you". I turn my face to meet her eyes. I must summon every ounce of strength I have to stop myself from pulling her mouth to mine, pouring my affection on her right in front of the photographers. I see the same restraint in her eyes. There will be other nights for that. Yes, there will other nights... "And I you" I whisper back. My voice is soft, adoring...how could I not adore her? I smile at her one last time before turning to the cameras and bathing into the flash lights. They better capture this moment, I think: I will never be as radiant as I am now. As they keep calling my name and taking picture of me posing, I slowly return to the party I momentarily left for my reunion to Adele. I spot Richard and John lightening cigarettes by the staircase and not far Miss Montague chatting with a man I have never seen before. Sabine is checking herself in a mirror, fixing her headband...a rare moment of vanity for her. Hileni is pondering whether going for the pastry mignons is a bit too much and once saw me looking at her, she shyly waves at me and walks away. To my delight, Lawrence is signing an autograph to a fan, under the proud gaze of Felix, who took a step back. Good old Lawrence... ‘Sometimes our secrets are what make our lives worth living. No matter with what high cost they come attached’, he said. And he was right. I used to repeat to myself that you can't breathe if you're constantly underwater. It turns out I was wrong. With her love, I can breathe underwater.

#titanic storyscape #zetta serda #adele carrem #zetta x adele #zetta x adele series

25 notes · View notes

nerdgatehobbit · 3 years

Text

5/12/21

I got my second shot on Monday, so that’s exciting. Tuesday was mostly spent on a mini-binge of Ultra Legends for three reasons. 1: I didn’t feel well enough to watch anything closely enough for later reviewing. 2: To check that the three DVD sets were all working. 3: To stay awake, which admittedly ties into the first reason.

Ultra Adventures has been pretty laidback so far, which I’m enjoying as I really love this in-depth look at day-to-day life in the Alola region. But I’m very excited for the Ultra Wormhole subplot! :D

For May the Fourth, I saw TCW’s “Revival” and some of Droid Tales. I’ve since seen “Eminence” & “Shades of Reason”. So that just leaves “The Lawless” to watch. Uh-oh.

Three episodes into Princess Tutu, and I’m really enjoying it. The upcoming reviews on my blog will be short because I’m struggling what else to say beyond that. Especially since I don’t know much about ballet.

Just 15 episodes left in PRLG (aah). Andros & Leo got most of the spotlight in “To the Tenth Power”. That wasn’t unexpected but it was still mildly irritating. The title apparently leaves out Mike despite him appearing in it. I really need to do justice to the next episode’s review, given its contents, but first I need to watch it.

I’ve started the fifth & final season of BBC Merlin. My mixed feelings continue, which aren’t fun so I’m putting The Flash on the back burner as a result. Arrow’s 2nd season will get reviewed next autumn for the show’s tenth anniversary. I don’t know when LOT will be watched but I do want to get around to it.

I still need to get back to XWP as well as start reviewing ST: TOS and OUAT. The issues are that XWP’s 1st season finale freaked me out, I’m nervous with TOS’s iconic status, and I am well aware of OUAT’s uneven quality even in the better seasons. But I really want to get a buffer of posts over the summer, so I need to get over my hang ups.

Because I do want to watch all three shows. I like XWP’s characters and it’s ‘everything & the kitchen sink’ take on things; there’s a lot of fun in OUAT’s first 2 seasons (and so many gorgeous outfits); and I want to see TOS for the first time as I’m sure it’ll explain a lot about later sci-fi.

Furthermore, I have obtained the first 3 seasons of DS9 to watch as well. With my track record, those reviews will probably start in January for its 29th anniversary. If I enjoy them, I’ll look into getting the later seasons.

Now that I’m done with Traders (it got rather soap opera-y at the end), I want to see Legend since it stars Richard Dean Anderson & John de Lancie. Weirdly, with Traders, I think Patrick McKenna’s character was my favorite since he was by far the most energetic character. And he did get more screen time than Hewlett’s character.

There are also several films to want to see, one for the first time (Ever After) and others for a rewatch: Atlantis the Lost Empire, Barbie as Rapunzel, 1991’s Beauty and the Beast, and Bedknobs and Broomsticks. In the overlap, I want to see the extended versions of LOTR for the first time.

Next up in my mini SG-1 watch is “48 Hours”. I’m planning to read Blood Ties later this week, and I’ll eventually get around to Do No Harm. Odds are that I’ll start a ‘one episode a month’ rewatch of SGA because I miss it. Even though I ought to prioritize other shows. But I do really miss my favorite show and with the recent rumblings I want to keep Stargate front & center.

... Yeah, I’m still using media as a coping mechanism. Oh well. Anybody (re)watching something fun?

Edit: Though I also need to get some more reading in after the 2 Stargate novels. Probably rereading since I don’t have a lot of mental bandwidth for new stories, which is mostly used up by TV right now.

#my ramblings #pokeani #sun & moon anime #tcw #princess tutu #prlg #bbc merlin #arrowverse #xwp #st tos #ouat #st ds9 #traders 1996 #legend 1995 #stargate #long post #not kidding about the rambling

5 notes · View notes

sappphfic-blog · 5 years

Text

gal pals - lucy boynton x reader

a/n: it’s here!!!!! my first fic i’ve written since i was like 14, and i think this might also be the first x reader fic i’ve written ever. i kinda wanted to kick things off with some nice casual dating stuff to get ease us all into this - if john mulaney has taught me anything, it’s not to go too big too soon. there’s also a huge chance that this is completely ooc (can real people be ooc?) because i’m still getting back into the swing of writing about real people rather than my own characters. thanks again to @rogersben for being the only reason this fic and blog exists, i really hope you all enjoy it!!

summary/warnings: vv casual relationship stuff, coming out, i mention scissoring once or twice as a joke.

word count: 1.4k (???? how did i manage that)

You would think that after eight months of dating, people would start to catch on to the fact that you were in a relationship. You couldn’t lie, you didn’t hate that there was hardly any speculation about the two of you – you weren’t exactly famous enough for people to care about your sexuality, and Lucy had never felt the need to address her own publicly. It did mean, however, that when you both decided to be a little more open about your relationship, nobody took the fucking hint.

Your first move was to try holding hands in public – sounds easy enough, but your hearts were pounding in your chests the entire time. It’s not like the two of you had never held hands before, but it’s what it symbolised that kept them thumping. This was it for you two. No going back.

The next morning, you saw the photos of your outing making the rounds on social media: Actress Lucy Boynton spotted out shopping with best friend. You rolled your eyes as you turned your phone around to show her the Instagram caption.

“Hey, looks like I’ve been upgraded from friend to best friend,” you joked as she groaned.

“Are they idiots? Like, are they actually idiots?” she replied from across the dining table. You laughed as you turned the screen back to yourself and continued scrolling.

“Oh, you’re joking. This one calls us gal pals. They actually called us gal pals!”

“You’re not serious?”

“Look for yourself!” You handed her your phone and turned your attention back to your cereal as she scrolled, scoffing at the captions.

“Bloody hell…”

You hadn’t exactly planned it, but when you saw the flash of cameras as you leaned over to plant a kiss on Lucy’s cheek, you thought you might have actually done it this time. Much to your dismay, it had about as much of an effect as an ice cube in the ocean.

“A friendly kiss?” If Lucy had rolled her eyes any harder, you were sure they would’ve fallen right out of her head.

“What’s that, babe?”

She read the caption aloud for you: Lucy Boynton and close friend Y/N share a friendly kiss while out in London.

“Close friend?” You raise your eyebrows in mock offence. “That’s a demotion from best friend, isn’t it? When did this happen, why didn’t you tell me?”

“It’s unbelievable,” she flopped down on the sofa beside you, unwilling to partake in your joke like she normally would. “I mean, what’s it going to take? Do I have to go down to Oxford Street and scissor you in front of the MacDonald’s for people to catch on?”

“I mean, I wouldn’t be totally against it,” you joked. She slapped your arm playfully, but the tone quickly changed between the two of you. You sat in silence for a few moments, before you finally plucked up the courage to speak.

“I think we just need to outright say it, you know?” your hand reached out for hers, rubbing your thumb gently over her knuckles. “I don’t think dropping hints and hoping for the best is going to be enough.”

Lucy sighed. You knew it’s not what she wanted to hear, but she also knew you were right. You hated being right sometimes.

“I know, I know,” she sighed again. “But people are… mean.”

She leaned into you, and you moved your hands from hers to pull her closer to you. You ran your fingers through her hair as she spoke, her fingers drawing small, delicate patterns on your thighs.

“It’s so scary, you know?” she continued. “There’s no coming back from this. When it’s out there, it’s out there.”

“I know, baby, but if you want people to know, I think this might be our only option. Not to sound dramatic, but I think even if we did resort to your MacDonald’s scissoring plant, people would still find a way to call us besties.”

She let out a small laugh. “Oh, don’t worry, you’re not being dramatic at all. People are idiots.”

You smiled, continuing to run your fingers through her hair as you pressed your lips gently to the top of her head.

“You don’t have to do it just yet, love,” you muttered. “But until you do, I don’t think I’ll be getting upgraded from best friend any time soon.”

A few months passed before you finally did it – it was your one-year anniversary, to be exact. While you had expected the week leading up to the big day to be spent reminiscing about your first coffee date 365 days previously, they had instead been spent the days in a state of silent worry. Lucy had written and rewritten so many tweets, texts and Instagram captions that it was a wonder her thumbs still worked by the time the day came.

“I just don’t know what to do,” you stood in the kitchen, a glass of buck’s fizz in each hand as Lucy whisked a bowl of pancake batter with all her might. She paused, almost in defeat, wiping one hand on her forehead and reaching out for her drink with the other.

“You don’t have to do anything, Luce. I told you, I’m happy to wait as long as you need until you’re ready to tell people.” You said as she took a sip from her champagne flute, before handing it back to you and returning her attention to the bowl in front of her.

“But I want to!” She exclaimed. “I’ve gone a whole year keeping this a secret, and that’s just us! I can’t…” she stopped her work on the batter and turned to you, tears threatening to spill with every word that comes from her mouth. “I can’t keep hiding this from people. It’s such a big part of who I am. You’re such a big part of who I am. I just don’t know how to do it.”

You put the drinks down on the countertop and pulled her into a hug. She immediately melted into you, wrapping her arms around you in response and sighs as she buried her head in the crook of your neck. The two of you stayed like that for some time, swaying slightly in the middle of your kitchen. You pulled apart slightly, so you can look at her properly as you spoke, but your hands stayed wrapped loosely around her waist, her own arms wrapped around your neck.

“I’d say just go for it. Just type out the first thing that comes to your head and post it.”

She smiled and raised an eyebrow at you. “Balls to the wall?”

“Balls to the wall.”

That’s exactly what happened. You sat at the dining table once more, a plate of pancakes and a glass of prosecco in front of you both. (Lucy had told you to buy more orange juice when you had gone to the shops on the previous Saturday, but by the time you had seen her text reminding you, you were already on your way home and there was no way you were turning around and risking all that ice cream melting.) She spent a few minutes trying to decide on a photograph to post along with it – “You look so good in this one, Y/N!” “I do not! You’re not posting that one!”– but eventually settled on a candid that your friend had taken of you both. It was the first time you had ever introduced Lucy to somebody as your girlfriend, and seeing the picture still gave you butterflies remembering how happy you had been to introduce her with such a title. She was laughing at something you had said, a big, wide laugh that only you knew how to coax out of her, and you had the cheesiest grin on your face as you looked at her like she owned the moon and stars. That looking still hadn’t gone away, and neither had the feeling – she was your everything.

Her thumbs typed rapidly before hovering over the screen for a few seconds. You couldn’t see from where you were seated opposite her, but you knew it was resting tentatively over the post button. After a few moments of deliberation, she hit it, putting her phone face down on the table and breathing out a sigh of relief.

“Done?” you raised an eyebrow at her, trying to hide the excited grin that had started creeping its way onto your face.

“Done.”

#mine #lucy boynton x reader #my fics

51 notes · View notes

tentativelyteal · 7 years

Text

Idiot(s)

The electric shine of the earthy green and plain white hits him like a punch. Punch me in the face. He shakes the phantom voice off, and turns down the brightness of his screen. It is, after all, only a trick of his laptop, that blinding white - NO IT’S NOT! IT’S NOT OKAY! - that oh so familiar blinding cold white light in the laboratory in Baskerville -

No, I’m not there, John tells himself firmly, I’m here, in Baker Street. He looks up, and there, just where the lights still swimming just underneath his vision from his laptop and the soft glow stealing through the window from the dusk outside intermingle, sits Sherlock on the sofa, lanky knees right against his chest, eyes so rapidly scanning his computer on the coffee table that John wonders how he has not got a headache already. Well, at least he’s using his own laptop, for once. Purse his lips as he might, he still cannot quite stop the little smile that is forming, and even if he could, the softening of his eyes would just give it away at once. I’m here, and Sherlock is here, it’s all fine. That was why he chased away those phantom voices and images, because now is not two years ago, when - when. Now they are both here, living and breathing. Breathing the same air too, in fact.

Clearing his throat, John turns his gaze back on his blog, and finds his eyes immediately resting on ‘The Sign of Three’, bolded, underlined and in that earthy green theme-colour of his blog. The many little spears of exclamation marks keep jutting up, mocking him, as if they were thinking that if they succeeded in poking his eyes out, they could prove to him how blind he was. Well, that will not do as his latest post, because a post from when Sherlock had no one to play Cluedo with him is simply, wrong

That chapter is done. John clicks the little button saying “New Post”, also underlined and green, but John feels like this green could be a whiff from a pasture just after rain. Being poetic again are we, John?, a voice that sounds suspiciously like Sherlock teases, and John tells it half-heartedly to shut up. A big blank rectangle greets him after the page loads, the slender vertical line flashing innocently in the empty space for the title, a balm to sore eyes really. Still, balm or not, he stares at it blindly for a moment. Where can he start after all? It has been months, and every millisecond in it stretches whenever it pleases, tempo rubato, into aeons. Aeons packed with action and confusion and suspense, granted, but still.

