Ransomware Attack
Moderators: Bakhtosh, EvilHomer3k
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Ransomware Attack
http://www.foxnews.com/tech/2017/06/27/ ... ption.html
Normally I wouldn't find this all that interesting, but it happens to have totally crippled my client today. We had to turn off any connection we have with them until it's sorted out. Apparently a bunch of computers are wiped or locked out.
Normally I wouldn't find this all that interesting, but it happens to have totally crippled my client today. We had to turn off any connection we have with them until it's sorted out. Apparently a bunch of computers are wiped or locked out.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- Isgrimnur
- Posts: 82287
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Ransomware Attack
The more days go by, the more I think I'll be using the security part of my master's degree a fair bit for the rest of my career.
It's almost as if people are the problem.
- Vorret
- Posts: 9613
- Joined: Mon Oct 15, 2007 7:37 pm
- Location: Drummondville, QC
Re: Ransomware Attack
People and especially businesses need to disable bitlocker on their computers...
Isgrimnur wrote:
His name makes me think of a small, burrowing rodent anyway.
His name makes me think of a small, burrowing rodent anyway.
- GreenGoo
- Posts: 42335
- Joined: Thu Oct 14, 2004 10:46 pm
- Location: Ottawa, ON
Re: Ransomware Attack
Is this a new attack? They just got hit in May.
This is the sort of thing that results in a world wide investigation with many countries cooperating and participating. And if they find anyone even remotely associated with the attack in anyway, they burn them for life.
There's being a criminal and there's being criminally stupid.
While I understand this isn't necessarily a single individual or group, it won't matter if authorities decide it's your door they need to knock on/smash open with a tank.
This is the sort of thing that results in a world wide investigation with many countries cooperating and participating. And if they find anyone even remotely associated with the attack in anyway, they burn them for life.
There's being a criminal and there's being criminally stupid.
While I understand this isn't necessarily a single individual or group, it won't matter if authorities decide it's your door they need to knock on/smash open with a tank.
- hitbyambulance
- Posts: 10260
- Joined: Wed Oct 13, 2004 3:51 am
- Location: Map Ref 47.6°N 122.35°W
- Contact:
Re: Ransomware Attack
it's the career path i'm recommending to current IT people - get into security (or coding).Isgrimnur wrote:The more days go by, the more I think I'll be using the security part of my master's degree a fair bit for the rest of my career.
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: Ransomware Attack
Yup from what I can see this is a new attack. This particualr company is still 100% shutdown worldwide.GreenGoo wrote:Is this a new attack? They just got hit in May.
This is the sort of thing that results in a world wide investigation with many countries cooperating and participating. And if they find anyone even remotely associated with the attack in anyway, they burn them for life.
There's being a criminal and there's being criminally stupid.
While I understand this isn't necessarily a single individual or group, it won't matter if authorities decide it's your door they need to knock on/smash open with a tank.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- Anonymous Bosch
- Posts: 10514
- Joined: Thu Oct 14, 2004 6:09 pm
- Location: Northern California [originally from the UK]
Re: Ransomware Attack
Or better yet, use the free CryptoPrevent utility to help easily minimise the threats of such ransomware more comprehensively (it's basically a simpler way for individual users to implement the recommended settings of Third Tier's Ransomware Prevention Kit). An ounce of prevention is worth a pound of cure, particularly in terms of ransomware.Vorret wrote:People and especially businesses need to disable bitlocker on their computers...
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
- Jaymann
- Posts: 19482
- Joined: Mon Oct 25, 2004 7:13 pm
- Location: California
Re: Ransomware Attack
I was wondering what happens if you yank your hard drive and replace it.
Jaymann
]==(:::::::::::::>
Black Lives Matter
]==(:::::::::::::>
Black Lives Matter
- Isgrimnur
- Posts: 82287
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Ransomware Attack
I'll be a double threat!hitbyambulance wrote:it's the career path i'm recommending to current IT people - get into security (or coding).Isgrimnur wrote:The more days go by, the more I think I'll be using the security part of my master's degree a fair bit for the rest of my career.
It's almost as if people are the problem.
- hepcat
- Posts: 51489
- Joined: Wed Oct 13, 2004 3:02 pm
- Location: Chicago, IL Home of the triple homicide!
- Isgrimnur
- Posts: 82287
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Ransomware Attack
Thanks, random Twitter user!
Spoiler:
It's almost as if people are the problem.
- hepcat
- Posts: 51489
- Joined: Wed Oct 13, 2004 3:02 pm
- Location: Chicago, IL Home of the triple homicide!
