I'm assuming that uses radar triangulation to determine the firing location, rather than actively try to ward off incoming rounds... unless technology has improved FAR more than I was aware of!
Internal confidential documents belonging to some of the largest aerospace companies in the world have been stolen from an industrial contractor and leaked online. The data was pilfered and dumped on the internet by the criminals behind the DoppelPaymer Windows ransomware, in retaliation for an unpaid extortion demand. The …
"[...] at least compared to a cricket bat."
In a Modesty Blaise novel - possibly "The Impossible Virgin" - a cricket bat is used to project primed hand grenades from behind a wall.
In a boys' comic of the 1960s. A story culminates in hand grenades being launched from a hand sling - following practice with small aubergines viz "egg plant".
In both cases the grenades were the British Mills Bomb style.
Can't speak for the one in the article but there are anti-mortar systems that detect the incoming rounds and shoot them out of the sky. There's one based on the the Phalanx naval anti-missile system - Phalanx CIWS. Phalanx is primarily anti-missile, but it can be used against mortars and artillery, although probably with a lower hit-rate. Also note that the gun fires a shed-load of rounds in the general direction of the incoming - it doesn't knock them out of the sky with a single shot. More of a grouse shooter than a sniper.
Yes, it’s learning the firing location that is the primary idea, so that you can lay in your own artillery on that location. The idea is, if you’re paying attention, to have your rounds heading back before theirs even land.
Of course, if they’ve got the same sort of radar you probably want to be careful to fire back only if their rounds are on target, because they may be firing in a general direction to illicit your artillery response so they then learn your actual location...
And if you throw in battlefield ESM too, your radar is giving away your location anyway, so you might not want to be using it routinely. That places an emphasis on keeping one’s ears open, switching your radar on only when you hear a thump, and make sure that your radar is well away from your artillery. But then you still have to second guess whether theirs are on target in the first place.
All in all, best be sneaky and be somewhere else entirely.
Just to nitpick slightly but mortars go crump, not thump. I'm slightly expert since the Barry Buddon military training firing range is within earshot of Muscleguy Towers, especially if the wind is from the East.
The lower cycle path between here and Carnoustie goes right past it, on their side of the railway line. I have run along there with an absolutely furious fusillade of automatic fire sounding from the right without an issue. They let wander around when the flags are not flying and all the ranges have high earthen berms behind them and none face inland, just in case.
Though they usually fire the mortars while I'm returning along the upper path by the A92 to Arbroath but the sound carries well up the hill so I'm familiar with the sound. Most of us can discern side arms, grenades, light automatic, heavy automatic and light artillery such as mortars which go Crump.
If post viral lockdown anyone is interested in taking such a stroll drive to Monifieth centre and follow the signs to the beach where you leave the car. Walk to the shoreline and follow the path above the beach, if the flags are not flying. There should be a squaddy in the guard box to prevent you as well. They are very careful. There's even a marine exclusion zone as they are wont to put target pontoons out for the heavier stuff. You are strongly advised to leave anything interesting you might come across well alone though.
It is also a good example of undeveloped coastlal Links which have not been turned into a golf course if you want an idea of how golf got started. You can walk all the way out to the lighthouses on the point as well.
There is also the technique of "shoot and scoot", which is what mobile arty is all about these days. But yeah, when the stakes get high enough, the counter-counter-counter-counter strategy loses to the counter-counter-counter-counter-counter strategy. Unless the counter-counter-counter-counter strategy changes at the last minute. Then all bets are off.
If I recall correctly, Lockheed have a 50kW laser weapon that can just heat rockets until they explode from several km distance. It can quite easily destroy planes. No suggestion they stole the docs for this though, as I imagine Lockheed have a variety of laser/radar/thermal scanning equipment in their portfolio.
I would personally not want to upset someone with that kind of weapon in the warehouse.
Laser systems aren't a magic kill against missiles. Most rely on melting a small spot on the missile skin and have aerodynamic forces tear it apart or start it tumbling. The simple approach of spinning the missile nearly defeats this, although it takes a more sophisticated or much simpler (e.g. the original sidewinder, which was awesomely clever) control system to do this.
"The simple approach of spinning the missile nearly defeats this, although it takes a more sophisticated or much simpler [...]"
