tag:blogger.com,1999:blog-4503292949532760618.post1620702219595287113..comments2024-03-28T02:31:38.608-07:00Comments on DSHR's Blog: A Modest Proposal About RansomwareDavid.http://www.blogger.com/profile/14498131502038331594noreply@blogger.comBlogger39125tag:blogger.com,1999:blog-4503292949532760618.post-17518403039973329152021-12-07T09:28:50.237-08:002021-12-07T09:28:50.237-08:00Matthew Field's Crackdown on crypto firms nee...Matthew Field's <a href="https://www.telegraph.co.uk/business/2021/12/05/crackdown-crypto-firms-needed-wreck-ransomware-says-ex-gchq/" rel="nofollow"><i> Crackdown on crypto firms needed to ‘wreck’ ransomware, says ex-GCHQ boss </i></a> starts:<br /><br />"Regulators need to “wreck the business model” of ransomware gangs by cracking down on cryptocurrency companies that facilitate Bitcoin payments, according to the former head of GCHQ.<br /><br />Robert Hannigan, who was director of Britain’s signals intelligence agency from 2014 to 2017, said more coordinated action was needed to tackle a surge in ransomware attacks during the pandemic."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-64790024588784266362021-12-05T16:43:53.918-08:002021-12-05T16:43:53.918-08:00Steven Musil reports that US military has reported...Steven Musil reports that <a href="https://www.cnet.com/tech/services-and-software/us-military-has-reportedly-acted-against-ransomware-groups/" rel="nofollow"><i>US military has reportedly acted against ransomware groups</i></a>:<br /><br />"Nakasone didn't describe the action taken or identify the groups targeted, but said one of the goals is to "impose costs" for ransomware groups.<br /><br />"Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs," Nakasone said. "That's an important piece that we should always be mindful of."<br /><br />The increased activity follows a string of cyberattacks on the federal government and private companies, reigniting concerns about the vulnerability of critical infrastructure."<br /><br />"Imposing costs" will certainly prevent any further ransomware attacks. So there's no need take action against cryptocurrencies. Everyone can relax and keep on getting rich as <a href="https://davidgerard.co.uk/blockchain/2019/05/27/the-origin-of-number-go-up-in-bitcoin-culture/" rel="nofollow">"number go up"</a>. We are safe behind the shield of the US military's "Cyber Command".David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-1211915949257689742021-12-03T13:47:56.692-08:002021-12-03T13:47:56.692-08:00Catalin Cimpanu reports that: FBI says the Cuba ra...Catalin Cimpanu reports that: <a href="https://therecord.media/fbi-says-the-cuba-ransomware-gang-made-43-9-million-from-ransom-payments/" rel="nofollow"><i>FBI says the Cuba ransomware gang made $43.9 million from ransom payments</i></a>:<br /><br />"The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year.<br /><br />In a flash alert sent out on Friday, the Bureau said the Cuba gang has “compromised at least <b>49 entities in five critical infrastructure sectors</b>, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”<br /><br />The FBI said it traced attacks with the Cuba ransomware to systems infected with <a href="https://isc.sans.edu/diary/rss/26980" rel="nofollow">Hancitor</a>, a malware operation that uses phishing emails, Microsoft Exchange vulnerabilities, compromised credentials, or RDP brute-forcing tools to gain access to vulnerable Windows systems.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-89164396181513342892021-11-09T12:33:50.210-08:002021-11-09T12:33:50.210-08:00Hannah Murphy and Stefania Palma report that US ch...Hannah Murphy and Stefania Palma report that <a href="https://arstechnica.com/tech-policy/2021/11/us-charges-ukrainian-and-russian-nationals-over-ransomware-attacks/" rel="nofollow"><i>US charges Ukrainian and Russian nationals over ransomware attacks</i></a>. They are:<br /><br />"Ukrainian Yaroslav Vasinskyi, 22, for allegedly conducting one of the largest global supply chain ransomware attacks, the Kaseya hack, among others. The US said it is seeking to extradite Vasinskyi, who was arrested in Poland after crossing the border from Ukraine,"<br /><br />And:<br /><br />"Russian national Yevgyeniy Polyanin, 28, for allegedly targeting US government entities and private-sector companies in about 3,000 attacks that reaped an estimated $13 million, Garland said. The US has seized $6.1 million in ransom proceeds from his activities,"<br /><br />Also:<br /><br />"Separately on Monday, Europol announced that law enforcement in Romania had arrested two ransomware hackers associated with the Sodinokibi/REvil ransomware cartel."