back to article REvil ransomware gang publishes 'Elexon staff's passports' after UK electrical middleman shrugs off attack

The REvil/Sodinokibi ransomware gang has just published what it claimed were files stolen from UK power grid middleman Elexon. As reported here, the company was hacked two weeks ago. The stolen data was published on REvil's Tor webpage as a cache of 1,280 files, which we understand include documents that appeared to be …

  1. Anonymous Coward
    Anonymous Coward

    that last paragraph is so... reassuring.

    AC, because, you know...

    1. Anonymous Coward
      Anonymous Coward

      Never pay ransoms...there are lists of victims willing to pay for sale in the right^Hwrong places.

      Plus in over 60% of cases I've seen, little if any of the data was recovered...plus no one wanted to go public about paying and not getting their data back...even to warn others.

  2. Dal90

    REvil/Sodinokibi ... Elexon

    When you read an article, and frankly your name looks as whimsical as the bad guys, it may be time to rethink gibberish names.

  3. Lorribot

    Rebuild and move on.

    "Companies with usable backups may still be willing to pay to prevent their data being published and, even if they are not, the data may be sold to competitors or sold and traded with other criminals."

    And if you give these low lives a large wedge you think they won't sell your stolen data any way? Because they are in some way honerable?

    No point paying. Tighten security. rebuild your servers. Sacrifice the boardmember who didn't want to fund the extra security to the GDPR gods and move on.

    1. robidy

      Re: Rebuild and move on.

      Uber paid the $100,000 ransom to have the hacked data destroyed...two years later they paid a multi-million dollar fine after being found out.

      It's defense seems to be that those who'd broken into their systems illegally had suddenly turned nice and deleted the data for $100,000....in other news a red London Bus was found on the moon and a yellow New York Taxi was found on uranus.

    2. This post has been deleted by its author

    3. gr00001000
      Go

      Log all the things

      Increase your logging to centralised logging including PowerShell if Windows and perform widespread backups to offline/segreagated backups. Also ensure you are using LAN segmentation with VLANs, not flat LANs!

      Investigate the intrusion and restore from backup. Some extra security steps mean no payment needed.

      Don't get me wrong, implement Defence in Depth and next-get Anti-virus capable of heuristic detection of process injections and Firewalls capable of detection unusual session traffic, but good security can use accept breach and handle the unknown threats.

      1. JCitizen
        Megaphone

        Re: Log all the things

        About 98% of ransomware attacks can be prevented by a complicated set of Microsoft Management Console configurations. I fount this out by testing such against the early types of ransomware by testing a product that does the setting by batch file, called CryptoPrevent; however they sold out to a new firm, and I don't know if I trust them yet. Hire a good Microsoft Certified Software Engineer and get the settings that way, and add heuristics on top of that. I think FooliSH-IT used Bit-defender for the heuristic control. That was the original company.

        1. robidy

          Re: Log all the things

          That was in part dependent on applocker however Microsoft broke that by installing Team in AppData for all installs.

          Basic security i.e. sensible firewall configs and routine patch management close most options for ransomware...nation state hackers are another breed.

  4. MachDiamond Silver badge

    Why is passport data in a company server

    I'd never give my passport information to a company. All they need to know is I have one and no travel restrictions. A big part of the problem these days is that people will fully fill out any form you clamp on a clipboard and hand to them. I'm a big PIA and will just walk out of a doctor's office or other place that insists I give them information I don't think is relevant to their needs.

    1. Roger Greenwood

      Re: Why is passport data in a company server

      One possible reason is that UK companies need to be able to prove their employees have a right to live and work in the UK (new rule a few years ago). An easy way to do that is a copy of the passport etc for all applicants - ticks a lot of boxes. Keeping those details secure is another story....

      1. Anonymous Coward
        Anonymous Coward

        Re: Why is passport data in a company server

        If an organisation needs proof someone is entitled to work in the UK then let whoever is doing the interview see the passport and sign an official form saying "I saw their passport, they are allowed to work here".

        If the organisation trusts their staff to do interviews but not check passports then have someone from HR get off their arse and attend the interviews too, and they can sign the form.

        And what about anyone born in the UK who has never had a passport? How do they prove they have a right to work here?

        1. Captain Scarlet

          Re: Why is passport data in a company server

          I thought employers could check with HMRC, so can be linked with your National Insurance number rather than Passport. (Correct me if I am wrong but this is my understanding, so I probably am completly wrong)

        2. BenDwire Silver badge

          Re: Why is passport data in a company server

          And what about anyone born in the UK who has never had a passport? How do they prove they have a right to work here?

          They can't, which means that they are passed over in preference for someone else who can. People who can't / won't get official recognition tend to end up working for employers who don't give a monkey's about the regulations, nor employee rights.

          When I was hiring and firing, we were instructed by our legal advisors to keep a copy of the passport to prove that we had done everything we could. This we did, in paper form under lock and key.

          1. JCitizen
            Go

            Re: Why is passport data in a company server

            Here in the US, everyone has to have a copy of their birth certificate, and a Social Security card, and a driver's license, if they do drive. It has been that way for 20 or more years now. No passport needed. If no DL is available a state ID will suffice; just for the official picture. Everywhere I was employed they actually checked the documents to see if they looked legitimate and matched each other on data points. One change that happened recently is that Medicare cards no longer pass for SS ID; because they changed the number on the Medicare cards to protect the SS ID.

  5. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like