Cyber Extortion

[Zigatoh]

10 hours ago, MaxG said:

I love how Microsoft blames NSA for finding yet another hole in Microsoft's swiss cheese of an operating system. 

- MG 

 

To be fair, the NSA intentionally withheld information regarding the exploit they discovered in case they wanted to use it for some reason. Why they discovered it and what they would use it for is interesting for starters,  but then to have that information leaked by the Shadow Brokers and all that followed shows how dangerous hoarding this kind of information can be. You can just bet that behind the scenes the dozens (74+?) of countries majorly impacted by this stupidity aren't thinking fondly of the NSA right now.

[PapaDisco]

Probably not a bad idea to temporarily stop using group file sharing applications and just email files back and forth as you need to work on them.  Fine for a smaller organization, not as easy for a big outfit.

The dangerous bit of code that WannaCry uses from the NSA is a program that allows additional computers to be infected through file sharing programs.  So the first knucklehead clicks on the encrypted file which takes over his computer and all his dropbox pals and other sharing without the other users having to click on the original encrypted file.  That's how the thing spreads so fast.  I haven't heard if this works through all shareware, including picture file and media sharing, or just text and data files, but I would disconnect from all of them until I was certain that those I was sharing with knew how to avoid external infection.

As some others have said, there are faux ransomware programs trolling the internet that just look bad, but if you turn off your computer, clear the cache, and don't visit that porn site again  nothing will happen to your machine.  WannaCry will require an erase and reformat of your drive.  Hopefully it will not have infected your backup.  Like SB sez above, an external hard drive (particularly a RAID unit) at home is great protection and they're just not that expensive.

[NSXCIGAR]

3 hours ago, dageshi said:

I'm a programmer and have essentially been in the IT industry in various capacities for about 15 years now. The only real solution to this problem is backups. Make backups consistently and regularly, preferably automate them, do this and in the event that your machine gets infected by malware of this nature you can fallback to your backups to retrieve your data.

There is no other guaranteed way around getting out of this situation.

If I'm not mistaken the best ransomware is also capable of infecting and/or locking down any external drives connected to the computer at the time of infection. So that means that a secure cloud that mirrors their backups allowing for time-delayed file image recovery is really the only guaranteed method other than disconnecting your external drive after each backup session, which can be a real hassle to do.

[dageshi]

5 minutes ago, NSXCIGAR said:

If I'm not mistaken the best ransomware is also capable of infecting and/or locking down any external drives connected to the computer at the time of infection. So that means that a secure cloud that mirrors their backups allowing for time-delayed file image recovery is really the only guaranteed method other than disconnecting your external drive after each backup session, which can be a real hassle to do.

You're right, I tend to think just getting people to do any kind of backups is a big win, in an ideal world you'd really want two drives in case one dies anyway, probably backing up on each alternately. Or as you say some off site backup service, preferably incremental, but then you run into issues of how much data you need to backup and how sensitive it is in terms of whether it needs to be encrypted e.t.c.

 

 

[LLC]

I had 9 waiting for me.

Almost 400 MB of updates, and all were security related.

 

I'd much rather run a Linux or Mac, but too much of our factory supplied software used for work is still locally installed, so we are forced to PC.  Once it all moves to web based, we should be able to use safer platforms.

My personal computer is a Mac Mini and I run both into the same monitor. I just have to move the dongle for the wireless keyboard and mouse from one to the other. I agree work I could try to make a Mac work but I've seen enough other people struggle with issues that it isn't worth my time trying.


Sent from my iPhone using Tapatalk

[MaxG]

4 hours ago, Zigatoh said:

To be fair, the NSA intentionally withheld information regarding the exploit they discovered in case they wanted to use it for some reason. Why they discovered it and what they would use it for is interesting for starters,  but then to have that information leaked by the Shadow Brokers and all that followed shows how dangerous hoarding this kind of information can be. You can just bet that behind the scenes the dozens (74+?) of countries majorly impacted by this stupidity aren't thinking fondly of the NSA right now.

 

... or fondly of Microsoft, who created (likely unintentionally) then sold this vulnerability in a product millions trusted.  NSA were naive (more likely blindly arrogant) to think if they found it, no one else would, and apparently too trusting (again arrogant) in their ability to avoid data theft of their own systems.  But this is Microsoft's baby, 100%.  Hard to say "you're responsible for my bad product because you didn't tell me my product was bad" with a straight face.

- MG

 

[El Presidente]

Touch wood it hasn't happened. 

You are a business (think small...not FEDEX) ....not a Government department....and you are hit. 

Do you pay?

Cutting to the quick you don't have a lot of time. There is a business to run (now stalled),,,,staff to pay and the majority who live week to week. You love these people. 

Your call. 

The steps any member here should do to get back to business before it all goes to crap. 

Real world. Real solutions. (if any) 

[gweilgi]

2 hours ago, El Presidente said:

Touch wood it hasn't happened. 

You are a business (think small...not FEDEX) ....not a Government department....and you are hit. 

Do you pay?

Cutting to the quick you don't have a lot of time. There is a business to run (now stalled),,,,staff to pay and the majority who live week to week. You love these people. 