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-66295470809980878982021-11-06T13:19:49.742-07:002021-11-06T13:19:49.742-07:00Ellen Nakashima and Dalton Bennett A ransomware ga...Ellen Nakashima and Dalton Bennett <a href="https://www.msn.com/en-us/news/us/a-ransomware-gang-shut-down-after-cybercom-hijacked-its-site-and-it-discovered-it-had-been-hacked/ar-AAQgPdp" rel="nofollow"><i>A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked</i></a>:<br /><br />"A major overseas ransomware group shut down last month after a pair of operations by U.S. Cyber Command and a foreign government targeting the criminals’ servers left its leaders too frightened of identification and arrest to stay in business, according to several U.S. officials familiar with the matter.<br /><br />The foreign government hacked the servers of REvil this summer, but the Russian-speaking criminal group did not discover it was compromised until Cybercom last month blocked its website by hijacking its traffic, said the officials who spoke on the condition of anonymity because of the matter’s sensitivity."<br /><br />And Lisa Vaas reports that <a href="https://threatpost.com/revil-ransomware-core-member/175863/" rel="nofollow"><i>Suspected REvil Gang Insider Identified</i></a>:<br /><br />"German investigators have identified a deep-pocketed, big-spending Russian billionaire whom they suspect of being a core member of the REvil ransomware gang.<br /><br />He lolls around on yachts, wears a luxury watch with a Bitcoin address engraved on its dial, and is suspected of buying it all with money he made as a core member of the REvil ransomware gang.<br /><br />The showy billionaire goes by “Nikolay K.”on social media, and German police are hoping he’ll cruise out of Russia on his next vacation – preferably, to a country with a cooperation agreement with Germany so they can arrest him. In case he decides to kick back somewhere other than sunny Crimea, they’ve got an arrest warrant waiting for him."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-8995411689221445072021-10-23T09:53:40.111-07:002021-10-23T09:53:40.111-07:00Lorenzo Franceschi-Bicchierai reports that Sinclai...Lorenzo Franceschi-Bicchierai reports that <a href="https://www.vice.com/en/article/dypg4w/sinclair-workers-say-tv-channels-are-in-pandemonium-after-ransomware-attack" rel="nofollow"><i>Sinclair Workers Say TV Channels Are in ‘Pandemonium’ After Ransomware Attack</i></a>:<br /><br />"The ransomware attack interfered with several channels’ broadcast programming, preventing them from airing ads or NFL games, <a href="https://therecord.media/sinclair-tv-stations-disrupted-across-the-us-in-apparent-ransomware-attack/" rel="nofollow">as reported by The Record</a>, a news site owned by cybersecurity firm Recorded Future. It has also left employees confused and wondering what's going on, according to current Sinclair workers."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-2047373324936689782021-10-22T12:29:09.079-07:002021-10-22T12:29:09.079-07:00In Joseph Menn and Christopher Bing's exclusiv...In Joseph Menn and Christopher Bing's exclusive <a href="https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/" rel="nofollow"><i>Governments turn tables on ransomware gang REvil by pushing it offline</i></a> they report on the latest whack-a-mole action:<br /><br />"The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.<br />...<br />"The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations. “REvil was top of the list.”<br /><br />A leadership figure known as "0_neday," who had helped restart the group's operations after an earlier shutdown, said REvil's servers had been hacked by an unnamed party."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-84822584616675818272021-10-18T10:21:08.344-07:002021-10-18T10:21:08.344-07:00Catalin Cimpanu reports that Sinclair TV stations ...Catalin Cimpanu reports that <a href="https://therecord.media/sinclair-tv-stations-disrupted-across-the-us-in-apparent-ransomware-attack/" rel="nofollow"><i>Sinclair TV stations disrupted across the US after ransomware attack</i></a>:<br /><br />"TV broadcasts for Sinclair-owned channels have gone down today across the US in what the stations have described as technical issues, but which multiple sources told The Record to be a ransomware attack.<br /><br />The incident occurred in the early hours of the day and took down the Sinclair internal corporate network, email servers, phone services, and the broadcasting systems of local TV stations.