Rampant ransomware.

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,929
Reaction score
6,777
Location
Scotland
It's bad when individuals lose all their data and discover they should have had it backed up :



But so much worse when critical national infrastructure is brought down :
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
The thing that gets me is that even if the IT department is truly security conscious they still can't stop stupid users from opening infected emails or files. I'm not making excuses for crappy security procedures by far too many companies but there's always at least one idiot involved many times.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,929
Reaction score
6,777
Location
Scotland
The thing that gets me is that even if the IT department is truly security conscious they still can't stop stupid users from opening infected emails or files.
One automated detection method I was involved with well over 10 years ago was to send inbound emails into a virtual environment, which simulated a user opening an email and attachments and clicking on links, and evaluating what happened, effectively in a sandbox so no actual consequences.
It was pretty good at spotting possible malicious behaviour and quarantining suspicious items for analysis.

That was back when Adobe had to be coached by external security professionals to re-write large parts of their code to reduce the high number of exploitable vulnerabilities that weaponised PDF files were taking so much advantage of.
 

handinpalm

Getting comfortable
Joined
Sep 21, 2016
Messages
679
Reaction score
1,432
Location
Tampa Bay FL
Actually, the ransomware hacks are the least of worries when the Bad State sponsored hackers go after the electrical grid. They already have the capability to permanently destroy a lot of very expensive and hard to get generators. It would/will take out much of the grid. Just imagine how long it would take for complete anarchy to break out after power is out. People would get hungry fast. This is how the next war will be fought, without firing a single shot, and without a boot on the ground. The countries with most technology in the infrastructure will be the most susceptible. You may not want to be one of the lucky ones to survive. @sebastiantombs is correct, it is very difficult to stop curious/stupid people from clicking on things, so it is easy to execute the war.
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
The Mrs worked at the State Police. Their IT department, while not the greatest, did what they could. They constantly send out emails warning not to open unsolicited email, especially from addresses/people you don't know. In spite of that one of her co=workers opened a malware scam and took out a server or three with it. When questioned is she had read the warning emails she said ""of course". When asked why she clicked on an email from someone she didn't know she said "I wanted to see the picture". You can't cure or secure from stupid. That employee is still working there, union rules.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,541
Location
USA
The Mrs worked at the State Police. Their IT department, while not the greatest, did what they could. They constantly send out emails warning not to open unsolicited email, especially from addresses/people you don't know. In spite of that one of her co=workers opened a malware scam and took out a server or three with it. When questioned is she had read the warning emails she said ""of course". When asked why she clicked on an email from someone she didn't know she said "I wanted to see the picture". You can't cure or secure from stupid. That employee is still working there, union rules.
A case of "honesty is the best policy" and union rules creating unintended consequences...

Please tell us you know what the picture was she so wanted to see LOL.
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,432
Reaction score
38,152
Location
Alabama
You can't cure or secure from stupid.
My fav response from customers that have an issue after opening, for example, a phishing e-mail from ANY major or well-known bank, financial institution, cellular service provider or shipping company:
"....well it had the company's logo and it looked official. They can't use trademarked logos, can they?"​

My response: "...uh, yea they can and they will...they are C-R-I-M-I-N-A-L-S ! They don't care about trademarks!"

Or "...the popup (or phone call) said they were with Microsoft, so I gave them my credit card number and gave them remote access to my PC..."​

And I say "...Does it sound to you that Microsoft could make 143 billion dollars in 2020 by making phone calls to people just to make a lousy $100 to 200 per call?"

I usually get a blank stare in response. :idk:
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,432
Reaction score
38,152
Location
Alabama
Hey look, my tower pc has a slide out cup holder.

Lady being shown how to send a fax, the fax scanned, and dropped to the floor, she says " Wow, that was fast"
Or in 1990 (when 3.5" disks were the rage) when I jokingly told our receptionist she could leave the poly sleeve on the floppy "...to protect the PC from a virus."
Later I overhear our county IT-guy telling my boss "...man, I had to practically disassemble her PC to get all the @#$% plastic out of the drive." :highfive:
 

iwanttosee

Pulling my weight
Joined
Dec 27, 2020
Messages
203
Reaction score
186
Location
US
Last edited:

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
Yes, they can be filtered, but only if senior management allows it to be. When you deal Internationally filtering by Country becomes problematic as well. It all comes down to what senior management is willing to risk and they generally haven't got a clue hence "problems arise". Where I used to work when I started, way back in the mainframe days when networked PCs were just starting to be used on coax, I warned them about not using anti virus software and scans. They didn't listen until the server went down with early malware and it cost them three days of production to get anti virus installed on everything and everything scanned. All it took was one user with an infected 3.5" floppy brought from home.
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
You can absolutely block pictures, executable, & links on emails or use email filter service like SpamTitan Email Security and Anti-Spam Solution: 500 5-Star Reviews to filter out spam. You can also filter out Russia/China internet traffic from the firewall.

Now stupid users, I agree with you.
One thing to remember is that no system is 100% - that's why when talking security, it's about a strategy that encompasses many layers of protection.

In Colonial's case, we should be asking why the user network (with access to Internet, email etc.) and the pipeline controls network were allowed to talk to each other at all. There should have been a 100% air-gap between the two. Had they implemented the air gap in their strategy, it wouldn't even be a news story.
 

Old Timer

Known around here
Joined
Jul 20, 2018
Messages
1,352
Reaction score
2,945
Location
I'm ok
You can add all the spam filters, antivirus and all of those videos that management made them watch about cyber security
you want, but there is no way to filter the dumb human that thinks it will never happen to them!

I have seen ransomware hit a financial office, and it came in an email that the top boss man had complained about because it
was stopped by the spam filter, and he had to see it. After clicking the link on his computer (with admin privileges that he had
to have), it encrypted all 5 servers.

We were called in to see if we could bring them back on line. The only saving factor was a backup linked off site that did not get corrupted.
After 2 weeks we had them back on line and email going. After 2 months we had things working the way they wanted them.

And the boss still had admin rights, and the SPAM filter was a click away for all of the employees. We walked out with the check, never to look back again!

People will always chose convince over security

Rant over, I'll get off my soap box.......
 
Top