that last paragraph is so... reassuring.
AC, because, you know...
The REvil/Sodinokibi ransomware gang has just published what it claimed were files stolen from UK power grid middleman Elexon. As reported here, the company was hacked two weeks ago. The stolen data was published on REvil's Tor webpage as a cache of 1,280 files, which we understand include documents that appeared to be …
"Companies with usable backups may still be willing to pay to prevent their data being published and, even if they are not, the data may be sold to competitors or sold and traded with other criminals."
And if you give these low lives a large wedge you think they won't sell your stolen data any way? Because they are in some way honerable?
No point paying. Tighten security. rebuild your servers. Sacrifice the boardmember who didn't want to fund the extra security to the GDPR gods and move on.
Uber paid the $100,000 ransom to have the hacked data destroyed...two years later they paid a multi-million dollar fine after being found out.
It's defense seems to be that those who'd broken into their systems illegally had suddenly turned nice and deleted the data for $100,000....in other news a red London Bus was found on the moon and a yellow New York Taxi was found on uranus.
This post has been deleted by its author
Increase your logging to centralised logging including PowerShell if Windows and perform widespread backups to offline/segreagated backups. Also ensure you are using LAN segmentation with VLANs, not flat LANs!
Investigate the intrusion and restore from backup. Some extra security steps mean no payment needed.
Don't get me wrong, implement Defence in Depth and next-get Anti-virus capable of heuristic detection of process injections and Firewalls capable of detection unusual session traffic, but good security can use accept breach and handle the unknown threats.
About 98% of ransomware attacks can be prevented by a complicated set of Microsoft Management Console configurations. I fount this out by testing such against the early types of ransomware by testing a product that does the setting by batch file, called CryptoPrevent; however they sold out to a new firm, and I don't know if I trust them yet. Hire a good Microsoft Certified Software Engineer and get the settings that way, and add heuristics on top of that. I think FooliSH-IT used Bit-defender for the heuristic control. That was the original company.
That was in part dependent on applocker however Microsoft broke that by installing Team in AppData for all installs.
Basic security i.e. sensible firewall configs and routine patch management close most options for ransomware...nation state hackers are another breed.
I'd never give my passport information to a company. All they need to know is I have one and no travel restrictions. A big part of the problem these days is that people will fully fill out any form you clamp on a clipboard and hand to them. I'm a big PIA and will just walk out of a doctor's office or other place that insists I give them information I don't think is relevant to their needs.
One possible reason is that UK companies need to be able to prove their employees have a right to live and work in the UK (new rule a few years ago). An easy way to do that is a copy of the passport etc for all applicants - ticks a lot of boxes. Keeping those details secure is another story....
If an organisation needs proof someone is entitled to work in the UK then let whoever is doing the interview see the passport and sign an official form saying "I saw their passport, they are allowed to work here".
If the organisation trusts their staff to do interviews but not check passports then have someone from HR get off their arse and attend the interviews too, and they can sign the form.
And what about anyone born in the UK who has never had a passport? How do they prove they have a right to work here?
And what about anyone born in the UK who has never had a passport? How do they prove they have a right to work here?
They can't, which means that they are passed over in preference for someone else who can. People who can't / won't get official recognition tend to end up working for employers who don't give a monkey's about the regulations, nor employee rights.
When I was hiring and firing, we were instructed by our legal advisors to keep a copy of the passport to prove that we had done everything we could. This we did, in paper form under lock and key.
Here in the US, everyone has to have a copy of their birth certificate, and a Social Security card, and a driver's license, if they do drive. It has been that way for 20 or more years now. No passport needed. If no DL is available a state ID will suffice; just for the official picture. Everywhere I was employed they actually checked the documents to see if they looked legitimate and matched each other on data points. One change that happened recently is that Medicare cards no longer pass for SS ID; because they changed the number on the Medicare cards to protect the SS ID.
This post has been deleted by its author