That is all.
The Maze hacker gang claims it has infected computer memory maker SK hynix with ransomware and leaked some of the files it stole. The South Korean semiconductor giant could not be reached for comment. For what it's worth, the Maze crew doesn't tend to need to fib about these sort of things. When it claims to have infiltrated a …
We all talk of good backups but that only gets you access back to your data, it doesn't mitigate, in the least, the leak of the possibly-sensitive documents that have occurred from the theft.
It's easy to talk about hardening hardware, software and wetware but, especially in the wetware department, exactly how are you going to do that both productively and efficiently? Getting hundreds or thousands of humans on board regarding good operational practices, and maintaining those good practices across time, is known to be practically impossible - people will fall back to their old habits, especially if the new habits involve any additional level of labor on their part.
So the best you can do is create automated systems (anti-malware, etc) in the hopes of keeping the users safe from their own actions. But this isn't foolproof - nothing is. Even hardening those servers, networks, firewalls, air gaps and backups. This stuff is still bound to happen unless, IMHO, we make the criminals pay so heavily, make these actions state-level crimes with penalties at the level of "You'll never see daylight again", that the scum think twice of even attempting it. And actually putting in the effort to enforce that threat.
"IMHO, we make the criminals pay so heavily, make these actions state-level crimes"
In practice it would need to be a fully internationally recognised and punishable crime assuming the miscreants can even be identified. However I can't see European countries or the US etc getting any cooperation from China, Russia and North Korea to mention a few. From what I understand, North Korea actually has state sponsored units to steal international currency this way.
I agree with you about the wetware. A family member sent his staff on a security / anti-phishing course and a week later one of them fell for the telephone scam call from "Microsoft". The excuse being the Microsoft is one of their clients, but they basically allowed the scammers full access to their servers! Considering this was a firm of financial advisors handling many millions of pounds in investments for their clients it was very much an oh-shit moment.
The fundamental problem is lack of robustness at the victim end. Ransomware (like any other attack that typically starts at the workstation) only gets to affect a corporation because it can spread internally. There are many controls that can in principle contribute to restricting its spread, but they're just not usually implemented.
Most corporate networks are wide open: a hard-ish shell full of holes surrounding an ultra- soft centre.
"There are many controls that can in principle contribute to restricting its spread, but they're just not usually implemented."
And any such controls can still be defeated by an adversary with enough skill and patience. I mean, to be able to exfiltrate that much data and not get noticed somewhere along the way speaks of at least some level of sophistication, such as pwning the backup process to do three things at once: exfiltrate the data by redirecting it from whatever offsite server it's supposed to go to Maze's clutches, conceal the exfiltration by disguising it as traffic for the offsite backup, and removing the easiest means of restoring the data without paying by taking away the actual backup.
"With all the clever people in this world, I'm surprised it's taking this long."
Modern humans have been around for something like 100,000 years*, and we have yet to come up with a way of avoiding fools. The fact that computers are involved in this case doesn't change anything. No amount of clever people can stop fools being fools, and as long as a system allows humans to be involved in it those fools will find a way to be foolish.
*Slightly off topic, but estimates vary from around 50,000 to 300,000 years, and there's plenty of evidence of a decent level of intelligence existing long before that, presumably with fools to go along with it.
This post has been deleted by a moderator
This post has been deleted by a moderator
The more this happens and more financially lucrative it becomes, the more convincing the argument for making it a crime to pay ransomware becomes. I would probably also make it a crime to pay the criminal not to release stolen data. I just don't see any other practical way to make a major dent in this racket - there are just too many businesses, governments, etc who are potential victims.
I realize this may not be a perfect solution, and would require many countries to change their laws, but I just don't see a good alternative which is likely to happen.
Biting the hand that feeds IT © 1998–2020