<br /><br />As a result of the attack, many channels weren’t able to broadcast morning shows, news segments, and scheduled NFL games, according to a barrage of tweets coming from viewers and the TV channels themselves."<br /><br />Couldn't happen to a nicer company.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-87093019563384246492021-10-18T06:41:41.469-07:002021-10-18T06:41:41.469-07:00Simon Sharwood's US gov claims ransomware '...Simon Sharwood's <a href="https://www.theregister.com/2021/10/18/fincen_ransomware_report/" rel="nofollow"><i>US gov claims ransomware 'earned' $590m in the first half of 2021 alone – mostly in Bitcoin</i></a> makes depressing reading:<br /><br />"Ransomware extracted at least $590 million for the miscreants who create and distribute it in the first half of 2021 alone – more than the $416 million tracked in all of 2020, according to the US government’s Financial Crimes Enforcement Network (FinCEN). Total ransomware-related financial activity may have reached $5.2 billion."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-38238623805820268662021-10-17T14:06:06.194-07:002021-10-17T14:06:06.194-07:00The Joint statement of the Ministers and Represent...The <a href="https://www.whitehouse.gov/briefing-room/statements-releases/2021/10/14/joint-statement-of-the-ministers-and-representatives-from-the-counter-ransomware-initiative-meeting-october-2021/" rel="nofollow"><i>Joint statement of the Ministers and Representatives from the Counter Ransomware Initiative meeting, October 2021</i></a> is pathetically inadequate to the scale of the problem. Its <i>Countering Illicit Finance</i> section is an example:<br /><br />"Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering. We acknowledge that uneven global implementation of the standards of the Financial Action Task Force (FATF) to virtual assets and virtual asset service providers (VASPs) creates an environment permissive to jurisdictional arbitrage by malicious actors seeking platforms to move illicit proceeds without being subject to appropriate anti-money laundering (AML) and other obligations. We also recognize the challenges some jurisdictions face in developing frameworks and investigative capabilities to address the constantly evolving and highly distributed business operations involving virtual assets."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-77310771354378273182021-10-16T06:55:40.063-07:002021-10-16T06:55:40.063-07:00North America Is Biggest Ransomware Target, Chaina...<a href="https://www.bloomberg.com/news/articles/2021-10-14/north-america-is-biggest-ransomware-target-chainalysis-says" rel="nofollow"><i>North America Is Biggest Ransomware Target, Chainalysis Says</i></a> by Joanna Ossinger reports that:<br /><br />"North America has been extorted for the most money by ransomware attackers of any region -- and the groups targeting it tend to be associated with Russia-based cybercriminal groups, according to a new report. <br /><br />Users in the region paid $131 million in cryptocurrency to ransomware attackers between July 2020 and June 2021, according to a report from Chainalysis Inc., crypto-forensics firm. That’s more than double the amount sent from Western Europe, which paid the second-most."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-88360235769103358182021-10-15T12:57:34.661-07:002021-10-15T12:57:34.661-07:00Catalin Cimpanu reports that US govt reveals three...Catalin Cimpanu reports that <a href="https://therecord.media/us-govt-reveals-three-more-ransomware-attacks-on-water-treatment-plants-this-year/" rel="nofollow"><i>US govt reveals three more ransomware attacks on water treatment plants this year</i></a>:<br /><br />"Ransomware gangs have silently hit three US water and wastewater treatment facilities this year, in 2021, the US government said in a joint <a href="https://us-cert.cisa.gov/ncas/alerts/aa21-287a" rel="nofollow">cybersecurity advisory</a> published today by the FBI, NSA, CISA, and the EPA.<br /><br />The attacks —which had been previously unreported— took place in March, July, and August and hit facilities in Nevada, Maine, and California, respectively."<br /><br />The attacks led to the threat actors encrypting files, and in one case, even corrupting a computer used to control the SCADA industrial equipment deployed inside the treatment plant.