No one likes ransomware criminals, but this article seems weirdly schoolchildish. They mixed up two companies' names? Ooooh!
Where's the critique of bad company security?
The Maze ransomware gang has threatened to publish information stolen from an American firm that overhauls airliners and installs flight control software upgrades – because its victim refused to pay a demanded ransom. In a "press release" published on its leaks website, Maze raged against victims who refused to play its game …
To be honest The Register has been turning "weirdly schoolchildish" for a long time now. Some of the "reporters" here seem to be more interested in making up some stupid catchy byline than writing a decent grown-up article. So have an upvote from me :-D ..... John Doe 12
Others considerably more experienced in the field, love the style and can even find it most endearing and surprisingly refreshing, John Doe 12 [42 posts, joined 7 Sep 2010]
Where do you normally go to, my lovely, with/for your insults?
"Others considerably more experienced in the field"
And there is a beautiful example of someone making wild assumptions based on zero information. How do you know what I do for a living any more than I would know what you do either? So I have 42 posts and joined in September 2010 - big deal ha ha. Doesn't change the fact that The Register is slowly turning into some weird tech version of the Daily Mail.
Because it hasn't got all the way there yet. When that day comes I will stop visiting The Register, you can be sure of it :-D
Anyway it's fun to annoy the commentards who think they own the place because they have such a huge... post count ;-) Maybe that's some form of compensation for other issues?
Anyway it's fun to annoy the commentards who think they own the place because they have such a huge... post count ;-) Maybe that's some form of compensation for other issues? ...... John Doe 12
Sounds exactly like something a wannabe someone and/or virtual nobody, a John Doe, with a blunt axe to grind as some form of compensation for other issues, would do, John Doe 12.
Gotta say, AMFM's new algorithm is somewhere between or both a frighteningly genius leap forward and out, and geniusly good.
If I didn't know better, if I came in cold today, I'd say it was human. Mad(ish) but human.
The ideal ElReg Commentard, in fact. :D
Agree, however, determining physical locations is very hard in most instances of an electronic attack.
And even if you succeed, SEALs blowing up a coworking space in downtown SF or SAS in an east London neighborhood might not be seen as an adequate reaction by some ...
There was a story (possibly apocryphal) that the Russian minister responsible for Internet, online security and the like had responded to some Russian spammers, telling them to stop sending their crap. They responded by flooding him with spam. He responded by ordering the spammers to be found and in short order, they were all on the receiving end of SWAT style raids and long prison terms.
....how this works:
1. Bad guys penetrate a target network and steal data.
2. Then bad guys encrypt data on the target network.
3. Then bad guys demand a ransom...they will UN-ENCRYPT the network in exchange for money.
4. Once the money is paid, they will destroy the stolen data.
*
In this case, refusal to pay has resulted in bad guys having a conniption.
*
About item #1, do the target folk actually know how the breach was accomplished?
About item #2, do the target folk have recent backups?
About item #3, once the money is paid, will the bad guys actually un-encrypt?
About item #4, these are bad guys...will they actually destroy the data?
*
And then there's item #5.....Are the bad guys STILL IN THERE (with enough permissions to repeat item #2)?
*
And finally.....I'm trusting LOTS of people with my PII......how common is this disaster? Is this the only time this has happened this week....or are there thousands of unreported breaches going on all the time?
*
I think we should be told!
This type of thing is not super-common, but it does remain a threat. The best choice is to examine the encrypted files, as the "last modified" flag will usually let you track where the infection got in - even today its usually done by email attachments, tried and true method. Most don't want to put in the effort to actually run an exploit to gain direct access to a network's files if they can get someone who already has access to run their encrypter for them.
Never trust a criminal to do what they say they will. And if they extort the money from you once, they'll be back for more.
Take backups multiple times per day, test them regularly by actually restoring data from the media Try to educate users about attachments - though that's never easy to do.
Stay educated on the topic, and bookmark the anti-ransomware sites on a phone or laptop that's not on the network, so if you're hit, you can identify what you got hit by - there may be a free-to-use decrypter available.
This sort of entitled idiocy by crooks amazes me. I got the same thing when I played along with "Microsoft" who had phoned me up to tell me they'd detected a virus on my computer in a thick Indian accent. After about half an hour I got bored and pointed out that I don't actually have any Windows boxes in the house, at which point they complained vehemently about me wasting their time.