An enhancement of primitive spears was to wrap one end of a short thong round the shaft several times. The other end was attached to the thrower's arm. When the spear was thrown the unwinding thong caused the shaft to spin - thus stabilising it in flight and increasing its accuracy.
There are various C-RAMS ssytems that the US has based on 2+ gatling guns firing a lot of lead and incendinaries to make life hard:
Not sure of the effective hit rate but it looks like they can target between 25-30 incoming rounds between reloads.
It is total and utter negligence that this contractor has allowed this information to be accessed by unauthorised individuals. Visser Precision should be barred from any further contracts, and whoever is/are responsible for their computer security (depending on if it's due to denied funding or just plain incompetence) should be locked up for a very long time.
this contractor has allowed this information to be accessed by unauthorised individuals
Oh that ship has sailed long, long time ago. As a matter of fact, that ship has even reached it's destination port and (may have) offloaded highly-classified cargo before anyone knew about it.
As a virtual real world example :
Try to secure a building. You use Perimeter controls, fences, secure doors, alarms, etc. Not hard, right?
Now try to imagine to secure a building where fences have holes you cannot see. Where walls have doors you cannot see. Some walls that used to exist forever are gone the next day. Some walls only look like walls when in reality they are just props from a film set. Where people that you cannot control are working on structural changes and who routinely refuse to tell you what they did. Where alarms notice some trespassers while ignoring others. Where you learn one day that while you thought you had the only keys to the building, the company who made the doors was handing out every key to every door they ever made to anyone who asked...
Good luck with that...
To expand on your real world analogy, real world security is mostly about making it harder and more difficult to enter premises or steal a car.
It doesn't make it impossible to enter, given enough time and some tools anyone can break into a bank vault or office but time is whatvreal word thieves don't have, they will be discovered and caught.
Infoscabs on the other hand can operate unseen and mostly undetected usually until it is too late, even when they are detected, it is usually only their virtual presence o are difficult to catch and prosecute physically.
"Infoscabs on the other hand can operate unseen and mostly undetected usually until it is too late"
That is down to who is watching, like in the real world, scouting the place, usually don't notice them, but if they have found a way which isn't monitored, they may be able to get in unnoticed. It's this part which is the problem. Most places will say that they monitor everything, when in fact they monitor nothing, just log, or have random crap showing up. They don't know what to look for.
Like with the bank job, someone cutting into a vault isn't normal, so is picked up and reported. Someone being some where they shouldn't is less likely to be, depending on who found them.
Most stuff with online security is post break in as the people monitoring do not know what to look for as people do not know what our of the ordinary, unless it's so blatent.
@EricM: "Now try to imagine to secure a building where fences have holes you cannot see. Where walls have doors you cannot see. Some walls that used to exist forever are gone the next day. Some walls only look like walls when in reality they are just props from a film set. Where people that you cannot control are working on structural changes and who routinely refuse to tell you what they did. Where alarms notice some trespassers while ignoring others. Where you learn one day that while you thought you had the only keys to the building, the company who made the doors was handing out every key to every door they ever made to anyone who asked..."
Now imagine the liability if you used that place to store hugely valuable stuff. You would have done your due diligence on the building before using it, and not taken someone else's word for its security. To do otherwise would find you liable for civil and possibly criminal action.
The problem with infosec is that there is too little liability when things go wrong. It needs to hurt if you use a movie-prop instead of a reinforced wall.
If you're the one choosing that, then yes, but the problem is that you're counting on somebody who told you the wall was solid concrete, when actually it was just thin plaster.
This is the state of computing today : Microsoft denies all responsibility if something goes wrong, anti-virus vendors do the same, everyone is functioning under "best effort" rules, and along the line, someone forgot the concrete.
Not to mention that it is not specified how the miscreants managed to get into position to encrypt the files. A click on a wrong link is not too far-fetched.
The real problem is that a defense contractor did not have sufficient intrusion detection. I'm guessing they had backups, but that won't keep the scum from publishing.
Security is hard, that's for sure.
If you're the one choosing that, then yes, but the problem is that you're counting on somebody who told you the wall was solid concrete, when actually it was just thin plaster.
