Ransomware

Member
Joined 2003
Paid Member
Looks like the ransomware gang the hit royalmail.com did a good job. 12 days later and they still can't ship any international parcels. I think this kind of stuff is only going to get worse - I heard they were asking for £12 million. Unbelievable.

In the meantime, I can't ship anything until the issue is resolved.

😠
 
Member
Joined 2019
Paid Member
It's been a thing for a while. There are so many routes into a system they're difficult to protect and too many firms can't or won't spend the money to implement and enforce even rudimentary protocols to limit employee access across multiple systems, restrict file system access, and particularly access to key databases and files.

They're like sardines hunted by sharks each swirling around and hoping that there's safety in numbers and that there's a slower, dumber target nearby...
 
Member
Joined 2019
Paid Member
Software businesses should be hiring hackers to test their software for them.
They do. Or at least some do.

But often the problem is process not software implementation.
  • User accounts with too much access.
  • No formal process for account creation or changing privileges.
  • No firewall between development systems and business.
  • Passwords common across systems.
  • Access granted for one job never revoked.
  • Key system passwords never changed.
  • Software never updated to incorporate security fixes.
'hacks' as simple as people being asked to provide passwords and user names in response to an email or phone call faked to look like it came from the 'boss'

Some of this stuff you couldn't make up.

But people do dumb things. Like the one who brought the NHS to it's knees by sending and email to everyone in the NHS. Then people who'd received the email all replied copying in everyone else to tell them they'd received the email in error....
 
  • Like
Reactions: 1 user
While there is sloppy and lazy software writing there will always be ransomware.
When writing software you should spend as much time on fixin g what the software isnt supposed to do as well as what it is supposed to do.
Software businesses should be hiring hackers to test their software for them.
I believe that we're living in world of ASAPs and Excel spreadsheets ,which as a result doesn't allow to have more than required minimum around removing vulnerable lines from the code.

Also what @StevenCrook has written - implementation of information security controls doesn't take the risk away as the users are the weakest link, which makes them to be targeted the most. Exploits of security mechanisms without interaction from the users are the rarest ones.
 
Looks like the ransomware gang the hit royalmail.com did a good job. 12 days later and they still can't ship any international parcels. I think this kind of stuff is only going to get worse - I heard they were asking for £12 million. Unbelievable.

In the meantime, I can't ship anything until the issue is resolved.

😠
@Bonsai

Had a colleague of mine just ship with Evri from the UK. Don't know if that is an option for you but he was able to ship me the item and as you know I live in the U.S. There is of course DHL, UPS, etc...

Yes we want to buy your pcb's!!

Best,
Anand.
 
I remember well the first virus in the UK.
It was on a floppy disc and it calculated your risk of getting AIDS.
Like an idiot I ran it and it deleted all the files from my hard drive.

The biggest virus is Windows.
I installed Windows on my pc in 2006 and in its wisdom it formatted both main drive and backup drive.
I had some stuff on DVD's but still lost some stuff forever.
So I use DVD's and flash drives (one in the car in case of fire.)
 
  • Like
Reactions: 1 user
I believe that we're living in world of ASAPs and Excel spreadsheets ,which as a result doesn't allow to have more than required minimum around removing vulnerable lines from the code.

Also what @StevenCrook has written - implementation of information security controls doesn't take the risk away as the users are the weakest link, which makes them to be targeted the most. Exploits of security mechanisms without interaction from the users are the rarest ones.
Easiest thing in the world just leave infected USB sticks around or phish away.
 
Member
Joined 2019
Paid Member
Ransomware attacks must come over the network and outside the firewall. So somehow, they’ve figured a way through all the normal checks.
Sure, but if you've got someone to hand you an account and password through phishing you've bypassed all that stuff. There's plenty of information on the web, Linkedin & Facebook are goldmines of personal histories that're useful if you're going to impersonate someone in an email or on the phone.

Compromise a laptop, install a key logger or network sniffer wait till it's back in the building.

Many years ago my partner bluffed her way in to a theatre past multiple layers of 'security' to see (a very surprised) Dustin Hoffman. He was charming.

She also managed to get to speak to the MD of a multinational over the phone by using his first name and a few personal details, starting with reception and working her way up.

You don't need technology...
 

TNT

Member
Joined 2003
Paid Member
Ransomware attacks must come over the network and outside the firewall. So somehow, they’ve figured a way through all the normal checks.
They exploit know errors which when they are trigged, the system goes belly up and then its free entrance... like when you see Windows cmd prom on the screen where there should have been adds etc... I suppose they also sometimes get hold of proper credentials...

//
 
  • Like
Reactions: 1 user
Member
Joined 2019
Paid Member
From the PC Gamer site: "an activist and hacker who goes by the name maia arson crimew uncovered a version of the United States government's No-Fly List dated to 2019 on an unsecured server owned by regional US airline, CommuteAir. "

You can get all sorts of stuff from unsecured machines, some of it can be used to access secured machines. I'm constantly amazed when I read reports of how systems are breached.

LastPass was attacked last August and non customer information taken from a development server. They were attacked again, using some of the information from the earlier attack to leverage keys and passwords to other systems from a lastpass employee.
 
From the PC Gamer site: "an activist and hacker who goes by the name maia arson crimew uncovered a version of the United States government's No-Fly List dated to 2019 on an unsecured server owned by regional US airline, CommuteAir. "

You can get all sorts of stuff from unsecured machines, some of it can be used to access secured machines. I'm constantly amazed when I read reports of how systems are breached.

LastPass was attacked last August and non customer information taken from a development server. They were attacked again, using some of the information from the earlier attack to leverage keys and passwords to other systems from a lastpass employee.

The worst job in history - CISO. All the company's failures modes and usually not enough budget and a business board that simply wishes to wash their hands of it.
 
Member
Joined 2019
Paid Member
Years back I worked on a secure system that actually let people login after several failed attempts instead of blocking them. The 'Keep them talking' login put them into a sandbox to play around while in the security office klaxons were going and they were doing back traces and trying to hack the hacker...

It was, apparently, quite effective fly paper.
 
  • Like
Reactions: 2 users
While there is sloppy and lazy software writing there will always be ransomware.
When writing software you should spend as much time on fixing what the software isnt supposed to do as well as what it is supposed to do.
Software businesses should be hiring hackers to test their software for them.
You mean hire them back? Those hackers are former software developers.
 
  • Like
Reactions: 1 users