cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

What is the answer to Ransomware?

Hi All

 

So exactly what is the answer to Ransomware ?

 

https://www.zdnet.com/article/ransomware-is-the-biggest-problem-on-the-web-this-big-change-could-be-...?

 

1)  Cyber-insurance company position - pay it - here is the money in bitcolin.

 

2)  Cyber-criminal - thank you - I think we will do this again.....   Lovely

 

3)  Now what would happen if paying Ransomware demands was made illegal?     Would that work?

 

4)  Is it enforceable? 

 

Your thoughts?

 

Regards

 

Caute_cautim

 

 

20 Replies
rslade
Influencer II

> Caute_cautim (Community Champion) posted a new topic in Industry News on

>   So exactly what is the answer to Ransomware ?

Backups. Make a backup. Make multiple types of backup.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Open source should be about giving away things voluntarily. When
you force someone to give you something, it's no longer giving,
it's stealing. Persons of leisurely moral growth often confuse
giving with taking. - Larry Wall
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

@rsladeI agree, that is an obvious move, but also to have your incident Response playbooks up to date, PR media communications ready to go.  Plus make sure your hygiene levels are good.

 

However, this will not stop the current practices extorted by the cyber criminals.

 

Why should we allow them to actually do this against society and organisations and carry on doing it?

 

Regards

 

Caute_cautim

rslade
Influencer II

> Caute_cautim (Community Champion) mentioned you in a post! Join the conversation

>   Why should we allow them to actually do this
> against society and organisations and carry on doing it?

Natural selection? Evolution in action? Thinning the herd?

(Anyway, I'm getting tired of discussing ransomware, when most of the attacks
these days are actually breachstortion ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
To define recursion, we must first define recursion.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Caute_cautim
Community Champion

@rsladeSo what you are asking is it merely conjecture that they have been breached, i.e. prove it is real?

 

Or you are pointing out the game that is being played out.

 

https://www.ckd3.com/blog/breachstortion

 

Regards

 

 

Caute_cautim

 

 

CISOScott
Community Champion

So it should be a multi-prong effort.

1) Recovery -Backups

2) Prevention - Awareness training

3) Detection - Antivirus/Antimalware

4) Prevention - Secure design

Just doing one action alone won't be very effective.

We have a vendor in the US that is running a commercial claiming their product protects you from the ransomware virus. It irks me every time I hear it. I know they only have 30 seconds to try to sell their product so they are dumbing it down for the consumer but I feel it is counterproductive as it makes the customer think that ransomware is just a virus so it should be caught by the antivirus product and they can click away without worry of it infecting themselves.

I think it will eventually evolve into everything being clicked on going into a sandbox to be unpackaged and evaluated before being returned to the user. 

JKWiniger
Community Champion

@rslade

 

It's been on my list to look into, but maybe you have the answer, I have heard that some ransomware can hit backups. I am guess these would be near line backups connect as a share. So any idea what types of backups ransomware can and cannot get too?

 

John-

tmekelburg1
Community Champion

Speaking of which...

 

Cyberattack hobbles major hospital chain's US facilities

 

https://www.uhsinc.com/statement-from-universal-health-services/

 

Universal Health Services, Inc. Reports Information Technology Security Incident 

 

"No patient or employee data appears to have been accessed, copied or misused"

 

I'm going to guess at this point they have no idea. Can't wait to read the OCR corrective action plan on this.

rslade
Influencer II

> JKWiniger (Contributor III) mentioned you in a post! Join the conversation

>   It's been on my list to look into, but maybe you have the answer, I
> have heard that some ransomware can hit backups. I am guess these would be near
> line backups connect as a share. So any idea what types of backups ransomware
> can and cannot get too?

As usual, convenience is the enemy of security. Yes, constantly connected,
constantly updating backups are going to be subject to ransomware attacks. So,
intermittent, stored offline types of backups are going to be less subject to those
attacks. Removeable (and then stored elsewhere) media is going to be best.
Incovenient, yes, but safer.

There used to be an attack called data diddling. It was never very prevalent, but it
was particularly insidious. It made small mofidications (errors) to data
incrementally over time. If you couldn't detect it, it would affect any kinds of
backups, too. But that isn't what modern ransomware does.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
It is not the strongest of the species that survives, nor the
most intelligent, but the ones most responsive to change.
- Charles Darwin.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
JKWiniger
Community Champion

@rslade 

 

It's kind of what I thought. It would be interesting is they malware gateway for backups. I mean it wouldn't be very hard to do, allow data to be pulled from behind it and don't allow any kind of push.. kind of like making backups read only if you will..

 

As for the old malware.. I so get it.. there was a time I have an old x286 that I wanted to use for all the viruses I collected just to see the payloads, you know when viruses where cool, like RedX, Vadar, and dropper.. sadly never seemed to have the time.. to busy rebuilding corrupt double space drives and getting the boot sectors back from.. umm was in the money virus? Can't remember the names...

 

Yes, I'm old.. I remember going to computer show in high school and getting the latest vscan on 3.5..

 

It was funny this one show was setup around the edges of a pool! and batch then the surcharge to use a CC.

 

ya 2600 wasn't just a magazine, it was the other name for captain crunch and the crystal I put in my tone dailer I used at Woodstock.. wait what who say that?!?! hahah

 

John-