- Moliere
- Posts: 12366
- Joined: Sun Sep 03, 2006 10:57 am
- Location: Walking through a desert land
Re: Ransomware Attack
But does he have a masters degree in Cyber Security? I want to know that his knowledge is accredited.
"The world is suffering more today from the good people who want to mind other men's business than it is from the bad people who are willing to let everybody look after their own individual affairs." - Clarence Darrow
- hepcat
- Posts: 51489
- Joined: Wed Oct 13, 2004 3:02 pm
- Location: Chicago, IL Home of the triple homicide!
- FishPants
- Server WhOOre
- Posts: 4661
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Ransomware Attack
It's ridiculous that Mondelez and Merck were taken offline (among many others). This is the same fucking vulnerability as Wannacry that was already stale then -- and they still didn't patch? Hope some CISOs got their walking papers today.
No.
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: Ransomware Attack
Mondelez shutdown every single computer today. We didn't get a single email, as well they shut that off. I was trying to connect to their VPN this morning. It connected, but none of their pages would load. And then I saw the internal email to not f'n touch their VPN until further notice.
They didn't process a single order today. The amount of money that will cost them hurts my head. I highly doubt they will have it sorted out even by the end of the week.
They didn't process a single order today. The amount of money that will cost them hurts my head. I highly doubt they will have it sorted out even by the end of the week.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- Paingod
- Posts: 13135
- Joined: Wed Aug 25, 2010 8:58 am
Re: Ransomware Attack
I can see the Director if IT now.
"I've been telling you for years that we needed to invest in a better Disaster Recovery solution. This is not my fault. You told me there wasn't a budget for it, and you decided the "Business Risk" was worth it to keep running Symantec and other piecemeal solutions. This is why we needed something better."
It's staggering how many companies refuse to invest in adequate disaster recovery until after a disaster; then it's a top priority. It's also why I formalize the process of them telling me that they won't invest in it. When shit breaks, I hold up the document they sent me saying "I don't want to spend that much" and sigh.
"I've been telling you for years that we needed to invest in a better Disaster Recovery solution. This is not my fault. You told me there wasn't a budget for it, and you decided the "Business Risk" was worth it to keep running Symantec and other piecemeal solutions. This is why we needed something better."
It's staggering how many companies refuse to invest in adequate disaster recovery until after a disaster; then it's a top priority. It's also why I formalize the process of them telling me that they won't invest in it. When shit breaks, I hold up the document they sent me saying "I don't want to spend that much" and sigh.
Black Lives Matter
2021-01-20: The first good night's sleep I had in 4 years.
2021-01-20: The first good night's sleep I had in 4 years.
- GreenGoo
- Posts: 42335
- Joined: Thu Oct 14, 2004 10:46 pm
- Location: Ottawa, ON
Re: Ransomware Attack
I'm not sure I understand the question.Jaymann wrote:I was wondering what happens if you yank your hard drive and replace it.
Replacing the hard drive results in a new hard drive. That's true whether your old drive is encrypted (and you don't have the key) or not. The data on the old drive is still just as unavailable as it was before swapping it out.
The problem is the locked data, not whether the computer continues to function or not. You could easily just wipe the drive completely and start over if you wanted which would return the system to full functionality, minus any data that was locked away via encryption.
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: Ransomware Attack
Hot mess they are pretty much reinstalling thousands and thousands of computers. All our projects are going to end up getting delayed a month from the looks of it.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- Paingod
- Posts: 13135
- Joined: Wed Aug 25, 2010 8:58 am
Re: Ransomware Attack
Jeebus. I don't envy the task of rebuilding every PC in a huge company, even with good images and lots of help. Scrooge that.Octavious wrote:Hot mess they are pretty much reinstalling thousands and thousands of computers. All our projects are going to end up getting delayed a month from the looks of it.
I'm actually disappointed that they didn't patch after the last wave of ransomware. I've read that this basically piggybacks the same vulnerability and then doubles-down on spreading across the network. I made sure every PC here was up to date before I left work the day WannaCry was reported to be spreading like wildfire.
Black Lives Matter
2021-01-20: The first good night's sleep I had in 4 years.
2021-01-20: The first good night's sleep I had in 4 years.
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: Ransomware Attack
Ya I have no idea how they handle their windows updates globally. I know this started in Europe and starting spreading to everywhere else. It sounded like it was really really bad. I know that when we want to release stuff through them it turns into a 90 year process as they overtest and then impose blackout dates all over the place. I wouldn't doubt that they do similar crap with windows updates.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
-
- Posts: 24795
- Joined: Wed Oct 13, 2004 12:58 pm
Re: Ransomware Attack
So it is starting to look like this one is a wiper pretending to be ransomware. Some company's really need to figure out their shit. Unpatched systems? Pass the hash attacks? Inexcusable for the big guys at this point.