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-80340998517772939602021-10-04T12:30:44.223-07:002021-10-04T12:30:44.223-07:00Gareth Corfield reports that Ukrainian cops cuff t...Gareth Corfield reports that <a href="https://www.theregister.com/2021/10/04/ukraine_arrests_two_ransomware_150m_allegations_revil/" rel="nofollow"><i>Ukrainian cops cuff two over $150m ransomware gang allegations, seize $1.3m in cryptocurrency</i></a>:<br /><br />"A round of speculation was triggered when inter-EU law enforcement body Europol declared this morning that Ukrainian fuzz had arrested "two prolific ransomware operators known for their extortionate demands," claimed to be up to €70m.<br /><br />One of the two suspects arrested on 28 September, according to the National Police of Ukraine, was a "hacker". The other allegedly "helped to withdraw money obtained by criminal means." $1.3m in cryptocurrency was said to have been frozen."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-45034744026026230022021-09-29T12:40:56.221-07:002021-09-29T12:40:56.221-07:00In Ransomware attacks against hospitals are having...In <a href="https://www.zdnet.com/article/ransomware-attacks-against-hospitals-are-having-some-very-grim-consequences/" rel="nofollow"><i>Ransomware attacks against hospitals are having some very grim consequences</i></a> Danny Palmer reports:<br /><br />"Ransomware attacks against hospitals are having direct consequences for patient care as a result of the reduced availability of systems and services when cyber criminals encrypt networks. <br /><br />According to a survey of healthcare organisations, ransomware attacks have resulted in patients being kept in hospital longer, delays in tests and procedures – and, most disturbingly of all, an increase in patient deaths."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-17091147194427631722021-09-29T10:49:46.302-07:002021-09-29T10:49:46.302-07:00Russia apparently views ransomware attack preventi...Russia apparently views ransomware attack <i>prevention</i> as a national security problem. Max Seddon reports that <a href="https://arstechnica.com/information-technology/2021/09/russia-arrests-cybersecurity-expert-on-treason-charge/" rel="nofollow"><i>Russia arrests cybersecurity expert on treason charge</i></a>:<br /><br />"The founder of one of Russia’s largest cybersecurity companies has been arrested on suspicion of state treason and will be held in a notorious prison run by the security services for the next two months, a Moscow court said on Wednesday.<br /><br />The charges against Ilya Sachkov, founder of Group-IB, are classified and details of them were not immediately clear. State-run news agency Tass cited an anonymous source who said Sachkov denied passing on secret information to foreign intelligence services.<br /><br />Group-IB, which specializes in preventing cybercrime and ransomware, confirmed that law enforcement raided its officers yesterday but said it did not know the reason for Sachkov’s arrest."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-64464586625721364512021-09-21T15:07:21.879-07:002021-09-21T15:07:21.879-07:00Crypto Channels Targeted in Biden’s Fight Against ...<a href="https://www.bloomberg.com/news/articles/2021-09-21/u-s-opens-new-assault-on-ransomware-attackers-with-sanctions" rel="nofollow"><i>Crypto Channels Targeted in Biden’s Fight Against Ransomware</i></a> by Kartikay Mehrotra and Jennifer Jacobs covers announcements by Deputy Treasury Secretary Wally Adeyemo:<br /><br />"sanctions would be imposed on Suex, a cryptocurrency transferring service that’s registered in the Czech Republic. He said Suex had “facilitated transactions involving illicit proceeds for at least eight ransomware variants.”<br /><br />He said “exchanges like Suex are critical to attackers’ ability to extract profits,” pointing out that this was the first such action by the Office of Foreign Assets Control against a virtual currency exchange."<br /><br />And:<br /><br />"Since its inception in 2018 as a venue for transferring digital currency and turning it into cash, Suex has moved hundreds of millions of dollars in illicit digital coins, including more than $160 million in Bitcoin alone, according to the cryptocurrency research firm, Chainalysis.<br /><br />Suex’s addition to the Treasury Specially Designated Nationals and Blocked Persons List prohibits Americans from doing business with it."<br /><br />This really isn't a credible response to the problem.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-83125857922878976242021-09-21T06:11:14.291-07:002021-09-21T06:11:14.291-07:00Ax Sharma reports that $5.9 million ransomware att...Ax Sharma reports that <a href="https://arstechnica.com/information-technology/2021/09/5-9-million-ransomware-attack-on-farming-co-op-may-cause-food-shortage/" rel="nofollow"><i>$5.9 million ransomware attack on farming co-op may cause food shortage</i></a>:<br /><br />"Iowa-based provider of agriculture services NEW Cooperative Inc. has been hit by a ransomware attack, forcing it to take its systems offline. The BlackMatter group that is behind the attack has put forth a $5.9 million ransom demand. The farming cooperative is seen stating the attack could significantly impact the public supply of grain, pork, and chicken if it cannot bring its systems back online."