back to article Euro ransomware probe: Five Romanians cuffed

Five people suspected of infecting Windows PCs with ransomware – and extorting money from more than 170 victims in Europe and the US – have been arrested. In the past week, an international crimefighting task force led by Europol collared the quintet in Romania – and searched six homes, seizing a load of computer parts and …

  1. Anonymous Coward
    Anonymous Coward

    'For instance, keep offline backups of your files'

    But the Cloud dude! How many users even keep offline backups anymore? In my field, almost all just rely on source-control hosting along the lines of Perforce / Github etc. It seems few are asking WHAT-IF any of those repositories ever get hacked / hijacked / erased etc. No one is thinking it could / can happen. Like the 2008 economic collapse, it never happened!

    1. JC_

      Re: 'For instance, keep offline backups of your files'

      "How many users even keep offline backups anymore?"

      Since you're talking about Git repositories, then every other developer that has a given repository is also acting as a backup for it. If GitHub goes titsup then our small office will lose ticket history at most - no big deal, and a lot less than we'd lose if we tried to replicate GitHub ourselves and stuffed up.

      Cloud-based backup such as CrashPlan is immensely useful. It runs automatically while the user forgets about it, until they need to recover something. Local backup requires the user/company to know what they're doing and actually do it well - when you look around (and at yourself) you can see that that is asking a lot.

      (We have internal backups, too, of course; to follow the 'rule of three' and because there's more than just source code that's worth backing up.)

    2. Anonymous Coward
      Anonymous Coward

      Re: 'For instance, keep offline backups of your files'

      Strange that you mention this, I left IT a few years ago to move into infosec but my old employer had two teams who worked in different areas but with the same equipment. Interestingly the only difference was the team leaders were permitted to decide upon backup strategy, I was one of those team leaders.

      1. My old team:

      Full weekly backup + diffs in between, every month one of these tapes is rotated to an off-site storage fire proof safe. Every 3 months a full bare metal restore takes place. We had 60 sites doing this, sounds like a lot of work but the restores were scripted and fairly minimal manual intervention required except to double check the restoration worked correctly (about an hours work in total x 20 per month in a team of 5).

      2. Other team

      Monthly full backup plus differentials, all held in the cloud. Local backups taken every 3 months or so and held in fireproof safe (same one as I used). 6 sites (similar number of users to my rural sites).

      You'll notice team 2 never tested backups, guess what happened? Yup I ended up bailing them out 3 times in 5 years because my team were confident at carrying out restores during shit-hits-the-fan moments. We might have relied upon scripts but those were scripts my team wrote and updated between them over the course of a couple of years and they knew how to do it manually anyway.

      Cloud backups are vulnerable but typically not testings backups is the bigger issues IMHO particularly if you have staff turn over higher than normal. You need staff to be confident in making those restores so that when things do go wrong they aren't worried about that process.

  2. hatti

    Does anyone know where you can buy those black square masks?

  3. sloshnmosh

    Cerber ransomeware

    I received Cerber ransomeware every week for several months in an old email account of mine.

    They always arrived in the form of a .zip attachment claiming that: "UPS package undeliverable"

    and the .zip file was supposed to contain tracking information.

    I unzipped one in a Windows 7 VM for kicks and it encrypted any .jpg, .pdf, .zip and .doc files but left pretty much everything else alone.

  4. Jtom

    Illegal, yes, but it would be much more satisfying if they had just sent a drone to blow them and their equipment to smithereens. Bet it would make other cyberthugs think twice, too.


    Did anyone in the hospitals die during the infection?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020