It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Ransomware hacks causing devastating damage

page: 1
13

log in

join
share:

posted on May, 16 2019 @ 09:26 AM
link   
www.accountingtoday.com...

But this time, something was different. A message told her the software was down for “scheduled maintenance” and wasn’t expected to be up and running again until the next day. She tried to check the website of Wolters Kluwer, but that was offline too. When she called a customer support number in the U.S. a message said the company was experiencing technical difficulties. Then the line went dead. Deiterich turned to social media, where CCH customers across the world were complaining of the same issue. Almost 24 hours after the outage first began, she saw the short message Wolters Kluwer had posted to its U.S. Facebook page — not a channel the company had used for such important communication before — about its “network and service interruptions.” “You could do a basic Google search and find out more than they were reporting,” she said in an interview. The malware attack has seen Wolters Kluwer join a growing list of high-profile companies and institutions whose core assets have been the subject of devastating cyber-attacks.


And:

www.darkreading.com...

A mysterious and newly created Twitter account on May 12 posted what purports to be a screenshot of sensitive documents and user credentials from the city of Baltimore, which was hit late last week by a major ransomware attack. Researchers at Armor who have been investigating the so-called Robbinhood ransomware malware used in the attack on the city discovered the post. They say it could either be from the attacker, a city employee, someone with access to the documents — or even be just a hoax. The city is still recovering from the May 7 attack, which has disrupted everything from real estate transactions awaiting deeds, bill payments for residents, and services such as email and telecommunications. Ransomware attacks typically are all about making money: Attackers demand a fee to decrypt victims' files they have accessed and encrypted. Whether the tweet came from the attackers trying to put the squeeze on the city to pay up or threatening to abuse the kidnapped information is unclear.


I am in the IT industry, albeit very small clients, in a very small town. My experience is very limited to what I encounter, so I fully grasp that many in the industry have a better understanding of some things than I might. But, I have dealt with this first hand, and have a friend with a similar business who has found a way to counter attacks like this. So, on to the thread:

Ransomware is a serious threat to any business that relies on data. I don't know many that don't, so this is important to everyone. The ONLY way to get around this is to pay the ransom, or recover from backup. The encryption used is complex and not something that can be thwarted. Your backups have to be solid. Your backup process MUST be solid. We use Crash Plan, a backup software that allows you to back up to the cloud, a local server, or even an offsite server, via internet. Recovery will take time, even if you did everything right. It is just that way by nature. When you plan for events like this, it's best to imagine an F5 tornado hitting your business and erasing it from existence. If your recovery plan includes that scenario, you are prepared, if not, you are a target.

Multiple backup methods are imperative. Local for the speed of file recovery. External cloud backup, for the separation and ability to recover after your entire local network is hacked. And by hacked, I mean, your $8 an hour employee who plays fortnight most of the day, opens a suspicious e-mail, and infects your entire network to the point, you cannot access anything, yes, it happens just like that. So you have offsite backup data. Now you have to recover it back to your systems. That means, a complete reload of all servers and systems, fully patched, and protected with all appropriate software, load your main software platform, and only then, can you begin to recover. And if you aren't careful, it can happen multiple times. My friend has a client who was hit 4 times thus far, and none seem to be connected. They have gone as far as opening e-mails on non essential computers on separate networks as a way to avoid that particular method of infection, and printing them out.

My point in this thread is to let you know how real this threat is. The amount Baltimore is being extorted with is similar to one of my clients infections. $70K. Take your data seriously, and if you need help, ask your local professional. Being cheap with your protection, will yield the best results for hackers.

Good luck to all, and watch your 6.




posted on May, 16 2019 @ 10:05 AM
link   
Thanks for the info.
I'm in IT too, and it's amazing the number of companies that have poor backup systems in place.
Some never test the backups too. They discover the process isn't working when they go to restore from backup and it's empty. Recovery procedures should be thoroughly documented and tested too.

I backup all my servers locally daily and offsite weekly. Any data lost between the weekly backups could be re-created if need be. I hope to be able to shrink that time frame or even eliminate it by moving some critical databases to Azure.

I wonder if the Wolters Kluwer issue could be related to the recently patched Microsoft flaw.



posted on May, 16 2019 @ 10:11 AM
link   
You really have to feel for Baltimore's new mayor, Jack Young. He just started in the position, a position he never wanted and only has because the previous mayor was corrupt, and he immediately has to deal with this crisis.

So far he's been adamant about not paying the ransom, but just this morning the local news was saying it could be months before everything is back up and running.



posted on May, 16 2019 @ 10:32 AM
link   
As someone who has also worked in IT...

If your business is big enough to necessitate multiple data backup solutions in the event of a security disaster...

