topic Re: What is the answer to Ransomware? in Industry News

What is the answer to Ransomware?

Caute_cautim — Mon, 09 Oct 2023 09:38:57 GMT

Hi All

So exactly what is the answer to Ransomware ?

https://www.zdnet.com/article/ransomware-is-the-biggest-problem-on-the-web-this-big-change-could-be-the-answer/?

1) Cyber-insurance company position - pay it - here is the money in bitcolin.

2) Cyber-criminal - thank you - I think we will do this again..... Lovely

3) Now what would happen if paying Ransomware demands was made illegal? Would that work?

4) Is it enforceable?

Your thoughts?

Regards

Caute_cautim

Re: What is the answer to Ransomware?

rslade — Mon, 28 Sep 2020 21:54:25 GMT

> Caute_cautim (Community Champion) posted a new topic in Industry News on

> So exactly what is the answer to Ransomware ?

Backups. Make a backup. Make multiple types of backup.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Open source should be about giving away things voluntarily. When
you force someone to give you something, it's no longer giving,
it's stealing. Persons of leisurely moral growth often confuse
giving with taking. - Larry Wall
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

Re: What is the answer to Ransomware?

Caute_cautim — Mon, 28 Sep 2020 22:18:37 GMT

@rsladeI agree, that is an obvious move, but also to have your incident Response playbooks up to date, PR media communications ready to go. Plus make sure your hygiene levels are good.

However, this will not stop the current practices extorted by the cyber criminals.

Why should we allow them to actually do this against society and organisations and carry on doing it?

Regards

Caute_cautim

Re: What is the answer to Ransomware?

rslade — Mon, 28 Sep 2020 23:30:25 GMT

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

> Why should we allow them to actually do this
> against society and organisations and carry on doing it?

Natural selection? Evolution in action? Thinning the herd?

(Anyway, I'm getting tired of discussing ransomware, when most of the attacks
these days are actually breachstortion ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
To define recursion, we must first define recursion.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

Re: What is the answer to Ransomware?

Caute_cautim — Mon, 28 Sep 2020 23:40:24 GMT

@rsladeSo what you are asking is it merely conjecture that they have been breached, i.e. prove it is real?

Or you are pointing out the game that is being played out.

https://www.ckd3.com/blog/breachstortion

Regards

Caute_cautim

Re: What is the answer to Ransomware?

CISOScott — Tue, 29 Sep 2020 12:26:59 GMT

So it should be a multi-prong effort.

1) Recovery -Backups

2) Prevention - Awareness training

3) Detection - Antivirus/Antimalware

4) Prevention - Secure design

Just doing one action alone won't be very effective.

We have a vendor in the US that is running a commercial claiming their product protects you from the ransomware virus. It irks me every time I hear it. I know they only have 30 seconds to try to sell their product so they are dumbing it down for the consumer but I feel it is counterproductive as it makes the customer think that ransomware is just a virus so it should be caught by the antivirus product and they can click away without worry of it infecting themselves.

I think it will eventually evolve into everything being clicked on going into a sandbox to be unpackaged and evaluated before being returned to the user.

Re: What is the answer to Ransomware?

JKWiniger — Tue, 29 Sep 2020 13:02:42 GMT

@rslade

It's been on my list to look into, but maybe you have the answer, I have heard that some ransomware can hit backups. I am guess these would be near line backups connect as a share. So any idea what types of backups ransomware can and cannot get too?

John-

Re: What is the answer to Ransomware?

tmekelburg1 — Tue, 29 Sep 2020 13:56:25 GMT

Speaking of which...

Cyberattack hobbles major hospital chain's US facilities

https://www.uhsinc.com/statement-from-universal-health-services/

Universal Health Services, Inc. Reports Information Technology Security Incident

"No patient or employee data appears to have been accessed, copied or misused"

I'm going to guess at this point they have no idea. Can't wait to read the OCR corrective action plan on this.

Re: What is the answer to Ransomware?

rslade — Tue, 29 Sep 2020 17:40:25 GMT

> JKWiniger (Contributor III) mentioned you in a post! Join the conversation

> It's been on my list to look into, but maybe you have the answer, I
> have heard that some ransomware can hit backups. I am guess these would be near
> line backups connect as a share. So any idea what types of backups ransomware
> can and cannot get too?

As usual, convenience is the enemy of security. Yes, constantly connected,
constantly updating backups are going to be subject to ransomware attacks. So,
intermittent, stored offline types of backups are going to be less subject to those
attacks. Removeable (and then stored elsewhere) media is going to be best.
Incovenient, yes, but safer.

There used to be an attack called data diddling. It was never very prevalent, but it
was particularly insidious. It made small mofidications (errors) to data
incrementally over time. If you couldn't detect it, it would affect any kinds of
backups, too. But that isn't what modern ransomware does.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
It is not the strongest of the species that survives, nor the
most intelligent, but the ones most responsive to change.
- Charles Darwin.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

Re: What is the answer to Ransomware?

JKWiniger — Tue, 29 Sep 2020 22:52:14 GMT

@rslade

It's kind of what I thought. It would be interesting is they malware gateway for backups. I mean it wouldn't be very hard to do, allow data to be pulled from behind it and don't allow any kind of push.. kind of like making backups read only if you will..

As for the old malware.. I so get it.. there was a time I have an old x286 that I wanted to use for all the viruses I collected just to see the payloads, you know when viruses where cool, like RedX, Vadar, and dropper.. sadly never seemed to have the time.. to busy rebuilding corrupt double space drives and getting the boot sectors back from.. umm was in the money virus? Can't remember the names...

Yes, I'm old.. I remember going to computer show in high school and getting the latest vscan on 3.5..