The obvious thing first, then, John shrugs internally, his left forefinger pressing the Shift key while his right taps crisply on the B. Back to 221B appears in the title bar, bolded and bold, and just like that, these 10 letters and 2 spaces in between, with their next-to-nothing weight, tilts John’s ground by two-fifth of a degree - no, not back into a perfect horizontal line, because that would be boring wouldn’t it? Well, I’m never bored, he remembers himself said, to Mycroft, in this very living room. Good. That’s good, isn’t it? Oh, God, yes.

“What are you typing?” Sherlock’s voice rumbles across from the sofa.

“Blog.” John keeps tapping away, Yes, as some of you may have heard already, we’re both back to 221B Baker Street. Solving crimes - well Sherlock solving crimes, and me blogging about them, which is what I’m doing rig-

“About?” The detective smirks just the slightest, but John is not sure if he is just about to make fun of his writing, again, or if, like him, he is remembering a very similar conversation.

“You.” John decides to play along anyway. A few seconds pass in silence, during which John feels the intensity of Sherlock’s gaze on the side of his face. He does not look up, because he does not look up the moment Sherlock looks at him and whenever Sherlock looks at him. He simply does not. Well, at least he has to finish this paragraph first. -ht now. But on the first day I moved back, no sooner had I swung my bags onto my bed - still made up and all that, which was amazing, and no doubt the credits must go to Mrs. Hudson - the bell rang. So we were thrown right back into the chase. Well, I couldn’t have asked for a better “welcome h-

“You mean us.” At this, John does look up sharply. So much for at least finishing this paragraph. But Sherlock has already glued his eyes back into whatever research he is in the middle of, as if he hadn’t just said something truly remarkable. Because it is, remarkable.

“Yes, if you say so.” John is careful to keep his tone light, offering an out for Sherlock to drop the conversation if he so wants. “I know so. And so do you, so stop being obtuse on purpose.”

Ha, trust Sherlock to flatter and insult with the same line. “Okay, us then.” And the air eases, because they have never needed many words to be on the same page.

“So glad that we have finally come to an understanding,” the detective must have intended it to come out dripping with sarcasm, but the signal must have been rerouted during transmission. That has been happening more often lately, John duly notes. He supposes that he should take this as progress, instead of the unattainable hope that Sherlock will leave their poor fridge alone. Truth be told, though, John would not have their fridge any other way. “Now, if you would not miss your blog too much for a couple of hours - dinner?”

The blogger jumps out of his reverie, “oh, starving. Where?” Sherlock snaps his computer shut and rises, already looking to his Belstaff, “Angelo’s?” John nods, getting up from his armchair while the other man is putting on his scarf. And soon, two silhouettes, one tall, taking advantage of a good coat and a short friend, and one short, the said short friend, are seen walking down Baker Street.

Angelo, as always, is pleased to see his two favourite patrons, and quickly ushers them to their usual table by the window, “now, just give me a second to get the candle. More romantic,” he winks at John as they settle.

Having taken his coat off and hung it on his chair, John turns back to face Sherlock, who is studying him. “What?”

Sherlock cocks an eyebrow, “you’ve stopped correcting him.”

“Well, what’s the point,” John shrugs, “he keeps bringing them anyway. Might as well save my breath.”

Sherlock looks at him more closely, like he is now the case he must solve, “in fact, you stopped correcting everyone quite some time ago. To be precise, just before Henry Knight’s case, or “The Hounds of Baskerville”, as you call it.“

Surprised, John mirrors him in arching his eyebrows as well, "so, you’ve noticed?” Sherlock merely rolls his eyes, “of course.” Just at this moment, Angelo arrives with the candle, the flickering flame casts Sherlock’s face into sharp relief, and the warm yellow balances his silvery-ice eyes into almost transparency. John clears his throat, looking down at his napkin, echoes, “of course. You notice everything.”

The detective chuckles, and John could swear the table, even with the thick layer of fine linen cloth soaking up most of the sonic waves, trembles. “Not everything,” a teasing note underlying it, “as you so outrageously broadcast to the whole of London, what’s incredible, though, is how spectacularly ignorant he is about some things. This morning, for example, he asked me who the Prime Minister was. Last week he seemed to genuinely not know the Earth goes round the Sun.”

Their dishes, along with the red wine, arrive and break up the back-and-forth tennis match of teasing each other, like how a lighthouse breaks the tides. But the tides will just keep coming, of course. John takes a bite of his aubergine rolls, and says, a bit muffled, “are you ever going to let that go?”

Sherlock grins, “never.” And John shakes his head, amused, “I’m going to finish my post tonight, probably with, ‘I wrote once, that what was incredible was how Sherlock seemed to genuinely not know the Earth goes round the Sun. But what’s truly confounding, is that he seems to be able to recite every word of my b-’ Seriously though, why on earth have you memorised my blog?” He huffs an incredulous laugh, but Sherlock just looks at him.

And Sherlock just keeps looking at him. John is instantly reminded of that time when he asked Sherlock to be his best man. This is getting a bit scary now, he said as he waited for Sherlock to come to terms with the fact that yes, he is apparently his best friend. How? How could he not know that? The part of his brain that has decided to go down that memory lane still asks. But now, it seems that the table has turned, and he is the one who is not seeing where the penny has dropped. “Do you really have to ask, John?” Sherlock is still looking at him, like he thinks he is the most adorable idiot who has ever lived on Earth. He knows you’re an idiot, but that’s okay, because you’re a lovely doctor, Mrs. Hudson's voice nudges him, distantly, and - oh. Oh. Somewhere, John feels like, somewhere, there should be a choir singing, and fireworks blossoming overhead at this moment of revelation, like how they always have in some soap operas on telly. The soap operas Sherlock so despises, and frankly, John is not particularly in favour of them either. So, there is none here. Instead, he takes another bite of his aubergine rolls, “well, I’m an idiot, as you so often say, so humour me.” Sherlock rolls his eyes at him, again, and steals his broccoli.

#sherlock #john #fanfiction #fluff #idiot #idiots #it is what it is #angelo's #blog #221b #baker street

3 notes · View notes

cupidford · 7 years

Note

denofgeek com/uk/tv/sherlock/46250/sherlock-33-nerdy-spots-in-the-six-thatchers

Oh cool! Although I’m pretty sure fandom caught most. (oh, and I was even cited in this one! as was finalproblem! how swanky!)

THIS IS INTERESTING THO:

10. The bus/flower scene was inspired by the same thing happening in real life to a friend of Mark Gatiss called, aptly enough, Edmund Moriarty: “His daughter was very young and he’d been up all night with her and he got on the tube to White City and this very beautiful girl started smiling at him and he thought ‘Still got it!’ and he got all the way there and got to work, looked in the mirror and he had a flower in his hair and that’s what she’d been looking at” Gatiss told the audience at a December screening of the episode.

Here’s the article, under the cut!

After taking a fine-toothed comb to new Sherlock episode The Six Thatchers (well, watching it with one finger hovering over the pause button) here are a few items of note discovered, in addition to a handful of discoveries made by some very fine Sherlock detectives elsewhere…1. We know that Lady Smallwood’s British Intelligence code name is ‘Love’, leaving the Holmes brothers and Sir Edwin to divvy up ‘Antarctica’, ‘Langdale’ and ‘Porlock’ between them. Porlock (as well as being a village in Somerset whence came S.T. Coleridge’s famed interrupting ‘person from Porlock’) was the alias of an agent working for Moriarty in Conan Doyle novel The Valley Of Fear. Langdale Pike was a character in The Adventure Of The Three Gables. But Antarctica? Perhaps that’s a fittingly chilly name for “never been very good with [humans]” Mycroft?2. It looks as though the opening credits have been updated for series four. They now feature a post-swimming-pool-fight Sherlock, Watson standing in what looks like a well and a lump of something odd in one of Sherlock’s posh Ali Miller teacups.

3. It’s hardly hidden, but there seemed to be plenty of focus on 221B’s skull décor in the episode, which was all about the impossibility of outrunning death. Symbolism! Additionally, the black fish mobile in Rosie’s nursery could either be foreshadowing the location of her mother’s death, or, you know, just some fish.

4. This is what John was typing in his “221Back” blog entry:

And we’re back! Sorry I haven’t updated the blog for such a long time but things really have been very busy. You’ll have seen on the news about how Sherlock recovered the Mona Lisa. He described it as “an utterly dreary affair” and was much more interested in the the case of a missing horseshoe and how it was connected to a bright blue deckchair on Brighton beach.

I’ll try to write everything up when I get a chance but it’s not been missing portraits and horseshoes that have taken up my time.

I’m going to be a dad.

I mean, I thought I’d spent the last few years being a Dad to Sherlock, but it really doesn’t compare. The baby runs all of our lives. Maybe not THAT different to [….] I’ve fought in two wars, my best friend once faked his own death but none of that [….] terrifying and amazing and the biggest adventure I’ve been on.”

5. There's a teensy error here, apparently. Look closely at the screenshot of John Watson writing his blog and the filename revealing him to be ‘typing’ into a static JPG image file is on display. Source: Daily Edge

6. In Sir Arthur Conan Doyle story A Scandal In Bohemia, Sherlock Holmes tells John Watson “You see, but you do not observe.” In The Six Thatchers, he makes the same complaint to baby Rosie Watson.

7. The number 626 bus, which John takes to work, is a real bus line running from Finchley to Potter’s Bar.

8. The advert on the side of John’s bus is for ‘Strawb Fizz’, sweets with ‘explosive flavour’. That’s not a real product as far as know, so must have been custom-made, but why? Could there be an explosion in Sherlock’s future? Or some strawberries...

9. As John gets off the bus with the flower behind his ear, a passenger can be spotted carrying a newspaper with a headline ending “…be in two places at once?” a possible reference to the case of The Duplicate Man that flashed up earlier on screen asking: “How could Derek Parkinson be in two places at the same time? And murdered in one of them?”. It’s never twins, remember.

11. The big hint for episode two, The Lying Detective, is spotted behind John’s texting partner ‘E’ at the bus stop. It’s a poster featuring Toby Jones in character as Culverton Smith, advertising either a new film, TV series or book featuring the character titled something containing the words ‘business’ and ‘murder’. The words ‘coming soon’ and ‘he’s back’ are also clearly visible… (Watson also walks past a poster for The Book Of Mormon, but not sure that's strictly relevant here.)

12. ‘E’, the woman John meets on the bus, appears in the credits as Elizabeth and is played by Sian Brooke, who played Ophelia to Benedict Cumberbatch’s much-publicised Hamlet at the Barbican in 2015. Look away now if you don’t want a potential spoiler revealed: Brooke was also spotted filming scenes for episode two The Lying Detective, and is referred to by setlockers as “The Lady In Red”.

13. A tenuous one this, but here goes: when John is texting ‘E’ late and asks if she’s a night owl, she replies “vampire”. The Adventure Of The Sussex Vampire is a Sir Arthur Conan Doyle story about a dysfunctional family and a jealous, abusive brother attempting to do away with his younger sibling. Could her jokey answer be a clue to Elizabeth’s back story?

14. There may be a long list of things Sherlock Holmes doesn’t know about (former prime ministers?), but William Shakespeare isn’t on it (Conan Doyle’s “the game is afoot” catchphrase comes from Henry V, incidentally). In The Six Thatchers, Sherlock quotes “by the pricking of my thumbs” from Macbeth. Unless of course, he’s quoting from that other classic British detective writer, Agatha Christie…

15. The Power Ranger strapped to the front of Charlie Welsborough’s Ford was the Blue Ranger. Not sure if that’s relevant, but just being thorough.

16. The continued references to the Black Pearl of the Borgias are a connection to The Adventure Of The Six Napoleons. Said pearl was the treasure hidden inside one of six plaster busts of Napoleon in the original story.

17. Writer Mark Gatiss didn’t only borrow the premise of The Adventure Of The Six Napoleons from Conan Doyle for this modern update but also some names. Thatcher bust distributors Gelder and Co. were also the distributors of the Napoleon busts in the original story. Barnicot, Harker and Sandeford, bust owners, are also repeated between the two.

18. Toby the bloodhound proved a difficult co-star, as Steven Moffat told the Q&A audience in December: “It didn’t move! That was an immobile dog! You know that scene where they’re talking about the dog that won’t move, me and Mark [Gatiss] wrote that on the street to account for the fact the dog wouldn’t move. It just sat there like an ornament!”

19. Toby lives with Craig the hacker. In Craig’s room is a street sign for Pinchin Lane, which is where the original Toby the dog lived (with a Mr Sherman) according to Sir Arthur Conan Doyle in The Sign Of Four. Source: Vanity Fair

20. This isn’t the first time Ajay actor Sacha Dhawan has appeared in a Mark Gatiss-written script. He played Waris Hussein in 2013 Doctor Who docudrama An Adventure In Space And Time and then the lead in that year’s The Tractate Middoth.

21. According to this website, there’s a real-life hotel in Tbilisi, Georgia called The Sherlock. Now you know.

22. Mary-in-disguise’s fellow plane passenger was played by James Holmes. No relation.

23. A close-up of one of Mary’s fake IDs reveals one of her aliases to be Gabrielle Ashdown. ‘Gabrielle’ was the fake name used by spy Ilse von Hoffmanstal in 1970 Billy Wilder film The Private Life Of Sherlock Holmes, and ‘Ashdown’ was the alias she used when pretending to be married to Holmes, then later alone in Japan. Source: Vanity Fair

24. The name painted on the boat Mary walks past in Norway, Flekkete Band, means Speckled Band, another Conan Doyle story title. Source: @ingridebs

25. Apparently the name on the boat behind, Løvens Manke, means Lion’s Mane, yet another original Holmes adventure reference, as spotted by Tumblr user Cupidford here.

26. We won't repeat them all here, but this terrific Tumblr page is full of links between Sherlock’s flurry of cases at the beginning of the episode and the original Conan Doyle stories. Find out how the man with the Japanese girlfriend tattoo relates to The Adventure Of The Red Headed League and many more.

