Thank you
For doing the right thing and not paying the scumbags.
About 4,000 stolen files from the Scottish Environmental Protection Agency (SEPA) have been dumped online by frustrated ransomware criminals after the public sector body refused to pay out. The move was predicted by the agency itself following the Conti criminal gang’s malware attack against SEPA earlier this month. SEPA had …
I've sometimes wondered what would happen if a country made it a criminal offence to pay ransoms for cybercrime attacks like this. I wounder whether the crims give up cos they know they wouldn't get paid or would they assume that because they are happy to be crims then everyone else will be and pay up any way.
...is actually a very mild Scottish rebuke. Bear in mind our top veterinary college is called the Dick Vet, or the 'Royal (Dick) School of Veterinary Studies'. It was the Royal School of Veterinary Studies in 1823, but then someone drew a penis on their sign after Royal, and they reckoned, 'aye, we're having that'.
Before files are encrypted as a matter of course? The only time it should be decrypted is when it's being worked on... There's a certain amount of satisfaction, I feel, in saying 'publish and be damned' in the knowledge that what is published is still invisible to most.
Certainly some (many?) companies these days require that files are stored on central servers - on premise or cloudy - if only for compliance or backup reasons. How difficult to encrypt on write?
(I'm probably missing something stunningly obvious; this sort of thing isn't my day job. I'm happy to be educated.)
Disclaimer: I work for a company active in this area.
Filesystem encryption is common these days - bitlocker on Windows, or Veracrypt, or the Linux alternatives, etc. But that's not going to help if scumbags are logged into your system because they then see the same view of the files as you do, they're inside the file system.
There are also ways to do application level encryption, which is what you're suggesting. There are tools that will plug into Word, for example, and encrypt/decrypt stuff between Word and the disk. The problem is that this needs to be implemented on a per application basis - if your favourite CAD software doesn't have a plug-in for your chosen encryption software, you're short on luck. You also need to be careful with configuration - for example, ensuring temporary backup files created by the application are also encrypted.
Depending on your paranoia level, you also need to worry about swap files, which can contain unencrypted snapshots of files resident in your application's memory.
Finally, there's a kind of middle ground where you manually encrypt / decrypt files as needed - either on a per-file basis or in a container like Veracrypt. But that is less convenient for day-to-day workflow.
This was kind of what I wondered. Thanks for the explanation.
As always, the convenience vs security tradeoff. Might one expect this sort of data grab for ransom to be mostly via compromised (senior) user accounts? Or are we looking at 'oops, left the database world+dog visible'? Or a combination?
Hey if it were easy...
Many, many moons ago, I worked for the US Antarctic Program. Somehow Romanian hackers had managed to break into a number of science systems at the South Pole and download gigs of data. No mean feat seeing as the station had limited capacity via satellite links that were only up around 8-11 hours per day.
The fun part was that they were trying to blackmail the NSF with releasing that data as well! This was before ransomware as we now know it. Also, this was around the time of the X-Files movie, if anybody remembers that. You know the one with the secret alien base on the South Pole? From the communication it was clear the Romanians thought that we either pay or they would dump the files and publish The Truth (That Is Out There).
What it actually was, was hundreds of gigabytes of atmospheric and astrophysical data (google ICECUBE and AMANDA projects), which, like all science data, was merely embargoed for 2 years so that the principal investigators and their teams could publish findings first, seeing as it was *their* work. Afterwards it becomes public anyway. So yeah, hacking scientific institutes and threatening to ransom their data is not really a lucrative income stream - it's going to be published anyway!
Oh, and through cooperation of the FBI and Interpol, AFAIR, they arrested the guys.
The best part: it got me a 6 week sojourn to McMurdo and South Pole, the closest I'll ever get to space travel (speaking in terms of hostile environments where only few people have ever gone). Those memories will stick with me for life, so, mulțumesc, baieti!
And as an alternative what exactly do you suggest that is a drop-in replacement, endpoint to server, authentication & management?
Then add in supporting all the required applications, compatible with all the agencies they need to work with.
Ahh, a (free) version of Linux and Libre Office, that will fix everything......
Just screaming "why do people still use Windows" with the implication that Open Source & Linux are the answer to everything the does not address the underlying problems.
I work for a medical tech company and we see hospital ransomware attacks 3-5 times per year on average. They are 99% caused by someone clicking a link in a phishing email and their compromised PC then gives an "in" for the hackers who escalate and run their ransomware. We see it often enough that we actively recommend to our customers to check their backups regularly and keep copies elsewhere, ideally offsite. The 1% are caused by someone plugging an infected USB stick into a PC that either has disabled or very outdated AV.
As for the anti-Windows brigade,... grow up. The most used desktop OS is Windows (77%), therefore most companies write their software for Windows, therefore most hackers target Windows. 20 years ago Linux/Unix was inherently more secure than Windows but time has moved on and Windows is now much more secure. The only serious threat to Windows dominance in the desktop market is OSX at 18% and those are almost all media companies. Linux/Unix at 2% of desktop OSes is a drop in the ocean. Unix has been around forever in various flavours and Linux has been around for 28+ years and while they have their place in the market, the office desktop seems not to be it (outside of OSX) and all your monotonous whining about Windows over the years has not and will not change that any time soon.
You were doing OK right up until the proof by waving your hands, viz, "20 years ago Linux/Unix was inherently more secure than Windows but time has moved on and Windows is now much more secure"
I'm fairly sure a properly managed Windows environment can be made fairly secure. I'm fairly sure that with enough effort a *nix environment can be made fairly insecure.
It's just that with the former you have to make things stop happening and in the later you have enable things to have them start.
I never meant to say the Windows was more secure than Unix/Linux. I should have ended that sentence with " than it used to be." My bad! :-)
The biggest problem with security is that you can secure anything but at some point someone has to access/use it, and that is where all the security under the sun fails. So, you mitigate it as best you can and plan for the worst case scenario.
The report would suggest that they were relying on simple cloud replication instead of an actual backup system. Attack on the 24 Dec, backup corrupted the following day.
100% data loss.
https://www.audit-scotland.gov.uk/uploads/docs/report/2022/s22_220201_scottish_environment_protection.pdf
Seems to have been rotting from the top https://www.bbc.co.uk/news/uk-scotland-60087226