It was funny this one show was setup around the edges of a pool! and batch then the surcharge to use a CC.

ya 2600 wasn't just a magazine, it was the other name for captain crunch and the crystal I put in my tone dailer I used at Woodstock.. wait what who say that?!?! hahah

John-

Re: What is the answer to Ransomware?

chogan — Wed, 30 Sep 2020 23:20:09 GMT

When all ransomware did was encrypt your files, restore from backup was the easy answer. Now that they upped their game by exfiltrating your data and threatening to make it public if you don't pay, we are seeing more victims resorting to paying the ransom in exchange for the "certificate of destruction".

Re: What is the answer to Ransomware?

rslade — Thu, 01 Oct 2020 18:30:25 GMT

> chogan (Newcomer I) posted a new reply in Industry News on 09-30-2020 07:20 PM

> When all ransomware did was encrypt your files, restore from backup was the easy
> answer. Now that they upped their game by exfiltrating your data and
> threatening to make it public if you don't pay, we are seeing more victims
> resorting to paying the ransom in exchange for the "certificate of
> destruction".

The fact that everyone is reporting this as "ransomware" really gets my goat.
Everybody is always careless with malware terminology, and not only is extracting
data and then threatening to release it not ransomware, it doesn't even involve
malware of any kind.

I've heard some people call it breachstortion, which is kind of tortured, but
ransomware it isn't.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Q. What is the difference between a computer salesman and a used
car salesman?
A. A car salesman knows how to drive, and knows when he's lying.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

Re: What is the answer to Ransomware?

Caute_cautim — Thu, 01 Oct 2020 19:13:48 GMT

@rsladeSay that again and again to the Cyber security insurance who are exasperating the situation, by being called in and immediately paying the Bitcoin ransomsome.

Just make it illegal to pay the ransom, and it will soon die out.

Regards

Caute_cautim

Re: What is the answer to Ransomware?

Caute_cautim — Thu, 01 Oct 2020 20:27:42 GMT

@rsladeWell here is one answer - warn organisations about the tax implications of paying the ransom.

https://www.securityweek.com/treasury-department-warns-ransomware-payment-facilitators-legal-implications?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Regards

Caute_cautim

Re: What is the answer to Ransomware?

tmekelburg1 — Fri, 02 Oct 2020 17:34:26 GMT

@Caute_cautim wrote:
Say that again and again to the Cyber security insurance who are exasperating the situation, by being called in and immediately paying the Bitcoin ransomsome.

Just make it illegal to pay the ransom, and it will soon die out.

To be a devil's advocate, it's not your business that's about to go under or patient's safety at risk. Is it the best decision in the big picture of fighting back against these threats? I'd say it's not but we have that luxury with our 30,000 foot view.

Now, should we have corrective action plans implemented and enforced by government regulators for companies that opt to have cyber liability insurance pay the ransom? I absolutely believe so. There definitely should be some kind of accountability for going down that route.

Re: What is the answer to Ransomware?

Caute_cautim — Sat, 03 Oct 2020 06:18:37 GMT

@tmekelburg1There we are discussing and then all of a sudden another guide is published:

https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf

What do you think of this one?

Regards

Caute_cautim

Re: What is the answer to Ransomware?

tmekelburg1 — Mon, 05 Oct 2020 15:54:06 GMT

@Caute_cautim wrote:
@tmekelburg1There we are discussing and then all of a sudden another guide is published:

https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf

What do you think of this one?

I think it's a great guide to go through to double check your current plan. You could easily divide the prevention section up and send to the different system admins within the organization. This also reinforces what @rslade said about offline backups.

Something else that came to mind that we had this issue on. Make sure your data pipe is big enough for Cloud backups to meet your maximum tolerable downtime (MTD) and the timeframe on shipping a recovery drive. Make sure they ship on weekends and not just business days (yes, it's surprisingly a thing written in very small print at the bottom of the contract).

Re: What is the answer to Ransomware?

JKWiniger — Mon, 05 Oct 2020 20:15:54 GMT

@tmekelburg1 I can't tell you how many times I have seen it where people thing they can just backup to the cloud and how no idea of what their up band internet speed is. I am starting to see more and more gig packages that are gig up and down which will support things but below that... not a chance!

John-

Re: What is the answer to Ransomware?

Caute_cautim — Mon, 05 Oct 2020 20:30:53 GMT

@JKWiniger @tmekelburg1 Plus I would not reply wholly on the cloud itself, due to latency issues, related bandwidth and consumption charges from some providers.

I think the way we are moving forward, 5G and Edge Computing would be more appropriate and likely to be far cheaper, with less latency and far quicker too.

@rsladeGrandpa is correct on the storage issue, but please ensure your backup regime is encrypted in motion and at rest plus make sure it is thoroughly tested plus a good offsite - yes Tape even encrypted still works very well indeed.

Plus a) Prove to me you have my data b) Or you are a fake

Regards

Caute_cautim

Re: What is the answer to Ransomware?

JKWiniger — Mon, 05 Oct 2020 23:28:37 GMT

@Caute_cautim While I agree the 5G does hold some promise it seems like it is still a ways away. There are still not many 5G devices on the market yet, and although I have seen Verizon offering 5G home internet the infrastructure just doesn't seem to be there yet. And although tapes will always be a great solution they are not with out their problems. One place I worked many years ago, what a mess, when I got there backups consisted of a hand full of takes on someone's desk that randomly got used. So basically I started from scratch! They didn't like the 5-10k I said I needed just for tapes! hahah I setup their first Iron Mountain contract... But where it bit me in the but is that I wasn't testing the backups, sure I got a full fiber channel system working that they were stuck on and had a library system running for many machines, but it only takes that on to find out that you had a bad tape head that showed no errors or problems, but failed when you tried to restore! Moral to the story.. test you back ups!

John-