27. Throughout the harrowing London Aquarium scenes, filmed in a single day, the team kept themselves amused by inventing facts about sharks, as relevant to their location. “Sharks like beans”, “sharks cannot spell” and so on…

28. Unlike that popular myth, sharks do sleep. In fact, the ones at London Aquarium have to be in bed by 2am, which made filming there difficult and is perhaps why it looks very much as though some scenes are set against a video screen of fish swimming rather than the real thing. “One of the things we did find hard was the aquarium,” said producer Sue Vertue, “which we tried for ages to work out if we could film everything in the aquarium and then we realised that sharks sleep at night. So we had to find another way around doing that.”

29. Mark Gatiss said at the Q&A in December that they had always planned for Mary to die sacrificing herself: “It was always going to be saving Sherlock.”

30. When Sherlock asks Mrs Hudson at the end to say the word ‘Norbury’ to him if she ever thinks he’s becoming “cocky or overconfident” he’s paraphrasing his literary counterpart, who asked John Watson in The Adventure Of The Yellow Face “Watson, if it should ever strike you that I am getting a little overconfident in my powers, or giving less pains to a case than it deserves, kindly whisper 'Norbury' in my ear, and I shall be infinitely obliged to you." Source: Metro

31. When Mycroft arrives home and sees the “13th” note on his fridge, it’s hidden underneath a menu for a Reigate Square takeaway restaurant. The Adventure Of The Reigate Squire is an 1893 Sherlock Holmes story by Sir Arthur Conan Doyle.

32. Prompted by the note on his fridge, Mycroft makes a phone call and asks to be put through to “Sherrinford”. First introduced by Holmes scholar William S. Baring-Gould, Sherrinford is a hypothetical older brother to Mycroft and Sherlock. “I’m not given to outbursts of brotherly compassion. You know what happened to the other one” hinted Mycroft in His Last Vow. At this year's SDCC, Mark Gatiss, Amanda Abbington and Benedict Cumberbatch were photographed holding up signs saying "Thatcher", "Smith" and "Sherrinford". So we can expect to have the Sherrinford mystery solved by The Final Problem?

33. The therapist Sherlock sees at the end of the episode is Ella Thompson (played by Tanya Moodie), who formerly appeared as John’s therapist in A Study In Pink and The Reichenbach Fall. Who better to tell him what to do about John than the doctor who treated him for PTSD and grief?

#s4 press #tst review #e meta #ish #Anonymous

260 notes · View notes

impatient14 · 7 years

Text

TST + LYD= TAB

I re-watched TAB today and I had my entire ass handed to me. Like literally. My eyes were on the screen watching, but my ass was being force fed into my hands by Mofftiss and their utter brilliance.

I thought there were parallels to TAB in TST but I was wrong. There aren’t parallels. There is a fucking road map with a bright neon sign flashing, “Look Here! See what we did? Aren’t we FUCKING CLEVER!” Yes, Mofftiss, I know you’re clever. calm the fuck down already.

Yeah, so this is going to be me screaming at the top of my lungs for the next few minutes. Be kind and indulge a tired bi, would you? I’ll do it in list format again to keep it organized and I’ll recount the episode in order. I’m not going to included things that parallel other episodes to TAB. Things like Sherlock recognizing Mary’s perfume, Moriarty and Sherlock’s repetitive dialogue from TGG, or the bit about John bringing his revolver to unlikely situations. There is a lot of meta about that already. This is just TAB to TST and some conjecture about TAB and TLD.

1.) The first true feature of interest (look Mofftiss I can be clever too!) in TAB as it relates to Series 4 is when Sherlock recounts his latest case to Mrs. Hudson, when he and John return to Baker Street at the begining of the episode. The case involved a dismembered country squire, in which they were unable to find the legs but Sherlock brings at least one (my money is on the head) body part home with him in his luggage that John carries. In TST one of the first cases recounted is the Circus Torso, in which a limbless body is found in luggage.

2.) Mary is introduced in disguise right as the title flashes beneath her. She is literally The Abominable Bride. (I know this doesnt relate to TST. I’m just being petty. It will probably happen again.)

3.) “I don’t mind you leaving, my darling, I mind you leaving me behind.” Mary begins her letter to John in TST with, My Darling, which is such an odd phrase to use as a 30 something women in 2014.

4.) “The Stage is set. The Curtain Rises. We are Ready to begin.” Sherlock says this to himself right before the case truly begins. This bit is probably one of the biggest fucking punches in the face and I wish I could save it for later but it was at the beginning of the episode and I said I’d do it in order. At the end of TST Sherlock texts Mary, The curtain Rises. The last act. Its not over.-SH Well, I guess we can all go home now…right? I mean, to me at least, this is huge. The “play” that Sherlock began to run through in his mind began in TAB, and the shooting of “Mary” was the begining of the last act. We will finish the last act in TLD. More on what the last act actually is composed of later…but I’ll give you a hint: mUAh!

5.) “Sometimes to solve a case, one must solve another.” This line comes directly after Sherlock yells at the Watsons to quit bickering. Then, after Watson inquires about the case, Sherlock tells him its an old case. Very old. On the surface, this looks like its just present day Sherlock peeking through to give the audience a clue as to what is going on, but it is also a reference to what is going to happen in TST. Sherlock uses an old case in TST to solve a new one. The Six Thatchers is a case that Sherlock solved during the events of A Scandal in Belgravia. He solved it years ago. Its very old.

6.) This one is more of a theme than an actual direct parallel but its important to mention. Mrs. Hudson complains multiple times about being a “plot device” and seems to feel very unappreciated in TAB. In TST she can’t take a picture properly and she is used as a plot device to help Sherlock be a better person with the whole “Norbury” code. The fact that this entire episode revolves around the theme of not taking women for granted or underestimating them (ahem, “Mary”), I think we can expect to see a lot more from Mrs. H soon. Good or Bad.

7.) Lestrade comes in to present the case to them, just as he does in TST. Except in TAB he is afraid, not embarrassed like SHerlock strangely deduced at first, where as in TST Lestrade does seem to be embarrassed about the fact that he can’t do his job and he can’t even take credit for someone else doing his job for him. Also, throughout TAB people are praising John for his stories in The Strand, and Lestrade brings up John’s blog in TST an alarming number of times.

8.) In TAB Sherlock wanted Lestrade to describe Emelia’s face to him, talking about the mouth in particular and in TST Sherlock drawed attention to MT’s mouth and claimed that maybe it was her face that made the vandal smash her bust.

9.) “Till death us do part, twice in this case.” I think Sherlock’s line here could be interpreted two ways. It could be referencing the fact that Sherlock has “died” twice and forced to part from John twice. Or it could be alluding to something that has yet to come. “Mary” dies in TST, but it is widely believed that she faked it somehow- just as Emelia did. If she then dies again (for real this time), Sherlock’s line would apply to her as well.

10.) “Secret Twin?” “Planned from the moment of conception? How breathtaking prescient of her!” It hasn’t been revealed yet, but Mary is definitely a twin or triplet. I wrote a thing on that here. They have also alluded to a long game being played. EDIT TO ADD: More and more evidence is coming out to support Mary being at the very least a sibling of Sherlock’s, if not his twin sister.

11.) When Sherlock breaks TAB character and says “How could HE do it,” John corrects him, with “She. You mean how could she do it.” Yes, he is talking about Emelia, but the writers are also making sure we remember there is a female villain that we need to keep an eye on and she will be doing something that confounds Sherlock. Like tricking him into liking her and making her is #2 BFF. EDIT to ADD:@wssh-watson pointed out that Sherlock also calls the dead son in TST a daughter instead of son when he meets with the parents for the first time.

12.)Lestrade tells Sherlock of the five people that died since the first murder, making it six total. In TST there are five people who have six total busts.

13.)Sherlock talks to an empty chair in TAB. He talks to an empty chair with a balloon floating in it in TST.

14.)The Watson’s have an unhappy and unfulfilling marriage is a theme in both episodes.

15.) Sherlock goes to see Mycroft in TAB twice, just as he does in TST. The first time both versions of Mycoft talk about understanding humans/human nature. The second time both versions of Mycroft discuss the true matter at hand with Sherlock. In TAB its Moriarty and in TST it’s Mary. He challenges his brother in both scenes and teases him for his emotional attachments.

16.) We also get this line from Mycroft “It is no easy thing for a great mind to contemplate an even greater one.” In the moment, we think he is talking about himself and how he is smarter than Sherlock and Sherlock is jealous, but just before the line Mycroft was telling Sherlock about someone named Adams who killed out of “murderous jealousy.” From Sherlock’s rapid deduction of Mrs. Norbury, we can deduce that this line is significant to TST’s “Mary” as well.

17.) I’m not going to get to far into this because there is a lot of interpretations, but Mycroft’s “tick tock” in TAB and the sound of a clock ticking in TST a couple times throughout the episode is a clear indication that we should be paying attention to time. That something isn’t right about time and its passage.

18.) In TAB Lady Carmichael thinks the situation with her husband, “Maybe a matter for a priest. In TST “Mary” refers to her child as the anti-christ. See twin meta above for more info on that.

19.) Another 5=death reference with the 5 pips in TAB. Yes, this is a TGG reference, but the person who held the fifth Thatcher bust was the only one who was murdered. Generally in BBC’s Sherlock, the number 5 means death.

20.) Eustace is a Mary Mirror. He says, “She’s come for me, she’s found me out” in TAB and the bride tells him he is going to die. AJ tells Sherlock he’s coming for “Mary” and that she is a dead woman walking in TST.

21.) During the nighttime stake out in TAB, Sherlock says something interesting. He says he would expect John’s line of questioning from a Viennese Alienist, but not from him. A Viennese alienist is a psychoanalyst. A therapist. Sherlock goes to see Ella at the end of TST. We also hear Redbeard in this scene.

22.) In TAB, Sherlock tells Watson to “Stay here” but he doesn’t listen. Lady C however is witness to the murder and screams at Sherlock, “You promised you’d keep him safe! You promised!” In TAB, Sherlock tells Watson to Come to the Aquarium immediately in his text message, but John he doesn’t listen because he stays back to find a sitter for the baby. He misses the shooting again, but this time its him, not his mirror, that yells at Sherlock, “You made a vow!”

So that’s the end of The Six Thatchers.

But, as I’m sure you’ve noticed, thats not the end of TAB. The Abominable bride continues and The final act has just begun in the fourth series. The play will resume in The Lying Detective and then end, leaving (hopefully) at least half an hour to deal with Sherlock waking up and relaying important information about Mary to John.

As for how TAB will relate to The Lying Detective, I can only make a few guesses.

Here they are:

Almost immediately after Sir Eustace is stabbed in TAB we get Sherlock taking drugs. He is high and imagines Moriarty in his flat. They have a conversation with a lot of parallels to other episodes and then Moriarty challenges Sherlock about what he is doing.

“Doesn’t this remind you of another case? What was that case? There’s nothing new under the sun. What was that case? Its on the tip of my tongue, its on the tip…”(insert gun blowjob here)

I know Moriarty is referencing his own case and how Sherlock is using Emelia to solve it, but there is nothing new under the sun. The Six Thatchers is a case that was already solved too. I think we’ll see Sherlock remembering some of the original TST case in an hallucination after being drugged in TLD. This situation will lead him down the path to Culverton Smith and that case plays out.

Supposedly back in present time, in TAB Sherlock then gives Mycroft a white pieces of paper with a list of the drugs he has taken on it. I think we can expect for there to be more white pieces of paper with drugs on them in TLD, but I also think he will return to life or wake up around this time as well. After or during the Culverton Smith case, when he realizes it isn’t real either.

Then Sherlock and John will talk, just as they do in Baker Street after Sherlock wakes up from his drugged out state in TAB. Watson tells him he is happy to play the fool for him, but that Sherlock needs to hold himself to higher standard. Its a pep-talk of sorts. I think this is a possible situation for the real John and Sherlock after Sherlock wakes up. Sherlock will be down on himself for not seeing it (Mary) and John will chastise him for his reckless behavior but ultimately make him feel better.

Then in TAB we have Sherlock running down the stairs telling John that Mary is in danger. John asks him if he is fit as Sherlock suddenly is overtaken with a pain in his chest (gunshot wound) and Sherlock responds, “For Mary? OF course. Never doubt that Watson, Never that.” I think this is a clever word play. He says she is in danger, but he doesn’t say what the danger is. In reality, Sherlock is the danger and when John asks him if he’s sure he’s up to it, Sherlock is like, “Bitch da fuq? That ho shot me!”

In TAB they then go off to meet Mary and they do the whole secret society thing where we learn how awesome women are and how stupid boys are for not appreciating them. I think here is where “Mary” in TLD will get a good speech about being underestimated and feeling proud at how clever she is and blah blah blah. TAB’s Sherlock even compliments Mary’s cleverness. Ultimately, the bitch goes down. We might get a three Garridebs moment, but I don’t see any evidence for that in TAB.

Soo…what’s left in TAB?

Waterfall. There’s always two of us. Mentions of marriage. Sherlock allows himself to fall. Hell he straight up jumps. He knows John will be there to catch him.

I think that means at the end of TLD we will get a love confession/kiss out of these two. They will kiss and be happy and Baker Street will be wonderful for all of three seconds before The Final Problem begins, where they will have to fight like hell to stay together.

Thanks for making it this far. It was a long one!

@monikakrasnorada @isitandwonder @gosherlocked @tjlcisthenewsexy @loudest-subtext-in-tv @yan-yae @ebaeschnbliah @may-shepard

#sherlock #the six thatchers #the lying detective #the abominable bride #tab #tst #tld #meta

311 notes · View notes

stogutrosenberry · 7 years

Text

Syphilis prevention vs. politics

Last week’s New York Times featured a great article on a syphilis outbreak in Oklahoma. Reporter Jan Hoffman documented some of the impressive work state health investigators are doing to contain the outbreak, from using Facebook to discern likely transmission routes to showing up at the homes of people with positive test results and offering them rides to treatment centers.