Do yourself a favor, and hire a damn security officer.
Either that, or get one of your IT employees trained and certified. Honestly there's usually greater value in improving the employees you have. Most IT workers will jump at the chance to obtain actual certifications for any field specialization, especially security.

It's one of the most needed jobs, that is very underhired for.
No one thinks they need a security officer, until they wish they had hired a security officer. (Don't be that business.)



posted on May, 16 2019 @ 10:33 AM
link   
As someone who has also worked in IT...

If your business is big enough to necessitate multiple data backup solutions in the event of a security disaster...

Do yourself a favor, and hire a damn security officer.
Either that, or get one of your IT employees trained and certified. Honestly there's usually greater value in improving the employees you have. Most IT workers will jump at the chance to obtain actual certifications for any field specialization, especially security.

It's one of the most needed jobs, that is very underhired for.
No one thinks they need a security officer, until they wish they had hired a security officer. (Don't be that business.)



posted on May, 16 2019 @ 11:15 AM
link   
The more that businesses pay to have their computers released, the more Ransomware creators there will be that target businesses. Let someone hack my computer and try to blackmail me, I will laugh at them and inform them I only use my computer for social media and research, I have my bookmarks all backed up. I will allow them to be nice and unlock my computer if they want to, but I can just go buy a new cheap one if they don't. I will threaten to target their computer system if they do not comply.

I really should put a worm into my computer that becomes active if someone tries to take over it remotely that takes out their computer system..



posted on May, 16 2019 @ 11:29 AM
link   
a reply to: rickymouse

I developed a security method that may interest you.

I made a script for a scaling size file, that fills my hard drive storage capacity to the max, sans space for cache and cookies.

No one can install ransomware on that system, because it physically can't accommodate ANY software installs.


For a basic browse and media PC, this solution is pretty slick.



posted on May, 16 2019 @ 11:52 AM
link   

originally posted by: Archivalist
a reply to: rickymouse

I developed a security method that may interest you.

I made a script for a scaling size file, that fills my hard drive storage capacity to the max, sans space for cache and cookies.

No one can install ransomware on that system, because it physically can't accommodate ANY software installs.


For a basic browse and media PC, this solution is pretty slick.


Years ago I had a program where nothing could be saved to my disk and nobody could hack it. It was a program I got from a friend of mine who ran a security business. I kept it on one computer for surfing the net, never got a virus on that. The program had a name but I can't remember what it is. I just looked through all my old disks, I think it is the one called go back. Or it could be Norton ghost, or winternals. Or it could be one of the programs on the multiple hackers disks I used to play with, some of them I used to use to access people's computers where viruses had taken over so I could get rid of the virus. You know what, that was fifteen years ago, I doubt if any of those programs would work on the new computers. I liked Winternals. I used to be a computer geek, was I nuts or something, obsessed with building and restoring computers, wasting my time studying things that kept changing all the time. Now I study things that will be the same for many generations.



posted on May, 16 2019 @ 12:01 PM
link   
I use worms and tokens in my Email servers / Dropbox / Gdrive / Onedrive.
Reader beware..



posted on May, 16 2019 @ 01:42 PM
link   
a reply to: rickymouse

In the world of computers, networking, security, IT, hardware, and software... Some things change. Some things do not.

I have a fairly solid foundation in the bits that don't.

I respect the opinion of anyone that bows out because of the things that do. Some corporations and their forced obsolescence is a crime of moral human ethics, but a success of capitalism.

I don't care for money, so those ethical issues matter to me. If something works, it does not need arbitrary change.

Not a bad choice at all, to rid oneself of the money grubbing perpetual software update machine.



posted on May, 16 2019 @ 01:59 PM
link   
Those are great enterprise solutions but for the average home pc user, who can also fall victim to this scam, I have a simple and easy solution.

This requires a small investment if you don't have a spare hard drive to use as your offline back-up. If you don't have a spare hard drive - get one. It doesn't have to be fancy or expensive, just functional.

Download a free software program called Macrium Reflect. This software is the best, fastest, and easiest disc imaging/cloning software I have ever seen. If you are upgrading to a new system and want to perform a hard drive migration - this is the software to use. If you want to save an image for catastrophic failure protection - this is the software to use.

I include this on every system I build and provide each system with a basic image already in place in case something significant happens right off the bat. There is no set schedule for making back-ups. It depends on how much new data you have on your drive at any given time. Better safe than sorry though. It doesn't take long on my systems but they are pretty fast. Even on my older systems it ran fairly quickly.

Its free, quick, painless, and it works. Its hard to ask for much more than that.
edit on 16-5-2019 by Vroomfondel because: (no reason given)



posted on May, 16 2019 @ 03:17 PM
link   
a reply to: Vroomfondel

fantastic post. Yes, you can get a 1TB USB hard drive from Amazon for $75 or less. The trick is to do your backup, and then UNPLUG the drive. I had a client who thought just having the backup was good enough, so he never swapped out the drive, just kept it plugged in. When his ransomware hit, it infected his backup drive as well. he lost it all.