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: Ransomware Attack
On the plus side I've really cleared out my backlog of work I couldn't get to. They are still on total lockdown. It's crazyyyyyyy.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- Isgrimnur
- Posts: 82287
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Ransomware Attack
Guardian
Firstly, the ransom note includes the same Bitcoin payment address for every victim – most ransomware creates a custom address for every victim. Secondly, the malware asks victims to communicate with the attackers via a single email address which has been suspended by the email provider after they discovered what it was being used for. This means that even if someone pays the ransom, they have no way to communicate with the attacker to request the decryption key to unlock their files.
It's almost as if people are the problem.
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: Ransomware Attack
Yup which is why they are wiping and reloading god knows how many computers.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: Ransomware Attack
Our IT did an audit of our servers and went oh crap and are emergency patching. Now this I'm not surprised about. Even if we have 4 freaking network admins for one tiny office.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- Isgrimnur
- Posts: 82287
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Ransomware Attack
If being responsible for security it part of your job, how is it you don't watch the media enough to know about these things?
It's almost as if people are the problem.
- Punisher
- Posts: 4062
- Joined: Thu Mar 24, 2005 12:05 pm
Re: Ransomware Attack
I've been in IT for a while now and have dealt with companies large and small as well as communicating with various peers
here are some reasons I've seen this happens..
1) Incompetence. yes it happens..even with experienced people
2) "Budget" Many companies, even large ones see the IT department as a sinkhole of expenses.
3) Testing... Many big companies won't deploy anything without rigorous testing.. for good reason... I have been involved/heard about multiple cases where a patch was pushed and broke some critical software requiring days of downtime in a few cases. As Octavious mentioned, this testing can take a while... sometimes months...
I'm sure there are other valid reasons, but it's late and my meds are kicking in so that's it for tonight.
here are some reasons I've seen this happens..
1) Incompetence. yes it happens..even with experienced people
2) "Budget" Many companies, even large ones see the IT department as a sinkhole of expenses.
3) Testing... Many big companies won't deploy anything without rigorous testing.. for good reason... I have been involved/heard about multiple cases where a patch was pushed and broke some critical software requiring days of downtime in a few cases. As Octavious mentioned, this testing can take a while... sometimes months...
I'm sure there are other valid reasons, but it's late and my meds are kicking in so that's it for tonight.
All yourLightning Bolts are Belong to Us
- gbasden
- Posts: 7670
- Joined: Wed Oct 13, 2004 1:57 am
- Location: Sacramento, CA
Re: Ransomware Attack
Why on earth would you disable bitlocker? The malware is using an SMB attack vector using the Eternal Blue exploit. The first thing they should do is apply the patch that has been out for months, now, as well as disabling SMB v1 if they haven't already done so.Vorret wrote:People and especially businesses need to disable bitlocker on their computers...
https://www.symantec.com/connect/blogs/ ... -need-know
https://blogs.technet.microsoft.com/mmp ... abilities/
None of the mitigation advice mentions bitlocker at all, and removing your own device encryption does nothing but make it easier for people to steal data from your machines. Am I missing something?
-
- Posts: 547
- Joined: Mon Oct 18, 2004 12:59 am
Re: Ransomware Attack
Turns out it's probably a cyberweapon masquerading as ransomware.Isgrimnur wrote:Guardian
Firstly, the ransom note includes the same Bitcoin payment address for every victim – most ransomware creates a custom address for every victim. Secondly, the malware asks victims to communicate with the attackers via a single email address which has been suspended by the email provider after they discovered what it was being used for. This means that even if someone pays the ransom, they have no way to communicate with the attacker to request the decryption key to unlock their files.
https://securelist.com/expetrpetyanotpe ... are/78902/
- Octavious
- Posts: 20040
- Joined: Fri Oct 15, 2004 2:50 pm
Re: Ransomware Attack
I give 10-1 odds it was testing. They are nuts about testing and also they have had MAJOR management changes the last 4-6 months. Half the people don't know what their roles are anymore, so I can totally see how this happened. Just got a message that they will likely move my release to the first week of August. That blows, means I have to watch the release over the weekend and that's my birthday. I'm going to push it another week just because of that!Punisher wrote:I've been in IT for a while now and have dealt with companies large and small as well as communicating with various peers
here are some reasons I've seen this happens..
1) Incompetence. yes it happens..even with experienced people
2) "Budget" Many companies, even large ones see the IT department as a sinkhole of expenses.