CDC warned earlier this year that syphilis rates are on the rise throughout the US. Primary and secondary syphilis, the disease’s most infectious stages, rose 19% in a single year (2014-2015), and that trend appears to be continuing. The majority of these P&S cases are among men who have sex with men, but rates are also rising among women and some newborns. Pregnant women with untreated syphilis can pass the disease to their fetuses; congenital syphilis, which can cause stillbirth as well as severe illness and death in infants, has also been increasing since 2012. CDC’s map shows Oklahoma as one as several states where the syphilis rate experienced a 101-200% change from 2011 to 2015; Oregon, Idaho, Utah, North Dakota, Nebraska, Kansas, Iowa, West Virginia, and Hawaii showed changes of more than 200% over the same time period.

Source: Centers for Disease Control & Prevention, 2017: CDC Call to Action: Let’s Work Together to Stem the Tide of Rising Syphilis in the United States

A few months before that, when CDC released its STD surveillance report for 2015 (read Kim Krisberg’s report on that here), the agency’s news release sounded an alarm:

“We have reached a decisive moment for the nation,” said Dr. Jonathan Mermin, director of CDC’s National Center for HIV/AIDS, Viral Hepatitis, STD, and TB Prevention. “STD rates are rising, and many of the country’s systems for preventing STDs have eroded. We must mobilize, rebuild and expand services – or the human and economic burden will continue to grow.”

In recent years more than half of state and local STD programs have experienced budget cuts, resulting in more than 20 health department STD clinic closures in one year alone. Fewer clinics mean reduced access to STD testing and treatment for those who need these services.

Chlamydia, gonorrhea and syphilis are curable with antibiotics. Widespread access to screening and treatment would reduce their spread. Most STD cases continue to go undiagnosed and untreated, putting individuals at risk for severe and often irreversible health consequences, including infertility, chronic pain and increased risk for HIV. STDs also impose a substantial economic burden: CDC estimates STD cases cost the U.S. healthcare system nearly $16 billion each year.

In other words, we’re failing to stop the preventable spread of STDs because the people in charge of budgets are being penny wise but pound foolish. For 2017, federal STD prevention funding suffered a $5 million cut (to $152 million), and President Trump’s proposed 2018 budget slashes it by 17%. In Oklahoma, the state legislature passed a 2018 budget that cuts the state health department budget by 3%.

Years of cuts to public health budgets are problematic on their own, but now they’re coupled with increased federal hostility to the programs and providers we need in order to address STDs (and other aspects of sexual and reproductive health) effectively. It’s not new for House Republicans to try to eliminate the Title X program, which funds reproductive healthcare for millions of low-income people, or to deny reimbursement to Planned Parenthood for services it provides to Medicaid beneficiaries, but this is the first time in a while they’ve had a president who’s likely to sign off on such destructive moves. Title X clinics performed nearly six million STD tests in 2014. Planned Parenthood provides more than 4.2 million tests and treatments for STDs — and, as Texas learned recently, there’s no easy replacement for Planned Parenthood.

As US Representative Nita Lowey (D-New York) noted in an opinion piece for The Hill, “The attacks on women’s health don’t stop at our own borders.” One of President Trump’s first executive actions was a worse-than-ever version of the global gag rule, which is harming many other countries’ efforts to reduce STD transmission — and as Zika cases have demonstrated, infections acquired in other countries can end up sexually transmitted here.

In addition to testing for and treating STDs, we also need prevention efforts that help people avoid unprotected sex. The Trump administration has attacked these, too, with abrupt early termination of Teen Pregnancy Prevention programs in communities across the country. As Kim Krisberg reported recently, grantees were testing and disseminating sexual health interventions aimed at improving sexual health, including strategies to reduce STDs and sexual violence. One of the projects facing early termination, she noted, is the Seattle-King County FLASH curriculum, which is in the process of rolling out to schools across the country and “is designed to be inclusive of LGBT students and is just as relevant for young people who decide to abstain from sex as it is for those who don’t.”

Among TPP grant programs — all of which appear to have lost funding — are three in Oklahoma. Choctaw Nation of Oklahoma is “replicating evidence-based teen pregnancy prevention programs in middle schools, high schools, and alternative schools in Choctaw, McCurtain, and Pushmataha counties, three counties in Southeast Oklahoma with some of the highest teen pregnancy rates.” Oklahoma City-County Health Department collaborates with local partners to bring elementary and middle schools evidence-based programs such as Cuidate!, Making Proud Choices, Making a Difference, Be Proud! Be Responsible!, Draw the Line/Respect the Line, and Sisters Saving Sisters. Youth Services of Tulsa, Inc. by 2020 aimed to serve 10,000 youth in middle school, high school, alternative school, juvenile detention, community-based, specialized, and clinic settings. Unless their TPP funding is restored or replaced, thousands of teens will miss out on important sexual health education as a syphilis outbreak threatens health in their state.

Evidence-based sexual health education that’s inclusive of LGBT students — or adults, for that matter — is especially important for stopping the spread of syphilis, given that the majority of cases are in gay and bisexual men and other men who have sex with men. Turning away from inclusive, evidence-based sex ed and taking an anti-LGBTQ tone, as this administration has done, risks cutting LGBTQ individuals off from information that can help them make healthy decisions when it comes to sex. “Abstinence-only sex ed and ‘no pro homo’ laws keeps kids in the dark, leaving them with bodies they don’t fully understand and experiences they have no context for,” writes BuzzFeed contributor John Paul Brammer. “I was uneducated — about gay sex, about consent — and that made me more vulnerable.”

Reading about hardworking Oklahoma public health investigators in the New York Times makes me proud of what public health can do — and fearful of how bad things will get as support for effective public health programs keeps eroding.

Article source:Science Blogs

0 notes

simonconsultancypage · 7 years

Text

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance

John Stark Reed

Readers undoubtedly are aware of the recent outbreak of ransomware incidents and the problems they present. The threat of ransomware attacks poses a host of issues, among the most significant of which is whether or not ransomware victims should go ahead and make the demanded ransomware payment as the quickest way to try to recover captured systems. In the following blog post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a comprehensive look that problems involved with making payments in response to a ransomware attack. A version of this article originally appeared on CybersecurityDocket.

I would like to thank John for his willingness to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit an article. Here is John’s guest post.

****************************

In the 2000 American thriller film Proof of Life, the title refers to a phrase commonly used to indicate proof that a kidnap victim is still alive. As an expert negotiator in kidnapping cases, Terry Thorne, played by Russell Crowe, is engaged to bargain for a corporate kidnap victim’s safe return.

The film Proof of Life is not just a compelling narrative – its premise and main character also provide some useful insights into managing the emerging threat of ransomware. Ransomware, a special and more nascent type of malware, prevents or limits users from accessing their data, by locking system screens or user files, unless and until a ransom is paid.

Proof of Life’s screenplay was partly inspired by Thomas Hargrove’s book The Long March to Freedom, which recounts how the release of the once-kidnapped Hargrove was negotiated by Thomas Clayton, the founder of his eponymous kidnap-for-ransom consultancy Clayton Consultants (now part of risk management firm, Triple Canopy).

Just like Clayton Consultants, the team advising a ransomware victim company, whether a hospital or global corporate conglomerate, must employ a thoughtful, careful and methodical protocol to survive the ransomware crisis. Like any hostage situation, when a cyber-attacker locks up critical data files, the logistics and legalities of ransomware refusal, acquiescence or capitulation can be both elaborate and complicated.

To make matters worse, seeking law enforcement help for a ransomware attack unfortunately remains a very limited option. First, law enforcement has become inundated with ransomware reports and lacks the resources and wherewithal to assist victims. Second, most of the ransomware attackers are overseas, where merely obtaining an electronic evidence or interviewing a witness, let alone successful extradition and prosecution, are rarely possible. Finally, ransomware demands are often at monetary levels in the hundreds or thousands of dollars – too small to warrant federal law enforcement consideration while clearly outside of the jurisdiction of local law enforcement.

Thus, it should come as no surprise that a significant number of ransomware victims opt to pay the ransom. When padlocked files are business-critical (e.g. an important intellectual property formula); when encryption cannot be defeated (no matter how good the code-breaker) or when time is of the essence (e.g. when patient data is needed for life-saving surgery), paying the ransom can become the proverbial best worst option. Moreover, the typically de minimus ransomware payment demands (on average, about $679) are more akin to a financial nuisance than a material fiscal line-item, so from a cost-benefit perspective, payment can make the most sense.

Under any circumstance, ransomware has quickly become a novel, multifaceted and emerging risk to all corporate enterprises, and like any other material risk, should be addressed and mitigated in a reasonable, lawful, robust and effective manner.

This article provides guidance on the legal issues, logistical considerations and financial implications when managing ransomware threats, including an exposition of the unique issues which can arise when seeking proof of life and opting to meet the monetary demands of ransomware attacker.

What is Ransomware?

Ransomware is a type of malicious software that infects a computer and restricts users’ access to certain data, systems and/or files until a ransom is paid. Ransomware can come in many forms and iterations and like any other virus or infection, ransomware can evolve and transmogrify to counter cyber-defenses and remediation. Although only a fraction of ransomware attacks are actually reported to federal authorities, the U.S. Department of Justice reports over 4,000 ransomware attacks occur daily.

A ransomware victim company’s files are rarely exfiltrated by a ransomware attacker, rather the attacker encrypts the files so a victim company cannot access them. Then the hacker offers to sell the encryption key to the victim, typically payable in an anonymizing online crypto-currency such as Bitcoin. The usual ransomware demand comes with a deadline — after which time, the ransomware attacker threatens that the key will be destroyed or will expire, rendering the kidnapped files forever inaccessible. In many cases the ransom note that hijacks the victim’s screen is accompanied by a digital clock ominously ticking down the minutes and seconds from 72 hours. When the timer expires, the ransom demand usually goes up or even doubles – or the data is permanently locked and henceforth unrecoverable.

Bitcoin and other convertible crypto-currencies have become the keystone to current ransomware schemes, rendering the transactions practically untraceable and well suited for criminal transactions. Unlike the sequence of events during to a common kidnapping scenario, where the exchange of money arguably places criminals in their most vulnerable position, virtual kidnapping of ransomware actually facilitates anonymity throughout the Bitcoin transaction process.

Ransomware Growth

According to a recent study by IBM, spam emails loaded with ransomware increased 6,000 percent in 2016 compared with 2015, comprising almost 40 percent of all spam messages in 2016. Another report, from cybersecurity firm Symantec, cited 460,000 ransomware attempts in 2016, up 36% from 2015, with the average payment demand ballooning from $294 to $1,077, a 266% increase. Ransomware attacks have grown almost exponentially for several reasons:

The ransomware business model works, with the FBI stating that ransomware is on pace to become a one billion dollar source of income for cybercriminals in 2017;

Ransomware start-up costs are cheap. Ransomware software is readily and easily available – and is extraordinarily inexpensive. Ransomware is available for rent; for purchase or even in kits for building. Indeed, 60 percent of the Internet’s top sites sell ransomware; and

Ransomware schemes are typically successful. One recent study found that 70 percent of business victims paid the hackers to get their data back. Of those who paid, 50 percent paid more than $10,000 and 20 percent paid more than $40,000.

Ransomware attacks target the most vulnerable part of a company’s computer networks: people. The primary attack vector for ransomware is an employee who has clicked on a file or a linked he or she should not have clicked. That employee may be:

An accidental insider (e.g. an inattentive employee infiltrated due to inadvertent behaviors or broken business processes);

A compromised insider (e.g. a targeted employee via social engineering and infiltrated due to malware infections or stolen credentials); or

A malicious insider (e.g. a so-called bad leaver or criminal insider who infiltrate via corporate espionage and sabotage).

Ransomware is sometimes embedded in seemingly legitimate downloads such as software updates or resume files. Fake Adobe Flash updates are a notorious Trojan horse for delivering ransomware because Flash is such a ubiquitous add-on to most Internet browsers. Once inside a network, some ransomware can seed itself to additional computers or other devices via SMS messages or a user’s contact list.

What makes ransomware countermeasures challenging is the evolution of ransomware variants. There has been a tremendous increase in ransomware strains – reaching almost epidemic proportions. Indeed, new ransomware strains are now being created to tap into the mobile user base, which can impact both personal and business information, already dramatically expanding the ransomware threat landscape, diversifying and expanding their platforms, capabilities and techniques in order to accrue more targets.

Per recent reports, in the third quarter of 2011, about 60,000 new variants of ransomware were detected. That number doubled to over 200,000 in 2012; quadrupling to over 700,000 variants from 2014, to the first quarter of 2015. In the first quarter of 2016, security firm Kaspersky Lab revealed 2,900 new “modifications” of existing ransomware, a 14% increase from the last quarter, and a 30% increase from the previous quarter.

As the Internet of Things begins to establish a foothold in daily life, ransomware growth seems poised to become more severe and more widespread. Market forecaster Gartner expects 6.4 billion connected devices will surround us in the home and workplace this year, a $30 billion market by the year 2020. This growing network of Internet-connected household devices, from Samsung refrigerators to Nest thermostats, will undoubtedly render individuals and corporations increasingly vulnerable to ransomware attacks.

Recent Ransomware Attacks

While ransomware has beleaguered victim companies for much of the last decade, a recent global spate of ransomware attacks has prompted intense media coverage and worldwide apprehension and concern.

For instance, in April 2017, a ransomware group known as Shadow Brokers coopted a ransomware exploit (nicknamed Eternal Blue) from the U.S. National Security Agency, and took advantage of a Windows vulnerability, targeting a wave of hospitals. The ransomware extortion demands impacted more than just corporate operations and secrets; suddenly, a cyber-attack impacted the lives of sick hospital patients, prompting an almost international hysteria.

The vulnerability, patchable for new Microsoft systems but not necessarily for older systems upon which many hospitals were running, was dubbed “WannaCry” or “WannaCrypt” ransomware, and according to Europol, claimed over 200,000 victims in over 150 countries.

