News Hackers Demand $70 Million in Ransomware Attack Hitting 200+ Companies

[Admin]

Hacker group REvil demanded $70 million worth of Bitcoin in exchange for the decryption key used in its latest ransomware campaign.

Hackers Demand $70 Million in Ransomware Attack Hitting 200+ Companies : Read more

 

[Heat_Fan89]

Yeah, yeah, yeah, just blame it on the Russians. Good one politicians. It's all about the money but just think that our public grid is also on the internet.

 

[jkflipflop98]

When these jokers hit a company like Google or Microsoft that employs some of the best programmers in the world - I always imagine some nerd in a cubicle somewhere smirking and cracking his knuckles before putting on a master class in what a real coder looks like.

 

[USAFRet]

When these jokers hit a company like Google or Microsoft that employs some of the best programmers in the world - I always imagine some nerd in a cubicle somewhere smirking and cracking his knuckles before putting on a master class in what a real coder looks like.

The problem there would be that these "not really real coders" let it happen in the first place.

Sony:
https://en.wikipedia.org/wiki/Sony_Pictures_hack

Netflix:
https://www.her.ie/business/netflix...w-to-check-if-your-account-is-affected-268027

Microsoft:
https://www.forbes.com/sites/daveyw...tomer-records-exposed-online/?sh=26f06fe64d1b

Mercedes:

Mercedes-Benz vendor data breach leaks sensitive customer information

The company says fewer than 1,000 customers are affected, but info compromised may include Social Security and credit card numbers.

www.cnet.com

Yahoo:
https://en.wikipedia.org/wiki/Yahoo!_data_breaches

 

[theusual]

I think we need some public executions for these offenders as a deterrent.

 

[ThatMouse]

We say animals attack, but is it really the fault of the animal?

 

[gdmaclew]

The problem there would be that these "not really real coders" let it happen in the first place.

Sony:
https://en.wikipedia.org/wiki/Sony_Pictures_hack

Netflix:
https://www.her.ie/business/netflix...w-to-check-if-your-account-is-affected-268027

Microsoft:
https://www.forbes.com/sites/daveyw...tomer-records-exposed-online/?sh=26f06fe64d1b

Mercedes:

Mercedes-Benz vendor data breach leaks sensitive customer information

The company says fewer than 1,000 customers are affected, but info compromised may include Social Security and credit card numbers.

www.cnet.com

Yahoo:
https://en.wikipedia.org/wiki/Yahoo!_data_breaches

I could not agree with you more.
Before I retired I worked for a large Canadian government department (10,000 clients) and we were very strict when it came to Backups and Backups of Backups.
That included online Backups and offline Backups.
I hear a lot of complaints about public servants but our group was the most dedicated and computer savvy bunch of "old coders".
Real "old coders". Going right back to Assembler days. And we knew our stuff.
I have no idea why some of this stuff is online in the first place - so you can open a valve from your desk?
The sooner these networks are hardened, the faster we can put these cowards out of business.
Didn't the US invent the Internet? (DARPA)

 

[USAFRet]

I have no idea why some of this stuff is online in the first place - so you can open a valve from your desk?

Its not that the control systems are directly accessible.

Rather the monitoring is fed out to regular systems.
Once that network goes down, the whole thing needs to be taken offline, until it can be recovered from a backup, or a full reinstall. Which is NOT trivial.
Things need to be brought back online in a specific order.
Assuming there exists a proper backup scenario, and detailed, tested checklist of how to restart.

2-3 days of downtime while everything is restarted == potential millions of $$.

The question is - How did this ransomware get into the network to begin with?
It does NOT happen randomly or via a driveby...some idiot opened something he shouldn't, or brought some crap from home.

 

[gdmaclew]

I agree.
Plus network administrators and software vendors are not doing their job by using checksums to verify their updates.
How else does something like the SolarWinds breach get distributed?
It's all about accountability and over the last 30 years I've seen the bar get lower and lower.
If everyone was doing their jobs to the utmost these things wouldn't be happening.

 

[PCMan75]

Having been a Windows developer for many years - I became deeply disappointed with Microsoft recently. I can understand how a single client pc can get infected - but having malware escalate it's privileges to domain admin (from a regular user) - there must be huge design-level failures (in Windows software) for it to happen.

 

[PCMan75]

Also, having worked for a couple of large companies recently - there're Windows domains and Exchange - but there's no CIFS anywhere: not only there aren't any Windows files servers present, but SMB functionality is disabled on all client systems. Mostly, HTTP-based file storage is enabled: Box, SharePoint, etc.

 

[daworstplaya]

I agree.
Plus network administrators and software vendors are not doing their job by using checksums to verify their updates.

You mean Security/Security posture administrators? There is only so much a "Network" administrator can do and anything that faces the internet can only be hardened so much. With devops teams constantly asking for more and more apps to talk to the internet, it's a never ending gaming of opening certain ports. You never know when a service facing the internet might have a vulnerability as Devops people aren't the smartest with it comes to Security. Techonology really has gotten too complicated. Security scan software can only catch vulnerabilities it knows about. It's always a case of cat and mouse.

IMHO, this is a perfect case to ban Crypto. Get rid of the form of anonymous payment system, you're gonna cripple these crooks.

 

[realydonewithit]

No matter how it happens, no matter why it happens, it is so dangerous that it is time for the United States to put boots on the ground. We need to send people out there to find them and make it impossible for them to continue. Don't kill them, just make them stop. i.e. make it too expensive for them to continue. (Hey Brother Biden, are you listening?)

 

[Joseph_138]

Why do businesses insist on making their critical systems accessible from the internet? If you have a system that your business can't function without, it should only be accessible locally. No internet, no hacks.

 

[jkflipflop98]

No matter how it happens, no matter why it happens, it is so dangerous that it is time for the United States to put boots on the ground. We need to send people out there to find them and make it impossible for them to continue. Don't kill them, just make them stop. i.e. make it too expensive for them to continue. (Hey Brother Biden, are you listening?)

I think they call that an "act of war".

 

[Chung Leong]

I know who're involved in this attack: everyone who mines bitcoins and everyone who trades bitcoins.

 

[InvalidError]

Why do businesses insist on making their critical systems accessible from the internet? If you have a system that your business can't function without, it should only be accessible locally. No internet, no hacks.

There isn't much left today that is designed to operate offline. Even manufacturing which used to be largely set-and-forget between maintenance intervals and failures has online components for coordinating production, remote monitoring, diagnosis, management, etc. Being online is simply too convenient.

The next best thing is layered security using different hardware and software to make it exceedingly difficult to breach all layers without detection.

Since the majority of modern exploits are only possible due to systems running 1000X more code than is really needed to do the specific job thanks to using a generic bloated OSes with huge driver, API and support software stack, another option would be to have purpose-built bare-metal hardware and software for firewalling critical systems to fully constrain what can come in and out. Can't do miracles on security when you have the equivalent of a billion lines of ancillary code floating around your mission-critical data.

 

[lvt]

And all this because they hired stupid people who clicked on any scam messages they see in the mailbox by curiosity.

 

[realydonewithit]

I think they call that an "act of war".

Yes, what these criminals are doing is an act of war.

 

[Joseph_138]

Yes, what these criminals are doing is an act of war.

Except you can't just invade a country to catch criminals on their territory. How do you know a government is behind this? Are you ready for World War 3 to start, if we invade a powerful country like China or Russia over a hacker group? Are you ready for foreign troops marching through the streets of the town that you live in? Don't think it can't happen, especially in light of the senile old man we have running things right now.