News Hackers Demand $70 Million in Ransomware Attack Hitting 200+ Companies

Heat_Fan89

Notable
Jul 13, 2020
277
109
890
7
Yeah, yeah, yeah, just blame it on the Russians. Good one politicians. It's all about the money but just think that our public grid is also on the internet.
 

jkflipflop98

Distinguished
Feb 3, 2006
1,699
144
19,970
3
When these jokers hit a company like Google or Microsoft that employs some of the best programmers in the world - I always imagine some nerd in a cubicle somewhere smirking and cracking his knuckles before putting on a master class in what a real coder looks like.
 

USAFRet

Titan
Moderator
Mar 16, 2013
154,718
11,266
176,090
24,154
When these jokers hit a company like Google or Microsoft that employs some of the best programmers in the world - I always imagine some nerd in a cubicle somewhere smirking and cracking his knuckles before putting on a master class in what a real coder looks like.
The problem there would be that these "not really real coders" let it happen in the first place.

Sony:
https://en.wikipedia.org/wiki/Sony_Pictures_hack

Netflix:
https://www.her.ie/business/netflix-has-been-hacked-heres-how-to-check-if-your-account-is-affected-268027

Microsoft:
https://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/?sh=26f06fe64d1b

Mercedes:

Yahoo:
https://en.wikipedia.org/wiki/Yahoo!_data_breaches
 

gdmaclew

Distinguished
May 20, 2008
1,498
53
19,540
99
The problem there would be that these "not really real coders" let it happen in the first place.

Sony:
https://en.wikipedia.org/wiki/Sony_Pictures_hack

Netflix:
https://www.her.ie/business/netflix-has-been-hacked-heres-how-to-check-if-your-account-is-affected-268027

Microsoft:
https://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/?sh=26f06fe64d1b

Mercedes:

Yahoo:
https://en.wikipedia.org/wiki/Yahoo!_data_breaches
I could not agree with you more.
Before I retired I worked for a large Canadian government department (10,000 clients) and we were very strict when it came to Backups and Backups of Backups.
That included online Backups and offline Backups.
I hear a lot of complaints about public servants but our group was the most dedicated and computer savvy bunch of "old coders".
Real "old coders". Going right back to Assembler days. And we knew our stuff.
I have no idea why some of this stuff is online in the first place - so you can open a valve from your desk?
The sooner these networks are hardened, the faster we can put these cowards out of business.
Didn't the US invent the Internet? (DARPA)
 

USAFRet

Titan
Moderator
Mar 16, 2013
154,718
11,266
176,090
24,154
I have no idea why some of this stuff is online in the first place - so you can open a valve from your desk?
Its not that the control systems are directly accessible.

Rather the monitoring is fed out to regular systems.
Once that network goes down, the whole thing needs to be taken offline, until it can be recovered from a backup, or a full reinstall. Which is NOT trivial.
Things need to be brought back online in a specific order.
Assuming there exists a proper backup scenario, and detailed, tested checklist of how to restart.

2-3 days of downtime while everything is restarted == potential millions of $$.

The question is - How did this ransomware get into the network to begin with?
It does NOT happen randomly or via a driveby...some idiot opened something he shouldn't, or brought some crap from home.
 

gdmaclew

Distinguished
May 20, 2008
1,498
53
19,540
99
I agree.
Plus network administrators and software vendors are not doing their job by using checksums to verify their updates.
How else does something like the SolarWinds breach get distributed?
It's all about accountability and over the last 30 years I've seen the bar get lower and lower.
If everyone was doing their jobs to the utmost these things wouldn't be happening.
 
Reactions: Stevemeister

PCMan75

Prominent
Oct 29, 2020
10
2
515
0
Having been a Windows developer for many years - I became deeply disappointed with Microsoft recently. I can understand how a single client pc can get infected - but having malware escalate it's privileges to domain admin (from a regular user) - there must be huge design-level failures (in Windows software) for it to happen.
 

PCMan75

Prominent
Oct 29, 2020
10
2
515
0
Also, having worked for a couple of large companies recently - there're Windows domains and Exchange - but there's no CIFS anywhere: not only there aren't any Windows files servers present, but SMB functionality is disabled on all client systems. Mostly, HTTP-based file storage is enabled: Box, SharePoint, etc.
 

daworstplaya

Distinguished
Oct 30, 2009
159
95
18,660
0
I agree.
Plus network administrators and software vendors are not doing their job by using checksums to verify their updates.
You mean Security/Security posture administrators? There is only so much a "Network" administrator can do and anything that faces the internet can only be hardened so much. With devops teams constantly asking for more and more apps to talk to the internet, it's a never ending gaming of opening certain ports. You never know when a service facing the internet might have a vulnerability as Devops people aren't the smartest with it comes to Security. Techonology really has gotten too complicated. Security scan software can only catch vulnerabilities it knows about. It's always a case of cat and mouse.

IMHO, this is a perfect case to ban Crypto. Get rid of the form of anonymous payment system, you're gonna cripple these crooks.
 
Reactions: Chung Leong
Jul 5, 2021
2
0
10
0
No matter how it happens, no matter why it happens, it is so dangerous that it is time for the United States to put boots on the ground. We need to send people out there to find them and make it impossible for them to continue. Don't kill them, just make them stop. i.e. make it too expensive for them to continue. (Hey Brother Biden, are you listening?)
 

Joseph_138

Honorable
Nov 22, 2016
401
70
10,790
28
Why do businesses insist on making their critical systems accessible from the internet? If you have a system that your business can't function without, it should only be accessible locally. No internet, no hacks.
 
Reactions: realydonewithit

jkflipflop98

Distinguished
Feb 3, 2006
1,699
144
19,970
3
No matter how it happens, no matter why it happens, it is so dangerous that it is time for the United States to put boots on the ground. We need to send people out there to find them and make it impossible for them to continue. Don't kill them, just make them stop. i.e. make it too expensive for them to continue. (Hey Brother Biden, are you listening?)

I think they call that an "act of war".
 

InvalidError

Titan
Moderator
Why do businesses insist on making their critical systems accessible from the internet? If you have a system that your business can't function without, it should only be accessible locally. No internet, no hacks.
There isn't much left today that is designed to operate offline. Even manufacturing which used to be largely set-and-forget between maintenance intervals and failures has online components for coordinating production, remote monitoring, diagnosis, management, etc. Being online is simply too convenient.

The next best thing is layered security using different hardware and software to make it exceedingly difficult to breach all layers without detection.

Since the majority of modern exploits are only possible due to systems running 1000X more code than is really needed to do the specific job thanks to using a generic bloated OSes with huge driver, API and support software stack, another option would be to have purpose-built bare-metal hardware and software for firewalling critical systems to fully constrain what can come in and out. Can't do miracles on security when you have the equivalent of a billion lines of ancillary code floating around your mission-critical data.
 
Reactions: daworstplaya

Joseph_138

Honorable
Nov 22, 2016
401
70
10,790
28
Yes, what these criminals are doing is an act of war.
Except you can't just invade a country to catch criminals on their territory. How do you know a government is behind this? Are you ready for World War 3 to start, if we invade a powerful country like China or Russia over a hacker group? Are you ready for foreign troops marching through the streets of the town that you live in? Don't think it can't happen, especially in light of the senile old man we have running things right now.
 

ASK THE COMMUNITY