Similarly, in late June 2017, another strain of ransomware hit at least six countries, including and primarily Ukraine, where it was blamed for a large and coordinated attack on key parts of the nation’s infrastructure, from government agencies and electric grids to stores and banks. According to Microsoft, this outbreak, referred to as NotPetya – aka SortaPetya, Petna, ExPetr, GoldenEye, Nyetya and Diskcoder.C – resulted in “a less widespread attack” than WannaCry, aka WannaCrypt.

As a result of NotPetya ransomware, A.T.M.’s in the Ukraine apparently stopped working; workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed; and data security personnel at companies around the world — from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States — were reportedly scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.

Though more sophisticated than WannaCry and employing the same Eternal Blue server message block exploit, NotPetya’s global impact was reportedly blunted by its own limited attack capabilities (e.g. by a default setting, the infected system reboots after 60 minutes, and the malware does not persist after the reboot). “This means that the threat can only do lateral movement and exploitation of other machines during this limited time,” Microsoft says. “This reduced the reach of the attack.”

Law Enforcement and Ransomware: The Official View

The official line from federal law enforcement with respect to Ransomware is: Report the Incident and Don’t Pay. Specifically, the FBI warns:

“The FBI doesn’t support paying a ransom in response to a ransomware attack . . . Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. [B]y paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

The FBI also warns that paying ransomware does not guarantee that a victim company will obtain from the attacker a working key to rescue their data. The FBI is aware of cases where either the attackers fail to hand over the correct decryption key or are unwilling to comply with the original ransomware demands after payment is received. According to Trend Micro research, nearly 33 percent of firms that pay the ransom when attacked by ransomware fail to get their data back. The FBI also urges ransomware victims to report ransomware attacks immediately and seek help from the FBI in handling the situation.

Along similar lines, during an emergency meeting to address the WannaCry ransomware attacks, Tom Bossert, Homeland Security Advisor to President Donald Trump, discussed the perils of ransomware payment, and warned that victims could still lose access to files even after making a payment:

“Well, the U.S. government doesn’t make a recommendation on paying ransom, but I would provide a strong caution. You’re dealing with people who are obviously not scrupulous, so making a payment does not mean you are going to get your data back.”

Law Enforcement and Ransomware: The Unofficial View

In some public settings, the FBI has warned that, without paying a ransom, victim companies may not be able to unlock their kidnapped data from ransomware attackers who use Cryptolocker, Cryptowall and other potent malware strains.

“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people to just pay the ransom . . . The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”

Indeed, the Ponemon Institute reported in a 2016 study that 48% of businesses victimized by ransomware paid the ransom (average ransomware payment being $2,500), while a similar IBM Security study found that 70 percent of business victims paid the ransom during that same period.

Even some law enforcement officials themselves have decided to cut their losses by paying off the purveyors of ransomware. For instance, in the Massachusetts townships of Tewksbury and Swansea, ransomware attackers made off with $500 and $750 bounties, respectively. Elsewhere, police departments in the Chicago suburbs of Midlothian and Dickson County, Tenn., also paid ransom amounts to ransomware attackers. That even law enforcement officials have opted to cut their losses by succumbing to, and paying off, ransomware attackers demonstrates how oddly commonplace ransomware payments have become.

Counsel as Quarterback for Ransomware Response

Ransomware is a crime, has significant regulatory implications and can involve important legal responsibilities and liabilities. At a minimum, ransomware schemes run afoul of the federal computer crime statute, 18 U.S.C. § 1030, and particularly subsection (a)(7), which forbids hacking intended to extort something of value from the victim.

Above all else, the legal ramifications of any ransomware incident or failure can be calamitous for any public or private company. Even the most traditional realms of IT dominion such as exfiltration analysis, malware reverse engineering, digital forensics, logging review and most technological remediation measures are rife with legal and compliance issues and a myriad of potential conflicts.

For instance, after a cybersecurity incident such as a ransomware attack, law enforcement, regulators, vendors, partners, insurers, customers and others may:

Request forensic images of impacted systems;

Demand copies of indicators of compromise;

Mandate that their own auditors or examiners visit sites of infiltration and conduct their own audit and investigation;

Want to participate in remediation planning;

Seek interviews and interactions with IT personnel;

Require briefings from a victim company’s forensic experts and data security engineers; or

Ask to attach a recording appliance to a victim company’s network in hope of capturing traces of attacker activity, should an attacker return.

These requests raise a host of legal issues, including how exactly to respond to each request and whether any response would violate the privacy of customers; be at odds with commercial agreements; result in a waiver of the attorney-client or work product privileges; or have any other legal/compliance consequences.

Because so many incident response issues are critical to the very survival of a company, who else but the GC can oversee and direct investigative workflow, commanding the investigation and remediation for the C-suite, sharing with senior management the ultimate responsibility for key decisions, while having the responsibility and duty of reporting to the company’s board.

Ransomware and the Attorney-Client Privilege

Attorney involvement, awareness, leadership, and direction are not the only essentials for managing the quagmire of legal issues arising during a ransomware response. GC involvement also triggers the protections afforded by the attorney-client and work product privileges, a critical component in the response to data security incidents.

The involvement and direction of counsel in the context of any investigation will presumably apply to the work product produced not only directly by the legal team members but also by the outside advisors, including the digital forensic investigators engaged by internal or outside counsel.

This is standard practice in the context of any other type of investigation – a cyber incident is no different. There is nothing nefarious or extraordinary about this approach, it is a time-honored and tested standard operating procedure. The involvement of counsel establishes a single point of coordination and a designated information collection point.

Counsel as quarterback of ransomware response also enhances visibility into the facts, improves the ability to pursue appropriate leads and, most importantly, ensures the accuracy and completeness of information before it is communicated to external audiences. Otherwise, incomplete and/or inaccurate information could be released, only to have to later be corrected or even retracted.

Ransomware Notification Requirements

Although typically involving locking up data (rather than accessing, targeting or exfiltrating data), a ransomware attack could still be deemed the type of data security incident which triggers a legal notification requirement, including notice to:

State regulators (per state privacy statutes, rules and regulations);

Shareholders (per SEC disclosure obligations);

Vendors, partners and other entities (Many companies now incorporate rigorous cybersecurity notification requirements into their contracts, which can trigger when a victim company experiences a ransomware attack.);

Insurance carriers (especially if a victim company plans to make an insurance claim, relating to the ransomware attack);

Customers (when the data of a customer, such as a hospital patient, is impacted by a ransomware attack, a victim company may have very specific legal obligations to notify that customer); and

Any other constituency who may have a vested interest in a victim-company.

With respect to state regulatory notifications there is some grey area worthy of mention. In the United States, 52 jurisdictions (including 48 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands) have enacted some version of a data breach notification law. Under these laws, notification may be required for any customer whose personally identifiable information (PII) was acquired or accessed, or reasonably likely to have been acquired or accessed. While most states require some form of notice to their residents of a data breach, depending on applicable legal standards, some states also require notification to public agencies, such as the state attorney general.

The threshold issue is a technological one – probably best determined by a digital forensics expert and couched in legal terms. For instance, if the data is encrypted or otherwise “locked” through an automated process, companies could argue that the data was never accessed by an unauthorized party, which is the standard that typically triggers state breach notification laws.

On the other hand, though the mere encryption of data may not trigger the notification rules, the viewing, copying, relocating and altering of information can. Digital forensics and malware reverse engineering can provide some clue with respect to the impact of a ransomware attack and help assess some of the lesser state thresholds (such as in states like Connecticut, Florida, Kansas, Louisiana and New Jersey) where the definition of a breach also includes accessing of protected health information.

With respect to some of the more onerous and specific federal notification rules, such as under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), digital forensics analysis can also provide critical information relating to disclosure requirements. For instance, HHS rules generally state that hospitals need only report attacks that result in the exposure of private medical or financial information, such as malware that steals data. Whether ransomware’s data encryption crosses that legal threshold can be challenging to determine, which is why ransomware attacks and other data security incidents at health care organizations often go unreported.

In addition, under the new EU General Data Protection Regulation, effective May 25, 2018, there is a requirement to notify the supervisory authorities without undue delay (no later than 72 hours) after becoming aware of a data breach, unless it is unlikely to cause a risk to the affected individuals. The fines for violating this regulation are significant—up to 4% of global annual turnover or €20 million (whichever is the higher), so any late notification will need to be justified.

Ransomware Investigative Tactics

While determining the bona fides of a ransomware strain is always challenging, an experienced digital forensic examiner can find some answers by searching for some of the more typical cyber-indicators. Ransomware malware is characteristically a type of tool, which is not only known to most professionals, but may even be readily available for purchase online. If the name and modus operandi of the ransomware is new or otherwise unknown, rather than a victim firm being “patient zero,” the ransomware may turn out to be bogus.

Digital forensic experts can also research the Bitcoin payment address; the malware message; any relevant phishing emails; and any other of the ransomware’s characteristics in data security research forums and internal archives, to analyze recent commentary about the ransomware and test its efficacy and validity.

There are also a range of digital forensics tests to initiate upon an infected file to assess a ransomware strain’s actual efficacy. For instance, one simple test is to return the file name to its original form. Real ransomware changes the file extension of encrypted files. The Ransomware files may not be encrypted but just renamed to provide the illusion of encryption to cajole a ransom payment. A digital forensics expert can also investigate the severity of the attack; reverse-engineer the malware that has taken control of victim data; and attempt a full-fledged data recovery.

Ransomware Payment

In cases where a particular ransomware attack cannot be fully mitigated, an experienced digital forensics firm can broker and validate a solution that minimizes the cost of recovery and prevents further extortion from the attacker.

Paying off the ransomware attackers typically entails: 1) sending the secret ransomware key file now stored on the victim’s computer; 2) uploading that file (or data string) to the attackers together with a Bitcoin payment; and 3) awaiting a decryption key or a tool a victim can use to undo the encryption on the victim company files. This is a complex and challenging process.

First off, a digital forensics firm can help a ransomware victim navigate the maze of setting up an account to handle Bitcoin, getting it funded, and figuring out how to pay other people with it. A digital forensics examiner may even be able to construct a payment scheme where rendering ransomware payments is conditional. By using cryptocurrency features to ensure that ransomware attackers cannot receive their payment unless they deliver a key, there can exist some added level of security and reliability upon the transaction. One ransomware response expert, notes:

“ . . A ransomware developer could easily perform payment via a smart contract script (in a system like Ethereum) that guarantees the following property. This payment will be delivered to the ransomware operator if and only if the ransomware author unlocks it — by posting the ransomware decryption key to the same blockchain.”

Ransomware attackers may portray the entire ransomware payment process as more akin to an ordinary business transaction than an international extortion scheme. In fact, some recent ransomware attackers purportedly even offer a victim company a discount if the victim company transmits the infection to other companies, just like referral programs of Uber or Lyft.

However, while a ransomware payment process may seem straightforward and rudimentary, the reality is far more complicated and rife with challenges. No ransomware payment process can guarantee that the ransomware attacker will provide a decryption key. The ransomware scheme may be nothing more than a social engineering ruse, more like an old fashioned Nigerian Internet scam than a malware infection – and the payment could end up being all for naught.

Indeed, ransomware attackers may no longer have the encryption key or may just opt to take a ransom payment, infect a company’s system, and flee the crime scene entirely. Not only is the system of paying in untraceable Bitcoin risky, but the transaction in its entirety is so risky, it hardly seems palatable. Nonetheless, the number of victim companies that pay ransomware demands continues to grow at an alarming rate.

The Legalities of Ransomware Payment

Though the FBI has hinted at the possible illegality of paying a ransomware demand, the FBI has never specifically stated that the payer could actually be charged with a crime. It would seem rather obvious that with respect to any criminal statute, actions taken under duress do not ordinarily constitute a crime. Moreover, the ransomware attacker possesses the criminal intent, not the victim who agrees to pay. However, there is little specific legal authority on the subject of payment and negotiation with ransomware attackers, so the legalities of payment are worthy of some analysis.

In general, legal commentary and case law regarding ransom payments is limited. However, in a germane 2011 British case, Masefield AG v Amlin Corporate Member Ltd (The Bunga Melati Dua), relating to maritime piracy and ransom demands for safe return of the vessel and crew, the court faced a somewhat analogous scenario. Specifically, the British Court of Appeal held that there was no general public policy argument against paying ransoms, stating that:

“…there is no universal morality against the payment of ransom, the act not of the aggressor but of the victim of piratical threats, performed in order to save property and the liberty or life of hostages. There is no evidence before the court of such payments being illegal anywhere in the world. This is despite the realization that the payment of ransom, whatever it might achieve in terms of the rescue of hostages and property, itself encourages the incidence of piracy for the purposes of exacting more ransoms. (Perhaps it should be said that the pirates are not classified as terrorists. It may be that the position with regard to terrorists is different).”

Though addressing hostage ransoms, and not ransomware, former President Barak Obama provided a similar message in his Statement by the President on the U.S. Government’s Hostage Policy Review (June 24, 2015):

“I firmly believe that the United States government paying ransom to terrorists’ risks endangering more Americans and funding the very terrorism that we’re trying to stop. And so I firmly believe that our policy ultimately puts fewer Americans at risk. At the same time, we are clarifying that our policy does not prevent communication with hostage-takers — by our government, the families of hostages, or third parties who help these families . . . In particular, I want to point out that no family of an American hostage has ever been prosecuted for paying a ransom for the return of their loved ones. The last thing that we should ever do is to add to a family’s pain with threats like that.”

Ransomware and the FCPA

The Foreign Corrupt Practices Act of 1977 (FCPA) prohibits payments to foreign government officials to assist in obtaining or retaining business or directing business to any person. Laws such as the FCPA reflect an alternative approach to deterring bribes, by penalizing those on the payment side of the transaction.