This is the state of computing today : Microsoft denies all responsibility if something goes wrong, anti-virus vendors do the same, everyone is functioning under "best effort" rules, and along the line, someone forgot the concrete. ..... Pascal Monett
So simply complex misdisinformation is the problem bastard child, Pascal Monett?
A little twisted brother to the monstrous fcukup presently busy destroying money, bond and stock markets with their portfolios of bankrupt zombie operations and grand theft autocracies professed and processed to be untouchable and omnipotent rather than be known terrified of that and/or those au fait with being invisible and omniscient.
Is that why dodgy corrupt command and control systems cannot handle novel information which they do not possess?
> Now imagine the liability if you used that place to store hugely valuable stuff. You would have done your due diligence on the building before using it, and not taken someone else's word for its security. To do otherwise would find you liable for civil and possibly criminal action.
Accept criminal liability for security in a world where invisible doors exist and you cannot tell concrete and cardboard apart?
I'd get a new job immediately, since no amount of due diligence will make sure I have not overlooked one of the invilible doors. Or that no new door will pop up due to changes made by somebody else tomorrow.
@EricM: "... security in a world where invisible doors exist and you cannot tell concrete and cardboard apart?" That is part of what I'm talking about - is it a fundamental truth that invisible doors and papier maché walls will exist? If so, why?
"... no new door will pop up due to changes made by somebody else tomorrow." Surely this is part of the problem - too much reliance on "somebody else".
"... no amount of due diligence will make sure I have not overlooked one of the invisible doors." Then a new model is needed, and liability is a very effective way of doing that. Currently, we are at the pre-Factory Act* level, with risk externalised. That risk needs to become internal so that the metaphorical factories are built properly.
*Not exactly analogous I admit, but illustrative.
> That is part of what I'm talking about - is it a fundamental truth that invisible doors and papier maché walls will exist? If so, why?
Neccesarily. Whatever you need to do in computer security, securing Websites, Web-Apps or simply securing documents inside a company, you need to work with existing (and continually changing) hardware, firmware, drivers, operating systems, network protocol implementations, firewalls, management solutions, etc.
Every component you work with is updated regularly (if you do it right). This means a) known bugs a closed, b) new features are added and c) new bugs are introduced, every single one a potential new door.
On all architecture levels mentioned above - simultanously.
> too much reliance on "somebody else".
Yes, every application you create/run/maintain today sits on a ton of other software you cannot control.
OK, you _could_ try to create a for example document management solution based on your own Hardrware, firmware, drivers OS, own network stack, own firewall code and finally own application.
But you'd need to invest thousands (millions?) of man-years to create and test tons of new new code.
And with an overwhelming probablitity your own code will have many more bugs than the stuff already on the market that has been tested in in thousands of installationson.
So, yeah, relying on somebody else is a problem, but having to code everything up from bare matal yourself would pose a worse problem in terms of security, let alone feasability.
@EricM: Thanks for a comprehensive explanation of the current situation. However, you can't derive an "ought" from an "is". The current situation has grown into a clusterfuck, but lack of liability is part of that. There is no incentive to fix it at the moment - you (and I'm sure you are good at your job) are dependent on the weakest coder working for the lowest bidder. Given that the importance of computers to modern society is more important than coal to the industrial revolution, this cannot, morally or practically, be allowed to go on - this the law needs to step up and wield a baseball-bat to the industry.
I’m currently being pressured into doing stupid things because people who don’t have my skill set think it’s a better way of doing my job.
That’s why stupid invisible doors in invisible walls get built.
Another 1 I spotted the other week, a part of the business complaining network connectivity isn’t working, demanding we escalate to get it to work. Simple questions like what is the hi level design and what do you need to connect to what go unanswered, just demands to allow through ip ranges but no detail as to what to allow the, through to. An old change request raised Over a year ago showed a change was made 3 weeks ago to accommodate this request and was performed by a junior engineer who did not question the intention and applied access to an existing rule.
Turned out the access they needed was to a cloud deployed system, not managed by us with no visibility by us, and we have had no further contact from that business unit since they fixed their issue. Questions about PII/Pci etc also unanswered.
That unnecessary access they got implemented is still there though. Can I get a change approved to remove it, no, who’s gonna pay for that?