Your call. 

The steps any member here should do to get back to business before it all goes to crap. 

Real world. Real solutions. (if any) 

I haven't any solutions to offer other than those already given (multiple backups, common sense precautions, frequent updates etc).

But I do think that this problem will not be solved anytime soon until companies so hit will start 'fessing up and alerting their customers and the public in good time and with full disclosure when they get hit.  Too often, when firms are hacked, their reflex is to clam up and not tell anyone.  If and when the news does leak out, they then typically go into PR damage-limitation mode and try to talk down the damage and their customers' exposure to risk.  This may be rational from the firm's narrow perspective, but it harms all of us.  It delays responses.  It leaves customers wide open to fraud and loss.  It hampers software firms tasked with stopping such attacks.  So for heaven's sake, if anyone is successfully attacked, TELL US.  It may not help you now, but it may well help the next business and their staff and their customers.  

 

 

[Fuzz]

44 minutes ago, gweilgi said:

I haven't any solutions to offer other than those already given (multiple backups, common sense precautions, frequent updates etc).

But I do think that this problem will not be solved anytime soon until companies so hit will start 'fessing up and alerting their customers and the public in good time and with full disclosure when they get hit.  Too often, when firms are hacked, their reflex is to clam up and not tell anyone.  If and when the news does leak out, they then typically go into PR damage-limitation mode and try to talk down the damage and their customers' exposure to risk.  This may be rational from the firm's narrow perspective, but it harms all of us.  It delays responses.  It leaves customers wide open to fraud and loss.  It hampers software firms tasked with stopping such attacks.  So for heaven's sake, if anyone is successfully attacked, TELL US.  It may not help you now, but it may well help the next business and their staff and their customers.  

 

 

That and having mandatory death penalties for hackers.

[BrightonCorgi]

Just open up the ransomware with a hex editor, put some white space in there and compile; a new MD5...  So many computers around the world are not up to date that the same old tactics and vulnerabilities work again and again.   Relying on signatures and hashes to prevent malware is so outdated.  It's about correlated events and protecting the actual data...

[BrightonCorgi]

On 5/15/2017 at 6:23 AM, MaxG said:

I love how Microsoft blames NSA for finding yet another hole in Microsoft's swiss cheese of an operating system. 

- MG 

 

Apple's operating systems are just as easy to hack and in some respects easier as there are more operations happening and it's easier to hide.

[wabashcr]

10 hours ago, MaxG said:

 

... or fondly of Microsoft, who created (likely unintentionally) then sold this vulnerability in a product millions trusted.  NSA were naive (more likely blindly arrogant) to think if they found it, no one else would, and apparently too trusting (again arrogant) in their ability to avoid data theft of their own systems.  But this is Microsoft's baby, 100%.  Hard to say "you're responsible for my bad product because you didn't tell me my product was bad" with a straight face.

- MG

 

They sent out a patch to address this vulnerability back in March.  I got it on my work and home computers.  Systems like XP that they stopped supporting 3 years ago, and pirated operating systems obviously weren't able to get the patch.  I don't really blame Microsoft for that.  Should they be forced to support a 15 year old platform just because people refused to migrate to newer systems?  Should they really be spending money and resources protecting against the possibility the NSA is building an attack against an obsolete operating system, and that it might fall into the wrong hands?

I'm not a fan of Microsoft, and they're not totally without blame.  Forcing customers to migrate to new platforms is a bit of a racket.  But people who refuse to do it should be aware of the risk of running an insecure, unsupported operating system.  And if the government wants to create what essentially amounts to a weapon, it needs to do a better job of keeping it secure.

[dageshi]

6 hours ago, El Presidente said:

Touch wood it hasn't happened. 

You are a business (think small...not FEDEX) ....not a Government department....and you are hit. 

Do you pay?

Cutting to the quick you don't have a lot of time. There is a business to run (now stalled),,,,staff to pay and the majority who live week to week. You love these people. 

Your call. 

The steps any member here should do to get back to business before it all goes to crap. 

Real world. Real solutions. (if any) 

Here's the thing El Pres, you're dealing with criminals, likely literally the mob in some part of the world that's branched out to cyber extortion. The question you have to ask yourself is, if I pay have I just put a big sign around my head which says "this computer has sensitive potentially valuable stuff in it that someone is willing to pay to get back". You pay, they'll decrypt your files and then they'll have a good look around in them to see what was worth paying the money for...

Fundamentally you have to prepare for this stuff, this is what we call in the trade "disaster recovery planning", you look at your business and see what's critical, what you absolutely need and you need a plan for if there's a lightening stike which knocks it all out, or in this case malware that effectively makes it unusable.

To your specific question, assuming I knew nothing about IT and I hadn't planned for it, what I would probably do is contact someone who did know about IT stuff, get them to confirm there's no practical way of getting the data back without paying, then pay the ransom and get said IT person to backup and audit the entire setup.

