Ransomware

Bill Gates Jr. · May 14, 2021

General question regarding the ransomeware attack on the Colonial pipeline. If the operating system is backed up by a separate (bootable drive?). would erasing the drive, then reinstalling the operating system remove the ransomeware? Or would the poor security of the software just allow the culprits to reinfect the same program?

Is it cheaper to just ay the $5 million ransom for now, especially since the need for gas and other fuels to flow, then later, try and come up with a better, less easier hacked program?

Raz0rEdge · May 14, 2021

Hackers have learned that they should ask for ransoms that's reasonable to the person/entity being hacked. Asking for $5 million from an individual is out of this world, while $5k for important data might not be.

Companies have cyber security insurance and so the insurance companies usually covers these types of things and perhaps even pay the hacker to get the access back or whatever quickly and then the company has time to plug the holes.

Part of paying the ransom also allows for discovery on what method was used to gain access and if that can be determined, the hole can be plugged faster.

A lot of most nations infrastructure is running on technology from many decades ago and as connectivity has continued to evolve, they've been haphazardly connected, thus leading the holes.

You would imagine that most of these systems should actually be on a completely closed off network that can't be hit by the outside world, but when these systems were brought up, that external threat wasn't something they were thinking about.

On an individual basis, if you wipe out your current drive, re-install the OS and take care as to WHERE you get your applications, you will be fine.

pigoo3 · May 14, 2021

Raz0rEdge said:
Companies have cyber security insurance and so the insurance companies usually covers these types of things...

"Someone's" insurance premiums will probably be going up?

- Nick

Raz0rEdge · May 14, 2021

pigoo3 said:
"Someone's" insurance premiums will probably be going up?

- Nick

Yup, akin to any other insurance, the more you use it, the more you pay for your future uses.

MacInWin · May 14, 2021

As a former data center operator, what confuses me is how a company can NOT have a workable, tested, backup for critical systems. About the only way the bad guys can get around that is to have infiltrated the system so long ago the backups are corrupted so there was nothing to restore. But we always had a "virgin" backup copy of the critical stuff so that at least we could get going again, even if we had to reconstruct our data. That virgin copy was never exposed to any outside connection to keep it protected. This isn't rocket surgery here.

pm-r · May 14, 2021

MacInWin said:
what confuses me is how a company can NOT have a workable, tested, backup for critical systems.

Add me to the same list as I have been wondering the same thing. Sort of boggles my mind they just suddenly paid the ransom so that they can carry on selling their products.

- Patrick
=======

MacInWin · May 14, 2021

The "price" was within a reasonable limit. The pipeline probably makes the company that much in one day, so a couple of days without is more expensive than paying the ransom. Business decision.

pm-r · May 14, 2021

MacInWin said:
The "price" was within a reasonable limit. The pipeline probably makes the company that much in one day, so a couple of days without is more expensive than paying the ransom. Business decision.

No doubt, money speaks, but I understand the Bitcoin took quite a hit after the "deal", but it's still way up there at a healthy pace and I wouldn't refuse any.

I think my son got into it some years ago and "bought" some when it was around $35.00 I believe it was!! I hope he does well.

- Patrick
=======

chscag · May 14, 2021

Bitcoin and Gold Patrick. The only problem with either one is that you can't take them with you when the big one hits! :wink

pigoo3 · May 14, 2021

Regarding why didn't this company have better data security & a better backup plans.

If any of you have worked for larger companies...even with all their resources...you sometimes can be very surprised how cheap some companies can be...especially if a company has no history of a problem in an area. Someone probably did a risk assessment...and determined they were safe (thus they thought they didn't need to spend $$$ on something).

Of course it's not until something serious like this happens...then they realize they actually needed better practices.

Executive's at this company probably spent more on corporate golf outings. Lol

- Nick

MacInWin · May 14, 2021

pigoo3 said:
Regarding why didn't this company have better data security & a better backup plans.

If any of you have worked for larger companies...even with all their resources...you sometimes can be very surprised how cheap some companies can be...especially if a company has no history of a problem in an area. Someone probably did a risk assessment...and determined they were safe (thus they thought they didn't need to spend $$$ on something).

Of course it's not until something serious like this happens...then they realize they actually needed better practices.

Executive's at this company probably spent more on corporate golf outings. Lol

- Nick

Could be, but I suspect that auditing companies (I used to work for one) will start to add assessment of IT security to the overall assessment of companies as part of due diligence for mergers and acquisitions. And if the SEC decides to get into the game, they could also tighten up the required audits for publicly held companies. The third player will be insurance companies who offer insurance against this kind of loss, who will raise rates on everybody and have their own auditors to check the risk they are assuming. Overall, lots of ways to get security a bit more visibility.

pigoo3 · May 14, 2021

...but I suspect that auditing companies (I used to work for one) will start to add assessment of IT security to the overall assessment of companies as part of due diligence for mergers and acquisitions. And if the SEC decides to get into the game, they could also tighten up the required audits for publicly held companies. The third player will be insurance companies who offer insurance against this kind of loss, who will raise rates on everybody and have their own auditors to check the risk they are assuming.

Most definitely. Of course it takes a very visible incident/situation like this (and expensive)...to put the fear of god in some companies to do what they may have previously thought was unnecessary.

Just like 9/11...the Challenger explosion...bombing of Pearl Harbor, etc....serious change sometimes requires a one-time serious event to force companies & governments to do things better.