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-63479538502823756782021-09-20T19:17:25.999-07:002021-09-20T19:17:25.999-07:00Dmitri Alperovitch's NYT op-ed America Is Bein...Dmitri Alperovitch's NYT op-ed <a href="https://www.nytimes.com/2021/09/20/opinion/ransomware-biden-russia.html" rel="nofollow"><i>America Is Being Held for Ransom. It Needs to Fight Back.</i></a> argues for taking the offensive against ransomware gangs:<br /><br />"The United States should build off the model used by Task Force ARES, targeting ransomware criminals’ technical and financial infrastructure. Such a campaign could reveal <a href="https://intrusiontruth.wordpress.com/" rel="nofollow">personal details</a> about the perpetrators, take down the ransom payment servers they are using to conduct operations, <a href="https://www.nytimes.com/2021/08/31/opinion/ransomware-bitcoin-cybersecurity.html" rel="nofollow">seize their cryptocurrency wallets</a> and perhaps even introduce subtle bugs into their code that enable victims to unlock their data without paying a ransom."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-34545092383922198992021-09-14T12:40:24.028-07:002021-09-14T12:40:24.028-07:00Charlie Osborne's The state of ransomware: nat...Charlie Osborne's <a href="https://www.zdnet.com/article/the-state-of-ransomware-national-emergencies-and-million-dollar-blackmail/" rel="nofollow"><i>The state of ransomware: national emergencies and million-dollar blackmail</i></a> reports on Trend Micro's <a href="https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/attacks-from-all-angles-2021-midyear-security-roundup" rel="nofollow"><i>Attacks from all angles: 2021 midyear security roundup</i></a>. Osborne writes:<br /><br />"Banks have been "disproportionately affected" by a surge in ransomware attacks, clocking a 1,318% increase year-on-year in 2021.<br />...<br />This year alone, we have seen high-profile cases of ransomware infection -- including against <a href="https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/" rel="nofollow">Colonial Pipeline</a>, <a href="https://www.zdnet.com/article/updated-kaseya-ransomware-attack-faq-what-we-know-now/" rel="nofollow">Kaseya</a>, and Ireland's <a href="https://www.zdnet.com/article/ransomware-irelands-health-service-is-still-significantly-disrupted-weeks-after-attack/" rel="nofollow">health service</a> -- cause everything from business disruption to fuel shortages, declarations of national emergency, and restricted medical care. <br /><br />These attacks are performed for what can end up being multi-million dollar payouts and now these campaigns are becoming easier to perform with initial access offerings becoming readily available to purchase online, cutting out the time-consuming legwork necessary to launch ransomware on a corporate network. "David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-5535044855330759452021-09-07T08:17:37.708-07:002021-09-07T08:17:37.708-07:00In This is the perfect ransomware victim, accordin...In <a href="https://www.zdnet.com/article/this-is-the-perfect-ransomware-victim-according-to-cybercriminals/" rel="nofollow"><i>This is the perfect ransomware victim, according to cybercriminals</i></a>, Charlie Osborne discusses a <a href="https://ke-la.com/the-ideal-ransomware-victim-what-attackers-are-looking-for/" rel="nofollow">report from KELA</a>:<br /><br />"on listings made by ransomware operators in the underground, including access requests -- the way to gain an initial foothold into a target system -- revealing that many want to buy a way into US companies with a minimum revenue of over $100 million.<br />...<br />When you consider a successful ransomware campaign can result in payments worth millions of dollars, this cost becomes inconsequential -- and can mean that cybercriminals can free up time to strike more targets. <br />...<br />Ransomware operators are willing to pay, on average, up to $100 000 for valuable initial access services."