That’s how invisible doors in paper thin walls get made. no one is ever going to close it
Now try to imagine to secure a building where fences have holes you cannot see....
So you encrypt your data when it's at rest.
You may not see the holes, but you should know where they will be. You set up firewall rules with a whitelist for the only permitted external connections. You disallow externally initiated conections through the firewall, although I'll accept that in this case the ransomware probably initiated connections from inside the firewall - though it's still worth seeing what you could do in that area.
And ultimately, of course, if the sensitivity of the information is great enough, you air gap your systems - with no connections to the outside world.
And so on....
Sure you do that - you block all known attack vectors to access the data.
Until someone comes up with a new idea or - as is likely in this case - someone turns an authorized user's computer into a trojan horse that effectively steals the documents.
For encryption at rest:
Many people think that's a silver bullet, however, if continous accessability of the information is part of the requirement (which is true in most cases) you need to distribute the password/private key in some form to the point of access, otherwise even the authorized end user cannot read and work with the data. That's why I tend to view most implementations of encryption at rest somewhat as snake oil. The just make it somewhat harder to extract cleartext data.
Same problem with air-gapping systems.
In this case you need to bring every user of the data behind the air gap. Which excludes such a solution from most real-world scenarios.
Especially in complex distributed development, where optimized sharing of documentation/information is regarded as key to mission success..
Another analogy is to invest trillions in people technology, buying influence etc etc to learn state secrets and then declare some secret about a foreign state to your president who then blabs about it on tv or twitter.
All the security, processes and technology won’t defeat that unless the process is not to tell the President for fear of unraveling everything.
Allowing internet access to your secure systems is fundementally a bad decision if you want to retain security.
Again with the banking analogy breaking in is one thing getting out with the loot is another, if the only way to access the data is by physically being in a secure and policed area then the chances of catching the bad guy before he causes you real issues are much better than where the bad guy can be sitting at home in a different country.
Given the number of recent US security breaches that were down to "security inept"/stupid contractors not taking the same security measures as their client then one wonders if allowing extrernal contractors is really a good idea, assuming of course that these leaks are not intentional misdirection.
in the olden days, default gateways where to a black hole on each site and each router.
We are now being asked to implement default gateways so that cloud services work, from Meraki, to Google services, to ring central, to zoom, to cloud hosted offerings with Load Balancers.
fundamental basic security is continually undermined to enable stupid cloud offerings that replace perfectly functioning internal systems.
You forgot to add "And where the security staff make genuine, justified access to the building such a nightmare of locks, checks and sheer bloody-mindedness that every employee who can arranges his or her own private gate into the most secure areas.
That's awesome if you want a cover up, in cyber security the most effective operate a blame free culture, learning from mistake and implementing effective controls.
Please don't get a job in cyber security, we need to reduce breaches.
...and yes I suspect it was started by something basic...just someone opening an email on a system due a patch that day.
This sort of data sounds like sensitive, but not classified, information (a category called "controlled unclassified information", CUI). In the US, the prevailing attitude is not that suppliers "should be barred" so much as noting that they (Visser) may have difficulty getting new contracts from their customers (whose data they allowed to leak)...
Terrifying to think industry leaders in security practices can be hit so badly by an attack. This must have been highly targetted to access this level of information; I wonder how they did it?
I stand with Lockheed Martin on the handling of the situation though; as soon as the data was lost the worst had already happened. Throwing money down the pit doesn't guarantee the data can be recovered or kept/leaked. Never pay the ransom guys.
"Terrifying to think industry leaders in security practices can be hit so badly by an attack."
I'm not surprised by anything these day, IT is now a sector were it is considered an improvement by itself to put your data elsewhere.
Security and continuity are just a paper excersize these days, GDPR isn't making a difference at all in practice. And decision makers neither care nor understand IT at all these days. All they do is make chairs rotate until they get the answer they want to hear.
There surely will be exceptions but there is definitely a trend going on.
GDPR isn’t making a difference... because the 2 high profile fines go BA and Marriott were deferred/put to appeal.
In the current economic catastrophe/climate, they will be watered down to nothing.
Without fines that hurt badly, GDPR will continue to be ignored. Perhaps some CEO jail-time is a happy medium in these trying times. That won’t put a burden on the companies. Willie Walsh - 12 months in the Scrubs.