3) Testing... Many big companies won't deploy anything without rigorous testing.. for good reason... I have been involved/heard about multiple cases where a patch was pushed and broke some critical software requiring days of downtime in a few cases. As Octavious mentioned, this testing can take a while... sometimes months...
I'm sure there are other valid reasons, but it's late and my meds are kicking in so that's it for tonight.
Capitalism tries for a delicate balance: It attempts to work things out so that everyone gets just enough stuff to keep them from getting violent and trying to take other people’s stuff.
Shameless plug for my website: www.nettphoto.com
Shameless plug for my website: www.nettphoto.com
- LawBeefaroni
- Forum Moderator
- Posts: 55364
- Joined: Fri Oct 15, 2004 3:08 pm
- Location: Urbs in Horto, outrageous taxes on everything
Re: Ransomware Attack
Ouch.
Marcus Hutchins, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak in its tracks by discovering a hidden “kill switch” for the malware, has been arrested by the FBI over his alleged involvement in another malicious software targeting bank accounts.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton
MYT
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton
MYT
- Punisher
- Posts: 4062
- Joined: Thu Mar 24, 2005 12:05 pm
Re: Ransomware Attack
as they say.. takes one to know one.LawBeefaroni wrote:Ouch.Marcus Hutchins, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak in its tracks by discovering a hidden “kill switch” for the malware, has been arrested by the FBI over his alleged involvement in another malicious software targeting bank accounts.
All yourLightning Bolts are Belong to Us
- hepcat
- Posts: 51489
- Joined: Wed Oct 13, 2004 3:02 pm
- Location: Chicago, IL Home of the triple homicide!
Re: Ransomware Attack
I did not expect that. The kid seemed so sincere in all his interviews.
He won. Period.
- Anonymous Bosch
- Posts: 10514
- Joined: Thu Oct 14, 2004 6:09 pm
- Location: Northern California [originally from the UK]
Re: Ransomware Attack
Brings to mind to the old Nietzche quote:LawBeefaroni wrote:Ouch.Marcus Hutchins, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak in its tracks by discovering a hidden “kill switch” for the malware, has been arrested by the FBI over his alleged involvement in another malicious software targeting bank accounts.
"He who fights with monsters should look to it that he himself does not become a monster. And if you gaze long into an abyss, the abyss also gazes into you."
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
- LawBeefaroni
- Forum Moderator
- Posts: 55364
- Joined: Fri Oct 15, 2004 3:08 pm
- Location: Urbs in Horto, outrageous taxes on everything
Re: Ransomware Attack
Or takes one to know one .
Kronos was before wanna. Although it looks like he was arrested because he sold Kronos on alphabay. No evidence that he actually used it to steal accounts. Fine line too be sure though.
Kronos was before wanna. Although it looks like he was arrested because he sold Kronos on alphabay. No evidence that he actually used it to steal accounts. Fine line too be sure though.
" Hey OP, listen to my advice alright." -Tha General
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton
MYT
"No scientific discovery is named after its original discoverer." -Stigler's Law of Eponymy, discovered by Robert K. Merton
MYT
- Sudy
- Posts: 8279
- Joined: Sun Nov 21, 2004 3:11 am
- Location: Ontario, Canada
Re: Ransomware Attack
My company got hit on Friday.
I saw a commercial on late night TV. It said, "Forget everything you know about slipcovers." So I did. And it was a load off my mind. Then the commercial tried to sell me slipcovers, and I didn't know what the hell they were. -- Mitch Hedberg
- FishPants
- Server WhOOre
- Posts: 4661
- Joined: Fri Oct 15, 2004 1:38 pm
- Location: Canada
Re: Ransomware Attack
But.. How? They hadn't patched endpoints yet? That's a crazy lag time on a pretty widely published vulnerability.
No.
-
- Posts: 24795
- Joined: Wed Oct 13, 2004 12:58 pm
Re: Ransomware Attack
There might have been something new on Friday. One of my friends had big outages on Friday as well...and there was some chatter in the CTI channels. It is early and all that but this is going to be a continuing threat for some time.
- Punisher
- Posts: 4062
- Joined: Thu Mar 24, 2005 12:05 pm
Re: Ransomware Attack
It could have been an end user who caused it.. That happens.. A lot..
We had a client get hit by a virus AND an intrusion due to a user replying to fake emails. We had to lock down the whole company and implement a bunch of security procedures.
A week later, the same user did the same thing and gave outside people her password... and again the week after. We STILL don't understand how she still has a job... She has also been complaining that the procedures slow her work down...
I suspect she knows where the bodies are buried.
All yourLightning Bolts are Belong to Us