- NIck

Bill Gates Jr. · May 15, 2021

MacInWin said:
As a former data center operator, what confuses me is how a company can NOT have a workable, tested, backup for critical systems. About the only way the bad guys can get around that is to have infiltrated the system so long ago the backups are corrupted so there was nothing to restore. But we always had a "virgin" backup copy of the critical stuff so that at least we could get going again, even if we had to reconstruct our data. That virgin copy was never exposed to any outside connection to keep it protected. This isn't rocket surgery here.

But wouldn't the hackers just be able to exploit the same weakness in the virgin operating system as the original operating system once it is put into operation? You would need to have a closed system and it probably would not be feasible over thousands of miles of pipe lines.

MacInWin · May 15, 2021

Bill Gates Jr. said:
But wouldn't the hackers just be able to exploit the same weakness in the virgin operating system as the original operating system once it is put into operation? You would need to have a closed system and it probably would not be feasible over thousands of miles of pipe lines.

Depends on the vulnerability. If they hacked a password, on the virgin system you change all of the passwords. If they penetrated somewhere else, try tighter settings on the firewalls/crypto you use to secure the system. If you don't know, assume the worst and eliminate any Internet access. Use dedicated encrypted lines (expensive but easy to get in place quickly from the providers). As for the distance, I suspect the hack was at the control center where the entire pipeline was controlled, not the individual stations along the line. Otherwise, you take the control station out and do that one manually and keep going.

There is no "secure" system. You just want to be able to recover fast enough to keep going, stay ahead of the bad guys and build in better security as you go.

Bill Gates Jr. · May 15, 2021

Dedicated encryption would seem to be the way to go. Would that mean it would take a hacker years to crack the encryption? If so, the Feds (and the insurance companies) should mandate dedicated encryption on all critical infrastructure in the US, along with data backup. Don't understand why this has not been one before. It would be a business expense. Or is there something I am missing here. Could enemy countries, employing massive Cray type computers crack the encryption in a short time? Then hold off until some kind of crises to employ it?

MacInWin · May 15, 2021

Bill Gates Jr. said:
Dedicated encryption would seem to be the way to go. Would that mean it would take a hacker years to crack the encryption? If so, the Feds (and the insurance companies) should mandate dedicated encryption on all critical infrastructure in the US, along with data backup. Don't understand why this has not been one before. It would be a business expense. Or is there something I am missing here. Could enemy countries, employing massive Cray type computers crack the encryption in a short time? Then hold off until some kind of crises to employ it?

Welcome to cyber-warfare. That is what the military has been doing for years. But the military cannot protect commercial entities within the continental US, by law, so the companies have to pay attention when risks are identified for them. Maybe stockholders should be asking more questions about that?

Randy B. Singer · May 16, 2021

This isn't precisely on topic, but because of this news story folks have been contacting me worried that their Macintosh might get hit with ransomware.

If you are paranoid about ransomware, there is a free bit of software that can protect you. It does so by instantly identifying when a call is made to encrypt your data without permission and it stops it and alerts you:

RansomWhere? (free)
Objective-See

Another way to protect yourself from ransomware is by having a backup of your internal hard drive (a clone would probably be ideal for this), that you keep turned off and detached from your computer (so that if your internal hard drive becomes infected it can't spread to your external backup) when it isn't in the process of doing incremental backups, and which you don't have set to do frequent (e.g. more often than once a day) backups. The reason for the latter is, if you are hit with ransomware, you have time to realize it BEFORE the infection can be spread to your backup via a scheduled incremental backup.

Bill Gates Jr. · May 16, 2021

For myself, I have nothing worth ransoming. I was just curious about why companies are not better protected against ransomeware, as I am ignorant on these things...and many other things. That they have insurance for these things never crossed my mind. After I learned that, the wife said she heard that on CNN that same day...after I mentioned it to her. Never to old to learn things.

pm-r · May 16, 2021

Bill Gates Jr. said:
For myself, I have nothing worth ransoming. ...

Hmmm...??? It sounds like you might want to consider your wife as an extremely wealthy and knowledgeable asset.

And I am sure she will have an answer to any question you might have... very handy whenever you might want to learn more...

Bill Gates Jr. said:
That they have insurance for these things never crossed my mind.

Just another expense that gets added to the price of the commodity that the consumer ends up paying...

- Patrick
=======

Rod · May 16, 2021

Randy B. Singer said:
This isn't precisely on topic, but because of this news story folks have been contacting me worried that their Macintosh might get hit with ransomware.

If you are paranoid about ransomware, there is a free bit of software that can protect you. It does so by instantly identifying when a call is made to encrypt your data without permission and it stops it and alerts you:

RansomWhere? (free)
Objective-See

Another way to protect yourself from ransomware is by having a backup of your internal hard drive (a clone would probably be ideal for this), that you keep turned off and detached from your computer (so that if your internal hard drive becomes infected it can't spread to your external backup) when it isn't in the process of doing incremental backups, and which you don't have set to do frequent (e.g. more often than once a day) backups. The reason for the latter is, if you are hit with ransomware, you have time to realize it BEFORE the infection can be spread to your backup via a scheduled incremental backup.

@Randy, is RansomWhere compatible with Big Sur?

Ransomware

Bill Gates Jr.

Raz0rEdge

Well-known member

pigoo3

Well-known member

Raz0rEdge

Well-known member

MacInWin

pm-r

MacInWin

pm-r

chscag

Well-known member

pigoo3

Well-known member

MacInWin

pigoo3

Well-known member

Bill Gates Jr.

MacInWin

Bill Gates Jr.

MacInWin

Randy B. Singer

Bill Gates Jr.

pm-r

Rod

Shop Amazon