It also sends a useful message to these scum: Don't bother attacking us again - you're just wasting your time and risking your freedom for nothing.
If everyone did that in such situations (and including kidnappings) the crimes would be far less common. Every time someone gives in to extortion they propagate the evil practice.
Having the data encrypted and trusting someone who says they'll sell you the keys is one thing. But if someone has actually got a copy of your material which is going to be valuable to others would you really trust them not to sell it on however much you pay them? If you can trace them it would be better to spend the money on some heavies. Real heavies.
A murder is almost always either an end in itself or a side effect of the intended crime. People commit murders because they either very much want someone dead, or because "something went wrong" when threatening murder to commit some other crime.
Extortion, kidnapping and blackmail are neither of those things. They are always a means to an end, never an end in themselves. Usually it's to get money, but sometimes other things.
If it did not get them money etc, they wouldn't bother with ransomware. They'd do something else that does get them the money.
Oh, and the penalty is not particularly relevant, only the chance of having the penalty applied.
The death penalty also means mass murder is safer than one murder, because leaving witnesses means a higher chance of conviction.
Every time someone gives in to extortion they propagate the evil practice. ....... AndreuC
Is government taxation an evil extortion practice? How well are the trillions paid into such unicorn coffers delivering for you? Have you received your £10,000 yet for working from home or is that only for members of Parliament and locally elected legislative assemblies .... https://www.belfasttelegraph.co.uk/news/health/coronavirus/coronavirus-ni-mps-defend-offer-of-extra-10000-expenses-for-working-from-home-39117858.html
> If everyone did that in such situations (and including kidnappings) the crimes would be far less common.
By the same logic, a bulletproof solution to hostage-taking as any kind of tactic at all would be a policy of killing everyone, hostages included.
For some reason, people get notoriously pissy if you slaughter their kinfolk as the sacrificial lambs to ensure that would-be hostage-takers know that you don't fuck around and have an explicit policy of ensuring a 100% kill ratio of hostage-takers at any cost.
"I wonder how they did it?"
Chances are, the same way RSA was hit some years ago - low level accountant's login/PC, spear-phished document, allowed scripting when previewing/opening such documents. On WIndows. In Outlook. Or with MS Office. And auto-run scripts aren't completely disabled. And the attachments get "clicked on" in the e-mail. Of course.
It was like a running joke at this one place I was on site - "the accountant" regularly had to have her PC disinfected.
I (and probably everyone else) regularly get these "invoice attached" e-mails with shady 'from' addresses, and of course, documents attached that I must view somehow to get the gist of the message. Fortunately for me, I'm NOT running windows (or in particular, Outlook) when I read my e-mail... NOR (especially) do I view e-mail as HTML [or run a mail reader that PREVIEWS ATTACHMENTS like Virus Outbreak probably still does]. (and don't even get me started on web mail... ugh). If everyone ELSE were to do this, we wouldn't have ransomware problems. General vulnerability would be too low for them to bother trying. "Safe Surfing" in other words.
(and I also save files to disk and USE THE VIEWING APPLICATION ITSELF via "file open" or a command line if it appears to be something legit). "libreoffice filename" (from bash) usually works.
To wit, where I used to work at least two outside engineers (not IT, construction) routinely emailed documents from unrecognized accounts (home? phone? WTF?) and subject lines like "heres pdf for filtration project plz review". The email itself would typically contain no text, just an attached document.
It was a great way to prep an organization for successful spear-phishing.
Ah Bob, I want to upvote your first paragraph but then you have to go all rabid in the second as usual. FYI I've run Windows and Outlook for the last 25+ years. Would you like to know how many virus infections I've had? None.
Software has nothing to do with it. Sensible security practices like not opening messages from people you don't know or attachments that you're not expecting and have no message content are all that is really needed.
Q: I wonder how they did it?
A: You research the target and send them an email that looks like something that they would expect to see and would open quickly. The email probably appear to be from (or might even have been sent from) Lockheed, SpaceX or another existing customer with a request for a new quote, payment details, a security notification, a spreadsheet, a link to a new project website, etc.
Or you hack an employees computer at home and wait for them to log into work - remember that there have been a lot of information leaks like the Equifax leak that mean that the dark side of the web knows who's working for most companies - so you just pick the company that they want to target.