Specifically, the FCPA prohibits giving something of value for the purpose of: “(i) influencing any act or decision of [a] foreign official in his official capacity, (ii) inducing such foreign official to do or omit any act in violation of the lawful duty of such official, or (iii) securing any improper advantage … to obtain or retain business for or with … any person.” The law provides an affirmative defense for payments that are “lawful under the written laws and regulations” of the country.

Given the FCPA threshold requirement that a payment must be made to assist in obtaining or retaining business for the individual or company or directing that business to another person, a ransomware scenario does not appear to trigger the FCPA.

However, FCPA’s enforcement can provide a useful analogy when considering the legalities of paying a ransomware demand. U.S. companies often face extortionate demands from foreign police, bureaucrats, and regulators, who threaten to hold, expel, or even harm employees if ransoms are not paid. And there have always been questions whether those involuntary payments can violate the FCPA. The DOJ-SEC Guidance on FCPA addresses this issue, stating:

“Does the FCPA Apply to Cases of Extortion or Duress? Situations involving extortion or duress will not give rise to FCPA liability because a payment made in response to true extortionate demands under imminent threat of physical harm cannot be said to have been made with corrupt intent or for the purpose of obtaining or retaining business.”

This notion, that under FCPA an individual is not guilty of a criminal offense when forced to do so by duress or extortion, is confirmed in United States v. Kozeny, 582 F.Supp.2d 535, 540 (S.D.N.Y. 2008). Specifically, in the Kozeny decision, the United States District Court for the Southern District of New York ruled that extortion or duress under the threat of imminent physical harm would excuses the conduct (essentially negating a corrupt intent), stating:

“ . . . while the FCPA would apply to a situation in which a “payment [is] demanded on the part of a government official as a price for gaining entry into a market or to obtain a contract,” it would not apply to one in which payment is made to an official “to keep an oil rig from being dynamited,” an example of “true extortion.” The reason is that in the former situation, the bribe payer cannot argue that he lacked the intent to bribe the official because he made the “conscious decision” to pay the official. In other words, in the first example, the payer could have turned his back and walked away—in the latter example, he could not.”

Whether the “economic duress” of a typical ransomware attack would rise to the level of “true extortion” as described in the Kozeny decision remains untested, and might be viewed as insufﬁcient to excuse conduct from sanctions under the FCPA.

The FCPA could also potentially apply in ransomware scenarios where the cyber-criminal has a known connection to a foreign government. While the concealed identity of cyber-criminals involved in ransomware attacks likely prevents a payer from knowing that a payment violates the FCPA, the issue could still arise when a digital forensic expert identifies a ransomware attacker’s modus operandi to be that of a state sponsored organization (e.g. from Russia, North Korea or Iran).

Foreign Sanctions and Ransomware

Like the FCPA, international sanctions regimes are also designed to prevent payments to certain designated payees, institutions, and countries who are enemies of the U.S, such as terrorists and terrorist organizations. In the United States, the Treasury’s Office of Foreign Asset Controls (OFAC) supervises these programs, such as the Trading with the Enemy Act and the International Emergency Economic Powers Act (IEEPA).

Under these Acts, ransom payments (whether directly or indirectly through an intermediary) to Foreign Terrorist Organizations (FTOs) or Specially Designated Global Terrorists (SDGTs) identified by OFAC, are illegal under U.S. law. Monetary contributions to FTOs are considered material support under 18 U.S.C. 2339B, while transfers to SDGTs are violations of economic sanctions imposed pursuant to the IEEPA.

For example, in a February 2017 cyber-attack against the British National Health System, the attackers appeared to be ISIS and in particular, the Tunisian Falange Team, which posted graphics and pictures decrying at the war in Syria. Whether a similar attack against a U.S. hospital, with a similar evidentiary trail indicating terrorist attribution, would trigger the limitations imposed OFAC is unclear and untested. However, any digital forensic findings of a ransomware attack indicating terrorist attribution or involvement is certainly worthy of consideration when contemplating a ransomware payment.

Ransomware and Conspiracy

Whether a payer of a ransomware demand can be held to have entered into a conspiracy with the ransomware attacker seems unlikely and contrary to the public interest. A conspiracy is an agreement with another that a criminal course of conduct is to be pursued. Ransomware payments do not appear to be the kind of agreements contemplated by conspiracy statutes, but instead are forced arrangements dictated by a ransomware attacker.

However, other profiting and culpable participants in the Bitcoin payment scheme to pay a ransomware attacker might find themselves facing criminal penalties. Anthony Murgio, who recently pled guilty to operating as a money transmitter without a license in 2015, was also charged with violating Title 18 U.S.C., Section 1030(a)(7) and sentenced to 5 ½ years in prison. Federal prosecutors alleged that Murgio and his co-conspirators benefitted from transactions providing victims with Bitcoin to pay off ransomware demands. The Murgio indictment states:

“As part of the unlawful Coin.mx scheme, Anthony P. Murgio, the defendant, and his co-conspirators knowingly processed and profited from numerous Bitcoin transactions conducted on behalf of victims of ransomware schemes…By knowingly permitting ransomware victims to exchange currency for Bitcoins through Coin.mx, Murgio and his co-conspirators facilitated the transfer of ransom proceeds to the malware operators while generating revenue for Coin.mx.”

Unlike a ransomware payer, Murgio was a part of the payment process and clearly facilitated the ransomware transactions with unclean hands – possessing the kind of felonious intent required for money laundering criminal liability. Crypto-currency sellers or exchange operators may be caught up in legal trouble if: they have avoided or neglected reporting requirements or have not registered as a money transmission business (like Murgio), or, if they were criminally complicit with the ransomware attackers.

The distinction seems clear: if a Bitcoin seller actively aided and abetted a ransomware attacker, knowingly profiting from the scheme, the Bitcoin seller could be criminally liable. However, if a digital forensics firm made Bitcoin available to a client and provided technical advice as to how to pay in Bitcoin, then, like Thomas Clayton in Proof of Life, criminal liability seems wholly inappropriate.

Ransomware: To Pay or Not To Pay

For now, it seems that paying ransomware, while obviously risky and empowering/encouraging ransomware attackers, does not appear to break any laws – and even if payment is arguably unlawful, seems unlikely to be prosecuted. Thus, the decision whether to pay or ignore a ransomware demand, seems less of a legal, and more of a practical, determination — almost like a cost-benefit analysis.

The arguments for rendering a ransomware payment include:

Payment is the least costly option;

Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);

Payment can avoid being fined for losing important data;

Payment means not losing highly confidential information; and

Payment may mean not going public with the data breach.

The arguments against rendering a ransomware payment include:

Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;

Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;

Payment can do damage to a corporate brand;

Payment may not stop the ransomware attacker from returning;

If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and

Using Bitcoin to pay a ransomware attacker can put organizations at risk. Most victims must buy Bitcoin on entirely unregulated and free-wheeling exchanges that can also be hacked, leaving buyers’ bank account information stored on these exchanges vulnerable.

Ransomware Remediation

There are a slew of basic steps companies should take as preemptive measures to avoid falling prey to ransomware, including backing up systems and employing the latest cybersecurity measures. Other measures include:

Updating operating systems, software patching, antivirus programs and firewalls;

Taking steps to detect and block ransomware through firewalls and intrusion detection monitoring, including setting alerts for anomalous behavior;

Revisiting backup protocols to ensure that a crypto-attack is classified as a potential disaster with appropriate contingency plans;

Enabling popup blockers;

Employing IT professionals or consultants familiar with ransomware, who stays current with evolving iterations and variants; and

Implementing a strong password policy requiring all users to regularly change passwords and require more complex passwords, i.e. mixture of lower and uppercase letters, numbers, and symbols;

Reviewing and auditing all network permissions in your network while updating and deactivating all user accounts regularly, including departing employees;

Rigorous employee education and outreach;

Securing long and short-term backups, stored in a manner detached from a company’s network;

Intense screening of partners and vendors to ensure strong security procedures from associated third parties;

Thoughtfully and securely segmenting sensitive user and corporate data within a corporate network; and

Changing network and Wi-Fi passwords regularly.

Along the same lines, the FBI urges organizations to be vigilant keeping browsers, operating systems and third-party application patch levels up to date, and that antivirus protection is also current. The FBI also suggests companies back up often, lock down access granted to individuals and manage configuration of file systems, directories and network shares appropriately.

By setting snares and “honeypots” for would-be ransomware attackers, companies can go so far as to employ drastic and direct preemptive measures. For example, Deception Technology sets its trademarked HackTraps to misdirect ransomware attackers and prevent them from going deeper into a corporate network and reaching their intended target. These traps can be as simple as a document with a deceiving title that was created exclusively to lure in the cybercriminals.

A digital forensic expert can also help a victim company develop and implement a containment plan to isolate any additional infections and provide strategic recommendations to prevent further ransomware attacks and otherwise mitigate their impact.

It may be hard to believe, but when handled correctly, a customer data compromise or data security incident like a ransomware attack can actually become the kind of successful failure that not only prompts remediation that strengthens technological infrastructure, but also reinforces a firm’s commitment and focus upon its customers, partners and other fiduciaries.

Ransomware and Business Continuity Plans

The critical importance of a business continuity plan in the event of a natural disaster is widely recognized and accepted. Yet, too often, such plans are not evaluated in the context of assessing cybersecurity risks such as ransomware.

Even when an organization’s IT cybersecurity response fully aligns to IT best practices, there are benefits in utilizing or integrating IT’s response into the existing business continuity structure, rather than having two separate response models. Speed and agility are key enablers in ransomware response, and business continuity enables nimble, rapid response limiting financial and reputational impact on the enterprise.

A powerful business continuity plan, which is properly integrated with an incident response plan, contemplates the threat of ransomware and plans for data recovery, such as with specialized back-up data systems that are routinely tested and updated as necessary.

Ransomware and Cyber Insurance

Like any other corporate risk, companies are beginning to realize that the financial, operational and even reputational risks of a ransomware attack can be addressed via a comprehensive and targeted cyber insurance policy. Over 60 insurance companies now offer cyber insurance, many containing specific provisions addressing ransomware. In 2015, ransomware accounted for just over 10% of cyber insurance claims, but in 2016 that figure grew to 25%.

Currently, most cyber insurance policies are modular, which means an organization chooses from a menu of coverage options, such as business interruption, third party liability for privacy breaches and first party coverage for an organization’s own costs to detect, stop, investigate and remediate a network security incident.

Ransomware typically falls under “first party” liabilities as cyber extortion and network interruption. When making a cyber insurance claim for ransomware, a victim company should be prepared to demonstrate that: the ransom has been surrendered under duress; the incident is not a hoax; there was c-suite participation in the ransomware payment decision; the insurance company approved of the ransomware payment plan; and the ransomware attack was reported to law enforcement.

Making an insurance reimbursement claim for a Bitcoin payment is also tricky, even with respect to valuation and execution. Challenges include proving to an insurance company: that a Bitcoin payment was made; that a Bitcoin payment was for a particular amount of U.S. dollars; and that a Bitcoin transaction was documented in an acceptable and verifiable manner.

Thus, a ransomware victim company may have to engage a professional intermediary to pay the attackers, and then seek reimbursement for the fees paid to the digital intermediary. Otherwise, an insurer might have no way to audit a process involving Bitcoin and therefore refuse to recompense Bitcoin payments. Cyber insurance might also not cover the full amount of the ransomware or may have in place a high deductible amount (for large organizations the deductible could be $500,000 or as high as $5 million).

Without a specific ransomware cyber insurance policy, a victim company would have to look to the breadth of their professional liability and other insurance policies, which can give rise to ambiguities and disputes. For example, the presence of any sort of terrorism exclusion can become problematic. For instance, insurance policies may have “acts of foreign enemies” or “government acts” exclusions that can limit reimbursement if the ransomware was distributed by cyber-attackers tied to a foreign government;

In addition, whether a ransomware victim company must show “physical damage” can also become an issue. In the typical ransomware scenario, a victim company’s data is not actually damaged but is rather, “locked.” An insurance company may argue that like other cyber-attacks, where a victim’s data was accessed, but not otherwise disturbed, altered or exfiltrated, then the victim has no insurance claim; and

Some companies who do not have cyber insurance, may turn to their kidnap insurance for coverage relating to ransomware attacks. Kidnap policies, known as K&R coverage, are typically used by multinational companies looking to protect their staff in areas of danger, such as where violence related to oil and mining operations is common (like parts of Africa and Latin America).

K&R policies, which typically do not have deductibles, can cover the ransom payments as well as crisis response services, including getting in touch with criminal and regulatory authorities. Whether K&R coverage, which was not designed for ransomware, will cover ransomware costs and expenses will always be a matter of the specific policies involved.

To get the most out of cyber coverage for ransomware attacks, companies should work closely with their brokers, their insurers, their outside counsel and their own internal experts and executives to fully understand their particular ransomware risks. For now, the most effective cyber insurance policies are bespoke, and given the rapidly evolving nature of cyber-attacks, will continue to require custom-tailored fitting for quite some time.

Just like other kinds of insurance, ransomware coverage by itself will rarely be enough to make a company whole after a cyber-attack, but it can provide critical financial resources. Moreover, when coupled with a thoughtful and diligent incident response, a sound ransomware insurance policy can send a powerful message of strong business acumen; fierce customer dedication; and steadfast corporate governance, demonstrating profound expertise to the marketplace, shareholders, regulators and the many other interested corporate stakeholders.

Final Thoughts

When confronted with a ransomware attack, the options all seem bleak. Pay the hackers – and the victim may not only prompt future attacks, but there is also no guarantee that the hackers will restore a victim’s dataset. Ignore the hackers – and the victim may incur significant financial damage or even find themselves out of business. The only guarantees during a ransomware attack are the fear, uncertainty and dread inevitably experienced by the victim.

Even under the best-case scenario, where a victim has maintained archives and can keep their business alive, the victim companies will incur significant remedial costs, business disruptions and exhaustive management drag. Moreover, having a back-up storage solution in place is not always ideal; not only can outside storage of data create additional cybersecurity risks, but sometimes data archives are more like the proverbial roach motel, where data checks in but it can’t check out.

