uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
Thread Tools Search this Thread
05-09-2019, 18:51   #1
Registered User
Join Date: Sep 2013
Posts: 1,642
The Ransomware epidemic

About 40 ‘local authorities’ in TX and FL have been ransomwared over the past few weeks, as have about 400 dental practices. There seem to be links in terms of using service providers whose systems have been ransomwared according to Steve Gibson’s latest show on TWIT TV.

RaaS – ramsomware as a service is becoming a bigger risk. RaaS providers sell exploits to distributors who take around 60% of the funds stolen (usually via cyber currencies). The other 40% goes to the RaaS platform operator. Steve thinks RaaS platforms are disappearing and being re-branded.

Gibson thinks that operating systems should be more proactive in stopping ransomware from encrypting files. He suggests a white list of applications that the operating system will permit to perform encryption. I would probably add compression apps, as they render the file unusable unless the victim has the knowledge and software to decompress. It seems to me that software vendors are relying on their ‘shrinkwrap’ terms and conditions in an attempt to contract themselves out of product liability. Something which would be impossible to do in most jurisdictions if they were selling hardware.

He also suggests that people should keep ransomware backups on site, in a separate system from ‘normal’ backups for archival and for system restoration after an event such as a fire or other failure. The idea of the ransomware backup is that it is created at least daily. I’ve been using an SSD drive with a USB-C connector to make fast backups of my workstation. When it comes to the crunch, and the ransom is demanded, many IT departments seem to opt to pay the ransom, rather than bearing the risks and cost of restoring the system. It seems to me that backup procedures (and restoration) will have to become far more bulletproof. Obviously it is more challenging in a real-time transaction based environment (than backing up a workstation). Ransom payments are funding a nasty industry.

Planning should be based on 'when' a thing happens, not 'if'.

Perhaps one option would be to run one or more front end systems to service staff and online web transactions, and keep mirrored offline ‘gospel’ systems in the background. Periodically updating the gospel systems during the day with believed to be good movement data?

Gibson is coming to Dublin and Gothenburg (which he has difficulty pronouncing – ie Göteborg)
on 24.9.2019 (GOT: 26.9.2019)
Impetus is offline  
(2) thanks from:
10-09-2019, 21:01   #2
Registered User
Join Date: Mar 2004
Posts: 2,739
It was a good episode. He's an interesting bloke, hope I can make the Dublin event to hear him pitch SQRL to the OWASP members.
edanto is offline  
Post Reply

Quick Reply
Remove Text Formatting

Insert Image
Wrap [QUOTE] tags around selected text
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Share Tweet