Oh wait, that was just during the current pandemic.
Which kinda implies they consider healthcare a "legitimate" target at any other time. Which means they consider any and all of us as legitimate targets. Rather than paying them off, maybe the tech firms could consider using their resources to track these "people" down and pass the information on to someone capable of taking the scum offline " with extreme prejudice"?
Unauthorized possession of classified military information is a serious crime.
Unfortunately, if these miscreants live in a country hostile to the United States, which would like to get its hands on American defense secrets, it's unlikely that this will help to lead to their prosecution.
Thus, there's an urgent need to make nuclear weapons obsolete, so that the United States can have something better, with which to effect regime change in Russia and China. Then our computers will be safer, because ransomware scum would have no place to hide.
While we're waiting for this to happen, though, Microsoft needs to fix Windows so that things like this just can't happen. If you want to install a disk encryption utility, that should have to happen before Windows boots up - in a special "install mode" of the operating system that you only get into if you want to, something like getting into the BIOS on startup.
No government classified information was stolen or leaked in any of these instances.
Don't assume, and don't read into things. Sensitive contractor information does not mean it's government classified information.
No security is fool proof. If you believe the security you put up can never be breached, then it's time to find another job.
InfoSec is mostly about MITIGATING threats, because you can never eliminate all of them. Even if you air gap your system.
Legacy laptops, shadow ware, poor user habits, etc. can always find their way onto a system. Providing a means for attackers to penetrate a network.
You are correct in pointing out the article made no mention of classified material.
Having previously worked for a defense contractor, I can say it was a definite possibility.
I had said when ransomware first emerged, that it should be considered a data breach. If an outsider had enough control of your systems to encrypt some or all of your data, then you lost control of said data. They could do anything with the data not just encrypt it. They just found another way to monetize their break-in.
As was alluded to in other comments, trying to secure a system built for frequent business transactions against malicious transactions requires monitoring for and knowing the difference between legitimate and not. You also must be able to block the illegitimate before significant damage can be done. Sometimes this calls for blocking some legitimate. Too much blocking causes pushback and an ordered lowering of security.
No misdirection. ITAR is not classified. ITAR is International Traffic in Arms Regulations which covers a surprisingly large swath of technology categorized as arms. PGP and other commercially available encryption when PGP was introduced was caught up in being categorized as arms. This resulted in restricted trade internationally, but not classified. ITAR is now not as far reaching as it was, but still sweeps in more than many think it should. Classified information has a whole 'nother realm of restrictions. Many companies in the Defense Industrial Base (DIB) setup specific subsidiaries for work involving classified contracts, it simplifies a lot administratively. These entitys will typically have certain cyber security controls dialed up higher than the average multinational conglomerate in order to be allowed to work with classified information. The feds do not really like to share classified internationally so it is sort of mutually exclusive to ITAR information which is shared, albeit tightly controlled sharing.
As they clearly got the ones they published, what else did they get, and who have they already sold it to?
Assume they got everything, because they almost certainly did.
Assume they did NOT publish all of it, because they'd be really stupid to give the actually "Secret" things away for free.
> No government classified information was stolen or leaked in any of these instances.
That is exactly the kind of spin you'd expect if it's overflowing with hidden secrets and they want to dissuade anyone downloading and perusing the secret military weapons documents wow nothing of interest there obvs
"I've heard the bounty for the heads of the DoppelPaymer crew "
When you start fusking around with military systems there's a good chance there won't be enough left to say you have a head - more like a smear of strawberry jam.
It's a bit like the ransomware gangs still targetting medical systems at the moment - people are about to start showing up mysteriously dead, having killed themselves with 3 bullets to the head and 2 to the heart
Too many on here are giving the "victim" the benefit of the doubt.
These days, there's a good chance security weaknesses are due to patches not getting installed because "it would stop xyz software running".
There was a Reg report on the ransomware that crippled Maersk shipping a while back, that concluded that a year after the incident, many companies and organisations hadn't patched their software vulnerabilities because it would break legacy enterprise applications.
Yes, there's a (potentially significant) cost penalty, but where this is the root cause, why should they not be held liable? If they can afford the cost of loss of business and reputation (possibly fatal), how come they can't afford the cost of keeping their systems up to date?
