> chogan (Newcomer I) posted a new reply in Industry News on 09-30-2020 07:20 PM

> When all ransomware did was encrypt your files, restore from backup was the easy
> answer.  Now that they upped their game by exfiltrating your data and
> threatening to make it public if you don't pay, we are seeing more victims
> resorting to paying the ransom in exchange for the "certificate of
> destruction".

The fact that everyone is reporting this as "ransomware" really gets my goat.
Everybody is always careless with malware terminology, and not only is extracting
data and then threatening to release it not ransomware, it doesn't even involve
malware of any kind.

I've heard some people call it breachstortion, which is kind of tortured, but
ransomware it isn't.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Q. What is the difference between a computer salesman and a used
car salesman?
A. A car salesman knows how to drive, and knows when he's lying.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

@rsladeSay that again and again to the Cyber security insurance who are exasperating the situation, by being called in and immediately paying the Bitcoin ransomsome. 

 

Just make it illegal to pay the ransom, and it will soon die out.

 

Regards

 

Caute_cautim

@rsladeWell here is one answer - warn organisations about the tax implications of paying the ransom.

 

https://www.securityweek.com/treasury-department-warns-ransomware-payment-facilitators-legal-implica...

 

Regards

 

Caute_cautim

---

@Caute_cautim wrote:

Say that again and again to the Cyber security insurance who are exasperating the situation, by being called in and immediately paying the Bitcoin ransomsome. 

 

Just make it illegal to pay the ransom, and it will soon die out.

 

---

To be a devil's advocate, it's not your business that's about to go under or patient's safety at risk. Is it the best decision in the big picture of fighting back against these threats? I'd say it's not but we have that luxury with our 30,000 foot view. 

 

Now, should we have corrective action plans implemented and enforced by government regulators for companies that opt to have cyber liability insurance pay the ransom? I absolutely believe so. There definitely should be some kind of accountability for going down that route.

@tmekelburg1There we are discussing and then all of a sudden another guide is published:

 

https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf

 

What do you think of this one?

 

Regards

 

Caute_cautim

---

@Caute_cautim wrote:

@tmekelburg1There we are discussing and then all of a sudden another guide is published:

 

https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf

 

What do you think of this one?

---

I think it's a great guide to go through to double check your current plan. You could easily divide the prevention section up and send to the different system admins within the organization. This also reinforces what @rslade said about offline backups. 

 

Something else that came to mind that we had this issue on. Make sure your data pipe is big enough for Cloud backups to meet your maximum tolerable downtime (MTD) and the timeframe on shipping a recovery drive. Make sure they ship on weekends and not just business days (yes, it's surprisingly a thing written in very small print at the bottom of the contract).

@tmekelburg1 I can't tell you how many times I have seen it where people thing they can just backup to the cloud and how no idea of what their up band internet speed is. I am starting to see more and more gig packages that are gig up and down which will support things but below that... not a chance!

 

John-

@JKWiniger @tmekelburg1    Plus I would not reply wholly on the cloud itself, due to latency issues, related bandwidth and consumption charges from some providers.

 

I think the way we are moving forward, 5G and Edge Computing would be more appropriate and likely to be far cheaper, with less latency and far quicker too.

 

@rsladeGrandpa is correct on the storage issue, but please ensure your backup regime is encrypted in motion and at rest plus make sure it is thoroughly tested plus a good offsite - yes Tape even encrypted still works very well indeed.

 

Plus a) Prove to me you have my data  b) Or you are a fake

 

Regards

 

Caute_cautim

@Caute_cautim While I agree the 5G does hold some promise it seems like it is still a ways away. There are still not many 5G devices on the market yet, and although I have seen Verizon offering 5G home internet the infrastructure just doesn't seem to be there yet. And although tapes will always be a great solution they are not with out their problems. One place I worked many years ago, what a mess, when I got there backups consisted of a hand full of takes on someone's desk that randomly got used. So basically I started from scratch! They didn't like the 5-10k I said I needed just for tapes! hahah I setup their first Iron Mountain contract... But where it bit me in the but is that I wasn't testing the backups, sure I got a full fiber channel system working that they were stuck on and had a library system running for many machines, but it only takes that on to find out that you had a bad tape head that showed no errors or problems, but failed when you tried to restore! Moral to the story.. test you back ups! 

 

John-