No doubt that the ease, anonymity and speed of crypto-currency payments such as Bitcoin, has revolutionized the ransomware industry, prompting its extraordinary growth. Bitcoin not only makes it simpler to remain anonymous, but also enables a nameless payment mechanism where the extorted funds can be immediately transferred into criminal hands.

Transactions in crypto-currencies like Bitcoin lack a discernable audit trail and operate outside of regulated financial networks and are alarmingly unregulated. There is no central issuer of Bitcoins, nor a Federal Reserve of Bitcoins monitoring and tracking transactions or controlling their value. In short, government surveillance and regulation of cryptocurrency is virtually nonexistent (no pun intended) and so long as crypto-currency payment schemes exist, ransomware attacks and iterations will likely continue to thrive.

Though too early to tell, there may emerge some form of Bitcoin regulation via Executive Order No. 13,694 (April, 2015), which expands sanctions to include “blocking” the property of persons engaging in “Signiﬁcant Malicious Cyber-Enabled Activities.” The order declares a “national emergency” to deal with cyber-enabled threats and extends to the assets of those who “have materially assisted, sponsored, or provided ﬁnancial, material, or technological support for, or goods or services in support of, any [malicious cyber-enabled activities].”

Given that ransomware Bitcoin payments are made to cyber criminals, per Executive Order 13,694, the U.S. Secretary of the Treasury, the U.S. Attorney General and/or the U.S. Secretary of State could freeze or “block” assets of any participant in the Bitcoin financial chain. Such dramatic government intervention could discourage the purveyors of ransomware attacks, who depend upon Bitcoin for receiving payments.

The government could also take additional steps to combat ransomware such as:

Providing financial incentives for private investment in ransomware prevention and remediation technologies;

Speaking more boldly discouraging ransomware payments that monetize crime, perhaps via the Financial Crimes Enforcement Network (FinCen) or via a task force of state and federal law enforcement agencies; or

Creating new legal penalties for ransomware payments in a manner similar to the FCPA, rendering the option of paying ransom costlier, thus nudging firms toward choosing greater security.

But these government measures are theoretical and even if implemented, might still not sojourn the dramatic growth of ransomware. The reality is that when it comes to ransomware attacks, the government seems idle and relatively powerless, which means ransomware victims are unfortunately on their own. So what should companies do to manage the increasing risk of the current ransomware crime wave?

As would probably be preached by Thomas Clayton (or Russell Crowe), companies struggling with ransomware threats should apply the same lessons to ransomware protection that Clayton uses for employee protection: Be prepared (e.g. deploy back-ups and the like); Be thoughtful (e.g. use professionals to implement preemptive measures and help handle the response); and Be vigilant (e.g. never underestimate the impact of ransomware and never take the threat lightly).

John Reed Stark is President of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology and crime, and for five years as managing director of a global data breach response firm, including three years heading its Washington, D.C. office. Mr. Stark is the author of, “The Cybersecurity Due Diligence Handbook,” available as an eBook on Amazon, iBooks and other booksellers.

The post Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance appeared first on The D&O Diary.

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance published first on http://ift.tt/2kTPCwo

0 notes

golicit · 7 years

Text

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance

John Stark Reed

****************************

What is Ransomware?

Ransomware Growth

The ransomware business model works, with the FBI stating that ransomware is on pace to become a one billion dollar source of income for cybercriminals in 2017;

An accidental insider (e.g. an inattentive employee infiltrated due to inadvertent behaviors or broken business processes);

A compromised insider (e.g. a targeted employee via social engineering and infiltrated due to malware infections or stolen credentials); or

A malicious insider (e.g. a so-called bad leaver or criminal insider who infiltrate via corporate espionage and sabotage).

Recent Ransomware Attacks

While ransomware has beleaguered victim companies for much of the last decade, a recent global spate of ransomware attacks has prompted intense media coverage and worldwide apprehension and concern.

Law Enforcement and Ransomware: The Official View

The official line from federal law enforcement with respect to Ransomware is: Report the Incident and Don’t Pay. Specifically, the FBI warns:

Law Enforcement and Ransomware: The Unofficial View

Counsel as Quarterback for Ransomware Response

For instance, after a cybersecurity incident such as a ransomware attack, law enforcement, regulators, vendors, partners, insurers, customers and others may:

Request forensic images of impacted systems;

Demand copies of indicators of compromise;

Mandate that their own auditors or examiners visit sites of infiltration and conduct their own audit and investigation;

Want to participate in remediation planning;

Seek interviews and interactions with IT personnel;

Require briefings from a victim company’s forensic experts and data security engineers; or

Ask to attach a recording appliance to a victim company’s network in hope of capturing traces of attacker activity, should an attacker return.

Ransomware and the Attorney-Client Privilege

Ransomware Notification Requirements

State regulators (per state privacy statutes, rules and regulations);

Shareholders (per SEC disclosure obligations);

Insurance carriers (especially if a victim company plans to make an insurance claim, relating to the ransomware attack);

Customers (when the data of a customer, such as a hospital patient, is impacted by a ransomware attack, a victim company may have very specific legal obligations to notify that customer); and

Any other constituency who may have a vested interest in a victim-company.

Ransomware Investigative Tactics

Ransomware Payment

The Legalities of Ransomware Payment

Ransomware and the FCPA

Foreign Sanctions and Ransomware

Ransomware and Conspiracy

Ransomware: To Pay or Not To Pay

The arguments for rendering a ransomware payment include:

Payment is the least costly option;

Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);

Payment can avoid being fined for losing important data;

Payment means not losing highly confidential information; and

Payment may mean not going public with the data breach.

The arguments against rendering a ransomware payment include:

Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;

Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;

Payment can do damage to a corporate brand;

Payment may not stop the ransomware attacker from returning;

If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and

Ransomware Remediation

Updating operating systems, software patching, antivirus programs and firewalls;

Taking steps to detect and block ransomware through firewalls and intrusion detection monitoring, including setting alerts for anomalous behavior;

Revisiting backup protocols to ensure that a crypto-attack is classified as a potential disaster with appropriate contingency plans;

Enabling popup blockers;

Employing IT professionals or consultants familiar with ransomware, who stays current with evolving iterations and variants; and

Implementing a strong password policy requiring all users to regularly change passwords and require more complex passwords, i.e. mixture of lower and uppercase letters, numbers, and symbols;

Reviewing and auditing all network permissions in your network while updating and deactivating all user accounts regularly, including departing employees;

Rigorous employee education and outreach;

Securing long and short-term backups, stored in a manner detached from a company’s network;

Intense screening of partners and vendors to ensure strong security procedures from associated third parties;

Thoughtfully and securely segmenting sensitive user and corporate data within a corporate network; and

Changing network and Wi-Fi passwords regularly.

Ransomware and Business Continuity Plans

Ransomware and Cyber Insurance

Final Thoughts

The government could also take additional steps to combat ransomware such as:

Providing financial incentives for private investment in ransomware prevention and remediation technologies;

Creating new legal penalties for ransomware payments in a manner similar to the FCPA, rendering the option of paying ransom costlier, thus nudging firms toward choosing greater security.

The post Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance appeared first on The D&O Diary.

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance published first on

0 notes

lawfultruth · 7 years

Text

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance

John Stark Reed

****************************

What is Ransomware?

Ransomware Growth

The ransomware business model works, with the FBI stating that ransomware is on pace to become a one billion dollar source of income for cybercriminals in 2017;

An accidental insider (e.g. an inattentive employee infiltrated due to inadvertent behaviors or broken business processes);

A compromised insider (e.g. a targeted employee via social engineering and infiltrated due to malware infections or stolen credentials); or

A malicious insider (e.g. a so-called bad leaver or criminal insider who infiltrate via corporate espionage and sabotage).

Recent Ransomware Attacks

While ransomware has beleaguered victim companies for much of the last decade, a recent global spate of ransomware attacks has prompted intense media coverage and worldwide apprehension and concern.

Law Enforcement and Ransomware: The Official View

The official line from federal law enforcement with respect to Ransomware is: Report the Incident and Don’t Pay. Specifically, the FBI warns:

Law Enforcement and Ransomware: The Unofficial View

Counsel as Quarterback for Ransomware Response

For instance, after a cybersecurity incident such as a ransomware attack, law enforcement, regulators, vendors, partners, insurers, customers and others may:

Request forensic images of impacted systems;

Demand copies of indicators of compromise;

Mandate that their own auditors or examiners visit sites of infiltration and conduct their own audit and investigation;

Want to participate in remediation planning;

Seek interviews and interactions with IT personnel;

Require briefings from a victim company’s forensic experts and data security engineers; or

Ask to attach a recording appliance to a victim company’s network in hope of capturing traces of attacker activity, should an attacker return.

Ransomware and the Attorney-Client Privilege

Ransomware Notification Requirements

State regulators (per state privacy statutes, rules and regulations);

Shareholders (per SEC disclosure obligations);

Insurance carriers (especially if a victim company plans to make an insurance claim, relating to the ransomware attack);

Customers (when the data of a customer, such as a hospital patient, is impacted by a ransomware attack, a victim company may have very specific legal obligations to notify that customer); and

Any other constituency who may have a vested interest in a victim-company.

Ransomware Investigative Tactics

Ransomware Payment

The Legalities of Ransomware Payment

Ransomware and the FCPA

Foreign Sanctions and Ransomware

Ransomware and Conspiracy

Ransomware: To Pay or Not To Pay

The arguments for rendering a ransomware payment include:

Payment is the least costly option;

Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);

Payment can avoid being fined for losing important data;

Payment means not losing highly confidential information; and

Payment may mean not going public with the data breach.

The arguments against rendering a ransomware payment include:

Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;

Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;

Payment can do damage to a corporate brand;

Payment may not stop the ransomware attacker from returning;

If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and

Ransomware Remediation

Updating operating systems, software patching, antivirus programs and firewalls;

Taking steps to detect and block ransomware through firewalls and intrusion detection monitoring, including setting alerts for anomalous behavior;

Revisiting backup protocols to ensure that a crypto-attack is classified as a potential disaster with appropriate contingency plans;

Enabling popup blockers;

Employing IT professionals or consultants familiar with ransomware, who stays current with evolving iterations and variants; and

Implementing a strong password policy requiring all users to regularly change passwords and require more complex passwords, i.e. mixture of lower and uppercase letters, numbers, and symbols;

Reviewing and auditing all network permissions in your network while updating and deactivating all user accounts regularly, including departing employees;

Rigorous employee education and outreach;

Securing long and short-term backups, stored in a manner detached from a company’s network;

Intense screening of partners and vendors to ensure strong security procedures from associated third parties;

Thoughtfully and securely segmenting sensitive user and corporate data within a corporate network; and

Changing network and Wi-Fi passwords regularly.

Ransomware and Business Continuity Plans

Ransomware and Cyber Insurance

Final Thoughts

The government could also take additional steps to combat ransomware such as:

Providing financial incentives for private investment in ransomware prevention and remediation technologies;

Creating new legal penalties for ransomware payments in a manner similar to the FCPA, rendering the option of paying ransom costlier, thus nudging firms toward choosing greater security.

The post Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance appeared first on The D&O Diary.

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance syndicated from http://ift.tt/2qyreAv

0 notes

simonconsultancypage · 7 years

Text

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance

John Stark Reed

****************************

What is Ransomware?

Ransomware Growth

The ransomware business model works, with the FBI stating that ransomware is on pace to become a one billion dollar source of income for cybercriminals in 2017;

An accidental insider (e.g. an inattentive employee infiltrated due to inadvertent behaviors or broken business processes);

A compromised insider (e.g. a targeted employee via social engineering and infiltrated due to malware infections or stolen credentials); or

A malicious insider (e.g. a so-called bad leaver or criminal insider who infiltrate via corporate espionage and sabotage).

Recent Ransomware Attacks

While ransomware has beleaguered victim companies for much of the last decade, a recent global spate of ransomware attacks has prompted intense media coverage and worldwide apprehension and concern.

Law Enforcement and Ransomware: The Official View

The official line from federal law enforcement with respect to Ransomware is: Report the Incident and Don’t Pay. Specifically, the FBI warns:

Law Enforcement and Ransomware: The Unofficial View

Counsel as Quarterback for Ransomware Response

For instance, after a cybersecurity incident such as a ransomware attack, law enforcement, regulators, vendors, partners, insurers, customers and others may:

Request forensic images of impacted systems;

Demand copies of indicators of compromise;

Mandate that their own auditors or examiners visit sites of infiltration and conduct their own audit and investigation;

Want to participate in remediation planning;

Seek interviews and interactions with IT personnel;

Require briefings from a victim company’s forensic experts and data security engineers; or

Ask to attach a recording appliance to a victim company’s network in hope of capturing traces of attacker activity, should an attacker return.

Ransomware and the Attorney-Client Privilege

Ransomware Notification Requirements

State regulators (per state privacy statutes, rules and regulations);

Shareholders (per SEC disclosure obligations);

Insurance carriers (especially if a victim company plans to make an insurance claim, relating to the ransomware attack);

Customers (when the data of a customer, such as a hospital patient, is impacted by a ransomware attack, a victim company may have very specific legal obligations to notify that customer); and

Any other constituency who may have a vested interest in a victim-company.

Ransomware Investigative Tactics

Ransomware Payment

The Legalities of Ransomware Payment

Ransomware and the FCPA

Foreign Sanctions and Ransomware

Ransomware and Conspiracy

Ransomware: To Pay or Not To Pay

The arguments for rendering a ransomware payment include:

Payment is the least costly option;

Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);

Payment can avoid being fined for losing important data;

Payment means not losing highly confidential information; and

Payment may mean not going public with the data breach.