 

 

[MaxG]

1 hour ago, wabashcr said:

They sent out a patch to address this vulnerability back in March.  I got it on my work and home computers.  Systems like XP that they stopped supporting 3 years ago, and pirated operating systems obviously weren't able to get the patch.  I don't really blame Microsoft for that.  Should they be forced to support a 15 year old platform just because people refused to migrate to newer systems?  Should they really be spending money and resources protecting against the possibility the NSA is building an attack against an obsolete operating system, and that it might fall into the wrong hands?

I'm not a fan of Microsoft, and they're not totally without blame.  Forcing customers to migrate to new platforms is a bit of a racket.  But people who refuse to do it should be aware of the risk of running an insecure, unsupported operating system.  And if the government wants to create what essentially amounts to a weapon, it needs to do a better job of keeping it secure.

 

I agree fully with all of this, except the first part of the last sentence.  NSA created nothing, only discovered a back door Microsoft left wide open.  Microsoft's house, Microsoft's failure.  NSA did not create a way to break Windows.  It was sold broken.

- MG

 

[BrightonCorgi]

6 hours ago, dageshi said:

Here's the thing El Pres, you're dealing with criminals, likely literally the mob in some part of the world that's branched out to cyber extortion.

More money is being made through cyber-crime than drug dealing today.  Keeps me employed!  It's all about ransomware these days.  Forget trying to steal secrets; that only for state sponsors mostly.  You still have to sell what you stole.  Encrypt their stuff and see who bites.  Many times the recovery key does not work either.  

A couple of things to remember in general electronics...  Do not enable Bluetooth on your phone or computer when you are not using it in public.  Never scan any codes with your phone.  Don't use preview pane, and don't open attachments that are unexpected.  Do not click on any "tiny URL's", and don't click on any links in social media with big time story lines.  Social media is the easiest way to spawn a phishing attack.  If you back your data up to a share, have that share authenticate before and then drop it at the end of each job.  Don't keep persistent connections to your back up share open... 

[seville23]

First rule of computer club: always have a back up

Second rule of computer club: always have a back up. And you must have separate data and system backups. Keep them up to date to minimise data loss if you are forced to restore.

Third rule of computer club: get some decent anti-virus software

Last: avoid Kaspersky anything. It has connections with both the old KGB and Moscow and should not be considered for use.

EVERYTHING that Siberian Bear said is true.

[gweilgi]

8 hours ago, MaxG said:

 

I agree fully with all of this, except the first part of the last sentence.  NSA created nothing, only discovered a back door Microsoft left wide open.  Microsoft's house, Microsoft's failure.  NSA did not create a way to break Windows.  It was sold broken.

- MG

 

Out of curiosity: who actually produces and sells an operating system that does NOT have bugs, back doors, weak points, vulnerabilities?  I am not an IT guy (nor do I play one on TV) but I do not believe I ever even heard of such.  

[Jeremy Festa]

It happened to our business, about 18 months ago. A temp opened an attachment, and our entire database of documents was encrypted. We began negotiations. They wanted $15,000USD. We asked them to prove they could unlock the files before we pay. They did so. And from that returned file our gun IT guys used that example to unlock the rest. Cost us nothing. Not as smart as they think. 

 

 

[El Presidente]

4 minutes ago, Jeremy Festa said:

It happened to our business, about 18 months ago. A temp opened an attachment, and our entire database of documents was encrypted. We began negotiations. They wanted $15,000USD. We asked them to prove they could unlock the files before we pay. They did so. And from that returned file our gun IT guys used that example to unlock the rest. Cost us nothing. Not as smart as they think. 

 

 

Great outcome Jer 

[seville23]

No OS is immune but more are more vunerable than others.

[MaxG]

1 hour ago, gweilgi said:

Out of curiosity: who actually produces and sells an operating system that does NOT have bugs, back doors, weak points, vulnerabilities?  I am not an IT guy (nor do I play one on TV) but I do not believe I ever even heard of such.  

 

No one does.  In practice, I don't think anyone can. Hell, maybe not even in theory.  Still doesn't make it anyone's fault but the producer's.

- MG

 

[Zigatoh]

5 hours ago, MaxG said:

 

No one does.  In practice, I don't think anyone can. Hell, maybe not even in theory.  Still doesn't make it anyone's fault but the producer's.

- MG

 

That's like saying someone throwing a brick through my window is the builders fault.

[LordAnubis]

I would think if you're concerned about your critical business IT infrastructure, you would keep a physically closed work network and standalone platform open to the world for communications. Not hard. May require two computers side by side. May require some manual handling of information. We run systems like this at work. Our control system is completely closed, never been plugged into the internet. It runs XP, hasn't been updated since install. Only one terminal on the control system network has one USB plug that is operational, purely for emergencies or engineering use. If you wanted to hack our system, some poor bastard would have to come to Mali to do it

[JoeyGunz]

I came in on a Monday morning to a Pay or Else screen on my secretary's computer, I back up everything weekly, we sent the computer off had it cleaned up and just worked from the last back up. still a pain but it cost me £20 instead of whatever amount of bitcoins they were asking.

[BrightonCorgi]

17 hours ago, seville23 said:

Last: avoid Kaspersky anything. It has connections with both the old KGB and Moscow and should not be considered for use.

Who do you think comes up with a lot of the viruses, trojans, etc ???  They need to keep their software relevant as the technology is out of date.