"they complained vehemently about me wasting their time"
Yes, that's when it gets really funny - "Me? Wasting your time?". My record is just under the hour to keep them on the hook, getting passed up the chain to senior crooks on the journey. They now mostly know how to check if I'm using a Mac, and there is a halfhearted attempt to get me to download the Mac version of TeamViewer, which I can rebuff for at least 15 minutes then tey give up. But they get really pissed when I repeatedly tell them I really have a Windows key, which I do on my Thinkpad P50, but that it does nothing - mostly because I'm running Kubuntu and don't map that key to anything. Twice I've been told I was the bad person and they will shutdown my internet.
When those scam merchants ask me to download the software and allow them to connect I have a surprise. I tell them I'll need to hang up to get on the internet which usually is met with protests. I explain that the modem has to use the phone line to dial the internet and no I don't have a mobile. After they get over the "You're using Dialup???" I explain that I've only really got the computer for online banking and shopping.
I hang up after promising to download the software and go back to what I was doing. A couple of them actually called back only to be met by Barry from Birmingham who runs a small garage/workshop. They often have trouble with my new Brummie accent which is amusing given the "difficulty" I have with theirs. The fun I have had either:
Telling them their 'big end' has gone. Explaining that you don't see too many of them around for an Austin Princess anymore. I ignore their protestations about not knowing what I'm talking about. I finish with if they can give me their bank details for a deposit I'll get looking for one.
Or
I explain that the broadband is down can they help me fix it. This is especially good if they're "calling from my ISP." They've never been able to help sadly which is rubbish from "my ISP".
Since ditching the landline number I get less of these calls.
In its post the gang complained that ST Engineering's ransom negotiator "lied" before declining to take part in "further negotiation" with them, promising: ...
The suspicion there then is the ST Engineering's ransom negotiator is in the pay/pocket of others with an altogether different agenda?
Current British government advice is never to pay a ransomware demand: it not only encourages and enriches the crooks but there's no guarantee that they'll delete your data as they promise.
:-) That's rich ..... coming as it does from an operation that thinks to extract taxes from every Tom, Dick and Harriett and their employers to enrich themselves with a presumed immunity and impunity from investigation and prosecution/persecution.
And when one can't or won't pay, praise be for the Magic Money Tree and the Quantitative Easing Slug Drug ...... A Bottomless Pit of Phantom Paper Help Billed to the Future for Something/Someone Else to Pick Up the Tab and Pay with More of the Same Sort of Mega Meta Data Base Bull Shit?
However, not a particularly bright plan that one, whenever it relies so heavily on ignorant schmucks always playing such a dumb game ...... whenever greater intelligence today is virtually free and available practically everywhere for a more enlightened race/more enlightened races on Earth, highlighting the perversion and catastrophic systemic vulnerability being exhaustively exploited, abused and misused.
Throw a few references to Brexit and the handling of COVID-19 and you got yourself big old Daily Fail NIMBY style rant going there my friend! .... Plest
That's low hanging fruit for plebs dealing with the present, Plest, and of no interest to that and/or those into futures and their derivative ventures.
Ignore what you now know at your peril, Plest, for it is designed to effectively enslave and inevitably destroy you as you feed it its seeds and needs ....... which is another one of those real dumb moves the systems administrators thank you for.
Look, I appreciate that they told these miscreants to get stuffed, but how's about having proper security in the first place ?
Why is it that all these consulting firms with critical data seem to find the way to install "advanced tools" to magically solve their incompetence after the fact ?
How about installing those damn "advanced tools" before you get hacked ?
And what exactly are those "advanced tools" ? A firewall ?
A lucky hit on google chrome, grab the password file for an admin, ... Have sanpshots and backups people! Advanced ($$$) tools?
Next gen threat protection:
Crownstrike
Carbon Black
Cylance
High dollar firewall:
PA firewall with SSL inspection.
Email / MIME defang and mask:
Proof-point / Mimecast / Barracuda
Log and traffic monitoring:
Splunk, third party active monitoring, Arctic wolf, crowdstrike again.
Implement MFA. This is huge for phishing.
Most smaller companies have plenty of gaps in just this short list.
I new to this criminal mastermind stuff but wouldn't it hurt your 'brand' if you didn't actually carry out your threat(s) rather than extend it.
Sort of like: "We've done <this thing> to your data. If you don't pay <these $> by <this time> we'll do <this thing> to/with your data."
When negotiations 'break down' then you carry out said <this thing> or how would anybody take your brand seriously?
Would be laughable if it wasn't so serious and detrimental, but I agree with the commentards about one day upsetting the wrong folks.
That's exactly what the wrong folk are terrified of, Aussie Doc, criminal mastermind stuff being carried out or outed rather than merely threatened in exchange for luscious lucre/fantastic fiat.
As such then, is it easily recognised and may even be classed and classified as a weaponised 0day vulnerability to exploit exhaustively against which there is no effective available defence.