If it was your bank that failed and cited that excuse, would you give them a free pass?
If attempting to update their systems stops them stone cold dead, they're just as screwed. Moreso because this WILL kill you, whereas a security breach only MAY kill you. Against those two choices, guess what happens?
PS. And no, changing the software may not be an option as the designer of the software likely no longer exists, and trying to start from scratch again leaves you stone cold dead.
That sounds like appeasement.
Security mitigation isn't something that happens overnight - it takes concerted action at the top of the organisation. If they're willing to overlook their responsibility, that can only be negligence.
Why should they get a free pass when other companies don't succumb to the same attack?
I can't really say I feel sorry for Lockheed Martin.. They have a history of thuggery themselves (bribing at the highest levels of the Dutch government for example): https://en.wikipedia.org/wiki/Lockheed_bribery_scandals . No love here for the Military Industrial Complex in general anyway.
SpaceX's work I really do applaud though and I'm sad they were hit by this.
Ffs Microshit, sort this out already.
1. How hard can it be allow a user to only allow apps they recognise to create/modify/delete files in standard user folders (Desktop, Documents, Downloads, Music, Pictures, Videos)?
2. Disable VB script by default, allowing users to turn it on on a case by case basis
3. Granted, any user daft enough to enable macros when opening a random file deserves what they get.
I reckon that should prevent most if not all ransomware dead in its tracks?
Yes I know most end point infections are the result of user error, but that's exactly why it's Microsoft's job to make a secure operating system.
Allowing random snippets of code carte blanche access to user files is not my idea of a secure operating environment.
Fewer infections leads to less money for the criminals which leads to even fewer infections till it basically becomes a worthless endeavour for the criminally minded.
"Yes I know most end point infections are the result of user error, but that's exactly why it's Microsoft's job to make a secure operating system."
But as the saying goes, you can't fix stupid. You can't save the user from himself. If the user wants a system they can get under the good, either Microsoft delivers to the user's satisfaction or the user takes his/her money elsewhere, leaving Microsoft in the lurch. See the problem?
IOW, if Windows throws up a warning that says, "Potentially dangerous attachment," and the user opens it anyway, then blames Microsoft for letting them get infected, what else can you do?
Well, now that military data has been stolen and distributed, whoever is running the scam can add espionage and possibly treason to the charges they will face, possibly even terrorism, which may be enough to allow international cooperation that didn't exist before, and extradition. Congrats guys, you've graduated to the big leagues. I'm sure there's a cell at Guantanamo with your name on it and a plausible explanation as to why you just disappeared..
"which may be enough to allow international cooperation"
LOL - you don't appear to have realised that 'King Trump is trying to start wars with anyone who will take him on. The may be trade wars - but they are still wars, as they are designed to inflict casualties.
When you attack so-called allies, don't be surprised if they don't have your back.
What baffles me is why someonelike Lookheed doesnt just emply some more hackers to fight thes scum back. The website they dump the docs on for example, is an obvious target. This is war ,surely.Put out a ransom dead or alive on the entire mob, $100,000 a head, somone will soon grass them up.
From the article: When the company failed to pay the ransom by their March deadline, the gang – which tends to demand hundreds of thousands to millions of dollars to restore encrypted files – uploaded a selection of the documents to a website that remains online and publicly accessible.
At least Visser got some of the information back - and they didn't have to pay.
More seriously: They also got a clue as to how long the bad guys had been in their system; long enough to steal the data before encrypting it in place. At least, I hope they reacted and didn't allow the encrypted data to leave their system after the ransom demand. If I was running a ransomware racket, I'd want to take a close look at any data that the target was prepared to pay to get back.
Are we going to stop coddling these fiends? Look, find them, do not arrest them. Put a TOW through their front door, douse the remains in kerosene and set it alight. Shoot anyone who comes out.
It's time to treat these people no better than 17th century pirates; kill them on sight.
That seems a bit drastic for a situation where no one was physically harmed, though I wouldn't shed too many tears if this became the policy. Might want to see if there are innocent family members present, and probably not a great idea if your (presumably properly investigated, tried, and convicted) suspect lives in an an apartment block..