If you have nothing of value, you have no worries, but when you look at your pictures, documents, and other files, ask yourself if you would be sad if those files weren't there. If the answer is yes, back it up.
edit on 16-5-2019 by network dude because: bad spler



posted on May, 16 2019 @ 04:04 PM
link   
a reply to: network dude

You are absolutely correct. There is no point in having a separate drive if you are going to leave it connected to the pc you are worried about. The protection comes from the fact that the back-up drive is not connected to anything. Good point to remember.



posted on May, 17 2019 @ 01:17 AM
link   



I really should put a worm into my computer that becomes active if someone tries to take over it remotely that takes out their computer system..


I’m interested and would love to know how to do that?😉

Lags



posted on May, 20 2019 @ 02:50 PM
link   

originally posted by: Lagomorphe



I really should put a worm into my computer that becomes active if someone tries to take over it remotely that takes out their computer system..


I’m interested and would love to know how to do that?😉

Lags


There are hundreds of ways to do things like that. But you don't have to go to those lengths. I had an interesting experience once along those lines and it was amusing as well as enlightening. I tried to access a web address. I was unsuccessful. I tried looking at a few different aspects of the address that are commonly available. Nothing. I tried prying a little deeper and a VBasic dialogue box opened on my screen that said, "Do I know you?" I clicked the x and closed the box. Another one immediately opened that said, "I asked you a question. Do I know you?" I clicked it closed and was ready to turn off my pc when a third box opened and said, "Try that clicky bull# again and see what happens to your pc."

This was just an automated response. There was no one there. It runs that script regardless of what you do. But it was impressive as hell at the time...lol



posted on May, 20 2019 @ 03:15 PM
link   
Small funeral home here and every file is very important. All personal stuff gets printed and put in a real paper file. All 3 computers are professionally backed up with the new files every night. Most programs are on vendors computers that we hope are backed up like they say.

All hard copies are filed in a fire proof file in a cement room that contains over 100 years of files.

A fire could put us back a few days but the fire department comes in quarterly for a look around and pizza. They know the important areas if we have a fire.

Probably more that we can do but you can get too much. I think our cost are about $250 a month.

And some months we have no paperwork generated.






posted on May, 20 2019 @ 07:15 PM
link   
Most business have no business managing their own IT. The best way to mitigate these kinds of problems is to use SaaS services. SaaS providers take the burden of harding their environment with first class backup and disaster recovery plans. Business owners should concentrate on what they offer the market and not have to hire a department of IT specialists which eats into their margins.

Just my opinion but then, I'm a SaaS provider


Edit: SaaS -Software as a Service
edit on 5-20-2019 by LogicalGraphitti because: (no reason given)



posted on May, 21 2019 @ 08:10 AM
link   
a reply to: network dude

Great topic, there is a lot of misinformation out there.

I'm an IT Security professional (consultant) and I have had to deal with ransomware attacks as an incident manager and had to develop prevention measures for a multitude of clients.

The best bet to mitigate ransomware is a good backup system, but this is not enough. We had one client who's backups were infected by a very nasty malware which waited two weeks after infection to encrypt the drives. Everytime the backups were loaded, the files were just encrypted again.

Awareness is the first line of defense, and the simplest way to combat 99.9% of infections. Don't click on links or attachments without confirming their authenticity before hand, and make sure all employees follow this very simple rule.

Second, keep a relatively complex system of access rights. The worst situation is if someone with access to all drives (this includes cloud drives) is infected. The best way to avoid this is to separate access rights. This is not really applicable for SMEs though.

If you are infected, disconnect all drives immediately. The ransomware can only operate while you are logged in to your work station and it takes a few minutes to encrypt everything.

If its too late, there are sites that have decryption keys and algorithms for many common ransomwares.

Whatever you do, never pay. There is no guarantee that it will be decrypted. We had one client who payed 3 times before calling us, and never received the decryption key.
edit on 21-5-2019 by fedeykin because: (no reason given)



posted on May, 21 2019 @ 11:42 AM
link   
I'm confused. Why are we being somewhat complacent and not going after the ransomware hackers? People and businesses have been paying them off. Follow the money then hang them by their toes regardless of what country they originate from. No hanging????? Stop sending those countries our tax dollars. PERIOD. Let the local governments control their own goons.



posted on May, 21 2019 @ 01:26 PM
link   
a reply to: StoutBroux

how do you find them? They are likely Nigerian Prince's with fortunes just waiting for a nice gullible American to help them out. In other words, they are ghosts.

If you look into Baltimore, they are still fighting this, still have no data, and still haven't payed the ransom.



new topics

top topics



 
13

log in

join