The arguments against rendering a ransomware payment include:

Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;

Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;

Payment can do damage to a corporate brand;

Payment may not stop the ransomware attacker from returning;

If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and

Ransomware Remediation

Updating operating systems, software patching, antivirus programs and firewalls;

Taking steps to detect and block ransomware through firewalls and intrusion detection monitoring, including setting alerts for anomalous behavior;

Revisiting backup protocols to ensure that a crypto-attack is classified as a potential disaster with appropriate contingency plans;

Enabling popup blockers;

Employing IT professionals or consultants familiar with ransomware, who stays current with evolving iterations and variants; and

Implementing a strong password policy requiring all users to regularly change passwords and require more complex passwords, i.e. mixture of lower and uppercase letters, numbers, and symbols;

Reviewing and auditing all network permissions in your network while updating and deactivating all user accounts regularly, including departing employees;

Rigorous employee education and outreach;

Securing long and short-term backups, stored in a manner detached from a company’s network;

Intense screening of partners and vendors to ensure strong security procedures from associated third parties;

Thoughtfully and securely segmenting sensitive user and corporate data within a corporate network; and

Changing network and Wi-Fi passwords regularly.

Ransomware and Business Continuity Plans

Ransomware and Cyber Insurance

Final Thoughts

The government could also take additional steps to combat ransomware such as:

Providing financial incentives for private investment in ransomware prevention and remediation technologies;

Creating new legal penalties for ransomware payments in a manner similar to the FCPA, rendering the option of paying ransom costlier, thus nudging firms toward choosing greater security.

The post Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance appeared first on The D&O Diary.

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance published first on http://ift.tt/2kTPCwo

0 notes

simonconsultancypage · 7 years

Text

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance

John Stark Reed

****************************

What is Ransomware?

Ransomware Growth

The ransomware business model works, with the FBI stating that ransomware is on pace to become a one billion dollar source of income for cybercriminals in 2017;

An accidental insider (e.g. an inattentive employee infiltrated due to inadvertent behaviors or broken business processes);

A compromised insider (e.g. a targeted employee via social engineering and infiltrated due to malware infections or stolen credentials); or

A malicious insider (e.g. a so-called bad leaver or criminal insider who infiltrate via corporate espionage and sabotage).

Recent Ransomware Attacks

While ransomware has beleaguered victim companies for much of the last decade, a recent global spate of ransomware attacks has prompted intense media coverage and worldwide apprehension and concern.

Law Enforcement and Ransomware: The Official View

The official line from federal law enforcement with respect to Ransomware is: Report the Incident and Don’t Pay. Specifically, the FBI warns:

Law Enforcement and Ransomware: The Unofficial View

Counsel as Quarterback for Ransomware Response

For instance, after a cybersecurity incident such as a ransomware attack, law enforcement, regulators, vendors, partners, insurers, customers and others may:

Request forensic images of impacted systems;

Demand copies of indicators of compromise;

Mandate that their own auditors or examiners visit sites of infiltration and conduct their own audit and investigation;

Want to participate in remediation planning;

Seek interviews and interactions with IT personnel;

Require briefings from a victim company’s forensic experts and data security engineers; or

Ask to attach a recording appliance to a victim company’s network in hope of capturing traces of attacker activity, should an attacker return.

Ransomware and the Attorney-Client Privilege

Ransomware Notification Requirements

State regulators (per state privacy statutes, rules and regulations);

Shareholders (per SEC disclosure obligations);

Insurance carriers (especially if a victim company plans to make an insurance claim, relating to the ransomware attack);

Customers (when the data of a customer, such as a hospital patient, is impacted by a ransomware attack, a victim company may have very specific legal obligations to notify that customer); and

Any other constituency who may have a vested interest in a victim-company.

Ransomware Investigative Tactics

Ransomware Payment

The Legalities of Ransomware Payment

Ransomware and the FCPA

Foreign Sanctions and Ransomware

Ransomware and Conspiracy

Ransomware: To Pay or Not To Pay

The arguments for rendering a ransomware payment include:

Payment is the least costly option;

Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);

Payment can avoid being fined for losing important data;

Payment means not losing highly confidential information; and

Payment may mean not going public with the data breach.

The arguments against rendering a ransomware payment include:

Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;

Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;

Payment can do damage to a corporate brand;

Payment may not stop the ransomware attacker from returning;

If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and

Ransomware Remediation

Updating operating systems, software patching, antivirus programs and firewalls;

Taking steps to detect and block ransomware through firewalls and intrusion detection monitoring, including setting alerts for anomalous behavior;

Revisiting backup protocols to ensure that a crypto-attack is classified as a potential disaster with appropriate contingency plans;

Enabling popup blockers;

Employing IT professionals or consultants familiar with ransomware, who stays current with evolving iterations and variants; and

Implementing a strong password policy requiring all users to regularly change passwords and require more complex passwords, i.e. mixture of lower and uppercase letters, numbers, and symbols;

Reviewing and auditing all network permissions in your network while updating and deactivating all user accounts regularly, including departing employees;

Rigorous employee education and outreach;

Securing long and short-term backups, stored in a manner detached from a company’s network;

Intense screening of partners and vendors to ensure strong security procedures from associated third parties;

Thoughtfully and securely segmenting sensitive user and corporate data within a corporate network; and

Changing network and Wi-Fi passwords regularly.

Ransomware and Business Continuity Plans

Ransomware and Cyber Insurance

Final Thoughts

The government could also take additional steps to combat ransomware such as:

Providing financial incentives for private investment in ransomware prevention and remediation technologies;

Creating new legal penalties for ransomware payments in a manner similar to the FCPA, rendering the option of paying ransom costlier, thus nudging firms toward choosing greater security.

The post Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance appeared first on The D&O Diary.

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance published first on http://ift.tt/2kTPCwo

0 notes

simonconsultancypage · 7 years

Text

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance

John Stark Reed

****************************

What is Ransomware?

Ransomware Growth

The ransomware business model works, with the FBI stating that ransomware is on pace to become a one billion dollar source of income for cybercriminals in 2017;

An accidental insider (e.g. an inattentive employee infiltrated due to inadvertent behaviors or broken business processes);

A compromised insider (e.g. a targeted employee via social engineering and infiltrated due to malware infections or stolen credentials); or

A malicious insider (e.g. a so-called bad leaver or criminal insider who infiltrate via corporate espionage and sabotage).

Recent Ransomware Attacks

While ransomware has beleaguered victim companies for much of the last decade, a recent global spate of ransomware attacks has prompted intense media coverage and worldwide apprehension and concern.

Law Enforcement and Ransomware: The Official View

The official line from federal law enforcement with respect to Ransomware is: Report the Incident and Don’t Pay. Specifically, the FBI warns:

Law Enforcement and Ransomware: The Unofficial View

Counsel as Quarterback for Ransomware Response

For instance, after a cybersecurity incident such as a ransomware attack, law enforcement, regulators, vendors, partners, insurers, customers and others may:

Request forensic images of impacted systems;

Demand copies of indicators of compromise;

Mandate that their own auditors or examiners visit sites of infiltration and conduct their own audit and investigation;

Want to participate in remediation planning;

Seek interviews and interactions with IT personnel;

Require briefings from a victim company’s forensic experts and data security engineers; or

Ask to attach a recording appliance to a victim company’s network in hope of capturing traces of attacker activity, should an attacker return.

Ransomware and the Attorney-Client Privilege

Ransomware Notification Requirements

State regulators (per state privacy statutes, rules and regulations);

Shareholders (per SEC disclosure obligations);

Insurance carriers (especially if a victim company plans to make an insurance claim, relating to the ransomware attack);

Customers (when the data of a customer, such as a hospital patient, is impacted by a ransomware attack, a victim company may have very specific legal obligations to notify that customer); and

Any other constituency who may have a vested interest in a victim-company.

Ransomware Investigative Tactics

Ransomware Payment

The Legalities of Ransomware Payment

Ransomware and the FCPA

Foreign Sanctions and Ransomware

Ransomware and Conspiracy

Ransomware: To Pay or Not To Pay

The arguments for rendering a ransomware payment include:

Payment is the least costly option;

Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);

Payment can avoid being fined for losing important data;

Payment means not losing highly confidential information; and

Payment may mean not going public with the data breach.

The arguments against rendering a ransomware payment include:

Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;

Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;

Payment can do damage to a corporate brand;

Payment may not stop the ransomware attacker from returning;

If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and

Ransomware Remediation

Updating operating systems, software patching, antivirus programs and firewalls;

Taking steps to detect and block ransomware through firewalls and intrusion detection monitoring, including setting alerts for anomalous behavior;

Revisiting backup protocols to ensure that a crypto-attack is classified as a potential disaster with appropriate contingency plans;

Enabling popup blockers;

Employing IT professionals or consultants familiar with ransomware, who stays current with evolving iterations and variants; and

Implementing a strong password policy requiring all users to regularly change passwords and require more complex passwords, i.e. mixture of lower and uppercase letters, numbers, and symbols;

Reviewing and auditing all network permissions in your network while updating and deactivating all user accounts regularly, including departing employees;

Rigorous employee education and outreach;

Securing long and short-term backups, stored in a manner detached from a company’s network;

Intense screening of partners and vendors to ensure strong security procedures from associated third parties;

Thoughtfully and securely segmenting sensitive user and corporate data within a corporate network; and

Changing network and Wi-Fi passwords regularly.

Ransomware and Business Continuity Plans

Ransomware and Cyber Insurance

Final Thoughts

The government could also take additional steps to combat ransomware such as:

Providing financial incentives for private investment in ransomware prevention and remediation technologies;

Creating new legal penalties for ransomware payments in a manner similar to the FCPA, rendering the option of paying ransom costlier, thus nudging firms toward choosing greater security.

The post Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance appeared first on The D&O Diary.

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance published first on http://ift.tt/2kTPCwo

0 notes

simonconsultancypage · 7 years

Text

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance

John Stark Reed

****************************

What is Ransomware?

Ransomware Growth

The ransomware business model works, with the FBI stating that ransomware is on pace to become a one billion dollar source of income for cybercriminals in 2017;

An accidental insider (e.g. an inattentive employee infiltrated due to inadvertent behaviors or broken business processes);

A compromised insider (e.g. a targeted employee via social engineering and infiltrated due to malware infections or stolen credentials); or

A malicious insider (e.g. a so-called bad leaver or criminal insider who infiltrate via corporate espionage and sabotage).

Recent Ransomware Attacks

While ransomware has beleaguered victim companies for much of the last decade, a recent global spate of ransomware attacks has prompted intense media coverage and worldwide apprehension and concern.

Law Enforcement and Ransomware: The Official View

The official line from federal law enforcement with respect to Ransomware is: Report the Incident and Don’t Pay. Specifically, the FBI warns:

Law Enforcement and Ransomware: The Unofficial View

Counsel as Quarterback for Ransomware Response

For instance, after a cybersecurity incident such as a ransomware attack, law enforcement, regulators, vendors, partners, insurers, customers and others may:

Request forensic images of impacted systems;

Demand copies of indicators of compromise;

Mandate that their own auditors or examiners visit sites of infiltration and conduct their own audit and investigation;

Want to participate in remediation planning;

Seek interviews and interactions with IT personnel;

Require briefings from a victim company’s forensic experts and data security engineers; or

Ask to attach a recording appliance to a victim company’s network in hope of capturing traces of attacker activity, should an attacker return.

Ransomware and the Attorney-Client Privilege

Ransomware Notification Requirements

State regulators (per state privacy statutes, rules and regulations);

Shareholders (per SEC disclosure obligations);

Insurance carriers (especially if a victim company plans to make an insurance claim, relating to the ransomware attack);

Customers (when the data of a customer, such as a hospital patient, is impacted by a ransomware attack, a victim company may have very specific legal obligations to notify that customer); and

Any other constituency who may have a vested interest in a victim-company.

Ransomware Investigative Tactics

Ransomware Payment

The Legalities of Ransomware Payment

Ransomware and the FCPA

Foreign Sanctions and Ransomware

Ransomware and Conspiracy

Ransomware: To Pay or Not To Pay

The arguments for rendering a ransomware payment include:

Payment is the least costly option;

Payment is in the best interest of stakeholders (e.g. a hospital patient in desperate need of an immediate operation whose records are locked up);

Payment can avoid being fined for losing important data;

Payment means not losing highly confidential information; and

Payment may mean not going public with the data breach.

The arguments against rendering a ransomware payment include:

Payment does not guarantee that the right encryption keys with the proper decryption algorithms will be provided;

Payment further funds additional criminal pursuits of the attacker, enabling a cycle of ransomware crime;

Payment can do damage to a corporate brand;

Payment may not stop the ransomware attacker from returning;

If victims stopped making ransomware payments, the ransomware revenue stream would stop and ransomware attackers would have to move on to perpetrating another scheme; and

Ransomware Remediation

Updating operating systems, software patching, antivirus programs and firewalls;

Taking steps to detect and block ransomware through firewalls and intrusion detection monitoring, including setting alerts for anomalous behavior;

Revisiting backup protocols to ensure that a crypto-attack is classified as a potential disaster with appropriate contingency plans;

Enabling popup blockers;

Employing IT professionals or consultants familiar with ransomware, who stays current with evolving iterations and variants; and

Implementing a strong password policy requiring all users to regularly change passwords and require more complex passwords, i.e. mixture of lower and uppercase letters, numbers, and symbols;

Reviewing and auditing all network permissions in your network while updating and deactivating all user accounts regularly, including departing employees;

Rigorous employee education and outreach;

Securing long and short-term backups, stored in a manner detached from a company’s network;

Intense screening of partners and vendors to ensure strong security procedures from associated third parties;

Thoughtfully and securely segmenting sensitive user and corporate data within a corporate network; and

Changing network and Wi-Fi passwords regularly.

Ransomware and Business Continuity Plans

Ransomware and Cyber Insurance

Final Thoughts

The government could also take additional steps to combat ransomware such as:

Providing financial incentives for private investment in ransomware prevention and remediation technologies;

Creating new legal penalties for ransomware payments in a manner similar to the FCPA, rendering the option of paying ransom costlier, thus nudging firms toward choosing greater security.

The post Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance appeared first on The D&O Diary.

Guest Post: Ransomware Payment: Legality, Logistics, Mitigation, and Insurance published first on http://ift.tt/2kTPCwo

0 notes