Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Ransomware - how prevalent and how to deal with it

2»

Comments

  • #32
    gctest50
    Registered Users, Registered Users 2 Posts: 9,605 ✭✭✭gctest50


    rgmartin91 wrote: »
    Yet another major attack that is rippling across the world - is this going to become a regular now?

    http://www.newstalk.com/Irishbased-firms-hit-by-latest-ransomware-cyberattack


    If anyone is any doubt as to just how prevalent hacking has become, check this out. It's a live stream of cyber attacks as they happen :eek:

    https://brandon.global/cyber-attacks-live#cybersecurity

    be nice if they mentioned where that map was from


    http://map.norsecorp.com/#/


  • #33
    gctest50
    Registered Users, Registered Users 2 Posts: 9,605 ✭✭✭gctest50


    Bad news :

    A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can't get decryption keys.

    So, even if you just wanted to pay, get your data back in action and learn yer lesson, you can't

    They could have waited, and see who was accessing it. Nope.

    Nice going German clowns




    "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately – and blocked the account straight away.


  • #34
    Bacchus
    Registered Users, Registered Users 2 Posts: 4,701 ✭✭✭Bacchus


    rgmartin91 wrote: »
    Yet another major attack that is rippling across the world - is this going to become a regular now?

    http://www.newstalk.com/Irishbased-firms-hit-by-latest-ransomware-cyberattack


    If anyone is any doubt as to just how prevalent hacking has become, check this out. It's a live stream of cyber attacks as they happen :eek:

    https://brandon.global/cyber-attacks-live#cybersecurity

    The recent high profile attacks are a direct result of the leaked NSA goody bag of exploits. I believe this new attack uses the same exploit as WannaCry (in which case WTF were people thinking not patching their systems). So, there'll be a spike in these kinds of high profile indiscriminate attacks for a while but the reality is that all sorts of cyber attacks have been going on for years (and decades... but the more connected everything gets the more attacks you see... IoT is going to be soooooo much fun :p). WannaCry just captured the general population's attention.
    gctest50 wrote: »
    Bad news :

    A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can't get decryption keys.

    So, even if you just wanted to pay, get your data back in action and learn yer lesson, you can't

    They could have waited, and see who was accessing it. Nope.

    Nice going German clowns

    Short term, yes this sucks for those affected but in the long term, one of the effective ways to stop these kinds of attacks is to make it non profitable. Basically, anything that proliferates the notion that paying the ransom does not guarantee you anything will help to motivate people to put recovery plans in place instead of paying the "bad guys". If ransomware attacks cease to be profitable you at least cut out one of the attack actors from the situation.

    As for tracking the culprits. These ransoms are typically paid with Bitcoin these days which makes it very easy for someone with a bit of technical know-how to hide their identity.


  • #35
    ItHurtsWhenIP
    Registered Users, Registered Users 2 Posts: 2,063 ✭✭✭ItHurtsWhenIP


    gctest50 wrote: »
    Bad news :

    A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can't get decryption keys.

    So, even if you just wanted to pay, get your data back in action and learn yer lesson, you can't

    They could have waited, and see who was accessing it. Nope.

    Nice going German clowns

    I'd seen other rumours of this, but Kaspersky are saying that this was not Ransomware but actually a destructive wiper. So nobody was getting their data back anyway.
    Bacchus wrote: »
    The recent high profile attacks are a direct result of the leaked NSA goody bag of exploits. I believe this new attack uses the same exploit as WannaCry (in which case WTF were people thinking not patching their systems). So, there'll be a spike in these kinds of high profile indiscriminate attacks for a while but the reality is that all sorts of cyber attacks have been going on for years (and decades... but the more connected everything gets the more attacks you see... IoT is going to be soooooo much fun :p). WannaCry just captured the general population's attention.
    ...

    From some of the reports out there, yes EternalBlue was used to get a foothold in to a vulnerable machine, but then Petya/NotPetya used Mimikatz to acquire local credentials and then used either PSExec or WMIC to move laterally - so even fully patched machines could be compromised. :eek::(


  • #36
    Hotblack Desiato
    Registered Users, Registered Users 2 Posts: 35,329 ✭✭✭✭Hotblack Desiato


    Bacchus wrote: »
    the more connected everything gets the more attacks you see... IoT is going to be soooooo much fun :p

    Saw a quote today, can't remember where or by who, but it was something like "we took a system designed to withstand a nuclear attack, and made it vulnerable to toasters"

    Increasingly looking like the latest was a targeted attack on Ukraine, not designed to make money.

    Scrap the cap!



  • Advertisement
  • #37
    ItHurtsWhenIP
    Registered Users, Registered Users 2 Posts: 2,063 ✭✭✭ItHurtsWhenIP


    Hotblack Desiato wrote: »
    Saw a quote today, can't remember where or by who, but it was something like "we took a system designed to withstand a nuclear attack, and made it vulnerable to toasters"

    Increasingly looking like the latest was a targeted attack on Ukraine, not designed to make money.

    That would be the tweet from Jeff Jarmoc after Mirai blew up last year.
    https://twitter.com/jjarmoc/status/789637654711267328


  • #38
    ishotjr2
    Registered Users, Registered Users 2 Posts: 134 ✭✭ishotjr2


    > So apart from the usual security essentials what would be recommended to prevent Ransomware attacks being an issue.?
    Few suggestions
    I would use cloud desktops where possible (surprising how few internal systems we really need now, if it is for windows file sharing (SMB) stop using SMB! use sharepoint or one of them). Cloud desktops will take care of the backup restore and isolate the threat.
    Isolate your internal network based on business critical.
    Implement strict website white listing at user level.

    You are making a choice: Educate users and hold them responsible -or- isolate users so they cannot affect others and then spend your time debugging access problems and auditing. Both options are work and the judgement should be done on a case by case basis.


  • #39
    gctest50
    Registered Users, Registered Users 2 Posts: 9,605 ✭✭✭gctest50


    ishotjr2 wrote: »
    .......

    Cloud desktops will take care of the backup restore and isolate the threat.......

    Vesk got it a while back

    https://www.theregister.co.uk/2016/09/29/vesk_coughs_up_18k_in_ransomware_attack/


    all it really takes is someone with a target that knows how to plan - rather than a random drunk-person-with-shotgun-approach


Advertisement