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-30392936256753039932021-09-06T13:49:03.493-07:002021-09-06T13:49:03.493-07:00Dominic Connor's When the bits hit the fan: Wh...Dominic Connor's <a href="https://www.theregister.com/2021/09/06/what_do_do_when_hit_by_ransomware/" rel="nofollow"><i>When the bits hit the fan: What to do when ransomware strikes</i></a> is a useful compendium of advice. In particular, that your cyber insurance policy is unlikely to pay out:<br /><br />"Some of the insurers sell themselves on having a list of recommended firms to help you in a crisis, from law to technical and – given that attacks now make front pages – PR.<br /><br />But here's the thing. The technical people work for the insurer, not you, so while they provide help and untangle your systems, they will also be looking for the ways you have not complied with the "reasonable" precautions mandated by your policy.<br /><br />Providing that every single piece of software is patched up to date, there are scanners on everything, a full inventory, all access is at least 2FA, you don't ever ignore alerts, your backups are regularly validated as is pentesting, and all this is documented – then that might not be a problem. But back in the real world, it is."<br /><br />And that paying the ransom might not help:<br /><br />"<a href="https://www.theregister.com/2021/05/13/colonial_pipeline_ransom/" rel="nofollow">Ransomware victim Colonial Pipeline</a>, which is said to have paid criminals $5m in May this year for a <a href="https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom" rel="nofollow">decryptor</a>, reportedly found that it ran so terribly slowly that they might as well restore from backups and just take the hit of the data loss despite having paid the ransom.<br /><br />So it may be that you need to spin up a whole pile of cloud instances to get your data back quickly enough, after all - your systems mean the business can still make sales. This also lowers the risk of the ransomware re-infecting your systems. But if you do pay the ransom and use a decryptor, you need to be ready for the fact that the data may have been mangled unintentionally – since encrypting live files is an inherently unreliable action and the criminal developers won't have been trying all that hard to manage its integrity."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-3798755640261637192021-08-21T15:23:50.429-07:002021-08-21T15:23:50.429-07:00Brian Barrett points out that The T-Mobile Breach ...Brian Barrett points out that <a href="https://www.wired.com/story/t-mobile-breach-much-worse-than-it-had-to-be/" rel="nofollow"><i>The T-Mobile Breach Is Much Worse Than It Had to Be</i></a>:<br /><br />"Assorted data from more than 48 million people was compromised, and while that’s less than the 100 million that the hacker had initially advertised, the vast majority of those affected turn out not to be current T-Mobile customers at all.<br /><br />Instead, T-Mobile says that of the people whose data was compromised, more than 40 million are former or prospective customers who had applied for credit with the carrier."<br /><br />T-mobile didn't need data on non-customers for its operations. Presumably it was hoarding this data in order to sell it. They should have paid attention to Cegłowski.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-77889289737912659352021-08-16T20:38:43.315-07:002021-08-16T20:38:43.315-07:00T-mobile was lucky that the guy penetrating their ...T-mobile was lucky that the guy penetrating their network didn't ransomware them and bring their network down. Dan Goodin reports that <a href="https://arstechnica.com/gadgets/2021/08/t-mobile-has-been-hacked-yet-again-but-still-doesnt-know-what-was-taken/" rel="nofollow"><i>T-Mobile has been hacked yet again—but still doesn’t know what was taken</i></a>:<br /><br />"By some counts, T-Mobile has experienced as many as six separate data breaches in recent years. They include a hack in 2018 that gave <a href="https://web.archive.org/web/20180824235743/https://www.t-mobile.com/customers/6305378821" rel="nofollow">unauthorized access</a> to customer names, billing ZIP codes, phone numbers, email addresses, and account numbers. In a breach from <a href="https://web.archive.org/web/20200508145740/https://www.t-mobile.com/responsibility/consumer-info/cpni-notice" rel="nofollow">last year</a>, hackers absconded with data including customer names and addresses, phone numbers, account numbers, rate plans and features, and billing information."<br /><br />T-mobile may claim not to know what was taken, but they could read Joseph Cox's <a href="https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million" rel="nofollow"><i>T-Mobile Investigating Claims of Massive Customer Data Breach</i></a>:<br /><br />"T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn't mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers.<br /><br />The data includes social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information, the seller said. Motherboard has seen samples of the data, and confirmed they contained accurate information on T-Mobile customers."<br /><br />In other T-mobile news, Jon Brodkin reports that <a href="https://arstechnica.com/tech-policy/2021/08/t-mobile-apparently-lied-to-government-to-get-sprint-merger-approval-ruling-says/" rel="nofollow"><i>T-Mobile apparently lied to government to get Sprint merger approval, ruling says</i></a>:<br /><br />"T-Mobile apparently lied to government regulators about its 3G shutdown plans in order to win approval of its merger with Sprint, according to a ruling in a proceeding in front of the California Public Utilities Commission (CPUC). <br />...<br />T-Mobile's false and misleading statements under oath indicated, among other things, that T-Mobile would make its CDMA network "available to Boost customers until they were migrated to Dish Network Corporation's LTE or 5G services" and that Dish would have up to three years to complete the migration, the ruling said."<br /><br />Ax Sharma reports on another of today's data breaches in <a href="https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/" rel="nofollow"><i>Secret terrorist watchlist with 2 million records exposed online</i></a>:<br /><br />"A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.<br /><br />The list was left accessible on an Elasticsearch cluster that had no password on it.<br />...<br />The 1.9 million-strong recordset contained sensitive information on people, including their names, country citizenship, gender, date of birth, passport details, and no-fly status."<br /><br />I don't expect any of the people responsible for these breaches and lies to suffer any consequences. Which pretty much guarantees that the breaches and lying will continue.<br /><br />Six years ago Maciej Cegłowski's posted <a href="http://idlewords.com/talks/haunted_by_data.htm" rel="nofollow"><i>Haunted by Data</i></a>, asking you to:<br /><br />"imagine data not as a pristine resource, but as a waste product, a bunch of radioactive, toxic sludge that we don’t know how to handle."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-74929937133417196362021-08-16T14:02:45.487-07:002021-08-16T14:02:45.487-07:00What will it take for this to be a crisis? Dan Goo...What will it take for this to be a crisis? Dan Gooding reports that <a href="https://arstechnica.com/gadgets/2021/08/hospitals-hamstrung-by-ransomware-are-turning-away-patients/" rel="nofollow"><i>Hospitals hamstrung by ransomware are turning away patients</i></a>:<br /><br />"Dozens of hospitals and clinics in West Virginia and Ohio are canceling surgeries and diverting ambulances following a ransomware attack that has knocked out staff access to IT systems across virtually all of their operations.<br /><br />The facilities are owned by <a href="https://mhsystem.org/" rel="nofollow">Memorial Health System</a>, a nonprofit network of services that represents 64 clinics, including hospitals Marietta Memorial, Selby, and Sistersville General in the Marietta-Parkersburg metropolitan area in West Virginia and Ohio. Early on Sunday, the chain experienced a ransomware attack that hampered the three hospitals’ ability to operate normally."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-19093948100181756392021-08-12T16:01:39.683-07:002021-08-12T16:01:39.683-07:00Catalin Cimpanu reports that Accenture downplays r...Catalin Cimpanu reports that <a href="https://therecord.media/accenture-downplays-ransomware-attack-as-lockbit-gang-leaks-corporate-data/" rel="nofollow"><i>Accenture downplays ransomware attack as LockBit gang leaks corporate data</i></a>:<br /><br />"Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups.<br /><br />News of the attack became public earlier this morning when the company’s name was listed on the dark web blog of the LockBit ransomware cartel.<br /><br />The LockBit gang claimed it gained access to the company’s network and was preparing to leak files stolen from Accenture’s servers at 17:30:00 GMT.<br />...<br />Just before this article was published, the countdown timer on the LockBit gang’s leak site also reached zero. Following this event, the LockBit gang leaked Accenture’s files, which, following a cursory review, appeared to include brochures for Accenture products, employee training courses, and various marketing materials. No sensitive information appeared to be included in the leaked files."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.com