Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

The Ransomware epidemic

Options
  • 05-09-2019 6:51pm
    #1
    Impetus
    Registered Users Posts: 1,667 ✭✭✭


    About 40 ‘local authorities’ in TX and FL have been ransomwared over the past few weeks, as have about 400 dental practices. There seem to be links in terms of using service providers whose systems have been ransomwared according to Steve Gibson’s latest show on TWIT TV.

    RaaS – ramsomware as a service is becoming a bigger risk. RaaS providers sell exploits to distributors who take around 60% of the funds stolen (usually via cyber currencies). The other 40% goes to the RaaS platform operator. Steve thinks RaaS platforms are disappearing and being re-branded.

    Gibson thinks that operating systems should be more proactive in stopping ransomware from encrypting files. He suggests a white list of applications that the operating system will permit to perform encryption. I would probably add compression apps, as they render the file unusable unless the victim has the knowledge and software to decompress. It seems to me that software vendors are relying on their ‘shrinkwrap’ terms and conditions in an attempt to contract themselves out of product liability. Something which would be impossible to do in most jurisdictions if they were selling hardware.

    He also suggests that people should keep ransomware backups on site, in a separate system from ‘normal’ backups for archival and for system restoration after an event such as a fire or other failure. The idea of the ransomware backup is that it is created at least daily. I’ve been using an SSD drive with a USB-C connector to make fast backups of my workstation. When it comes to the crunch, and the ransom is demanded, many IT departments seem to opt to pay the ransom, rather than bearing the risks and cost of restoring the system. It seems to me that backup procedures (and restoration) will have to become far more bulletproof. Obviously it is more challenging in a real-time transaction based environment (than backing up a workstation). Ransom payments are funding a nasty industry.

    Planning should be based on 'when' a thing happens, not 'if'.

    Perhaps one option would be to run one or more front end systems to service staff and online web transactions, and keep mirrored offline ‘gospel’ systems in the background. Periodically updating the gospel systems during the day with believed to be good movement data?

    https://www.youtube.com/watch?v=AHCnapXR6dU

    Gibson is coming to Dublin and Gothenburg (which he has difficulty pronouncing – ie Göteborg)
    on 24.9.2019 (GOT: 26.9.2019)
    https://www.eventbrite.ie/e/owasp-dublin-presents-steve-gibson-sqrl-secure-quick-reliable-login-tickets-66993761143


Comments

  • Options
    #2
    edanto
    Registered Users Posts: 2,809 ✭✭✭edanto


    It was a good episode. He's an interesting bloke, hope I can make the Dublin event to hear him pitch SQRL to the OWASP members.


Advertisement