Ransomware gang extorts jet maker Bombardier

[Bill-Higdon]

Ransomware gang extorts jet maker Bombardier after Accellion breach

Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data.

www.bleepingcomputer.com

 

[pwood66889]

Local school system also "Paid the Piper." Surprising how many outfits still have these problems. The Second you hear of difficulties, get another piece of software! Yeah, I did IT for a year or so...

 

[Vigilant1]

Though the situation remains murky, there's a recent move by the US Treasury to make it illegal to pay these ransoms or to facilitate the payment of ransoms (which itself is an industry). Apparently it would depend on which group is demanding the payment, though I can't imagine it is easy for anyone to know that information. More here:Is It Illegal to Pay Ransomware? | P&N

 

[Pilot-34]

Ransomware gang extorts jet maker Bombardier after Accellion breach

Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data.

www.bleepingcomputer.com

OK interesting but did you have a point, some sort of comment do you wanted to make ?

 

[Yellowhammer]

Though the situation remains murky, there's a recent move by the US Treasury to make it illegal to pay these ransoms or to facilitate the payment of ransoms (which itself is an industry). Apparently it would depend on which group is demanding the payment, though I can't imagine it is easy for anyone to know that information. More here:Is It Illegal to Pay Ransomware? | P&N

As long as our government would go out and prosecute and bring these criminals to justice folks might opt not to pay the ransom.

 

[Yellowhammer]

Last year several of our area school districts were held for ransom. Not sure what all happened but I am glad we didn't have to deal with it at my school !

 

[Bill-Higdon]

OK interesting but did you have a point, some sort of comment do you wanted to make ?

Yes they got caught with their pants down

 

[Hephaestus]

I'm sure the canadian government will bail them out on that too...

Oh sorry, did I say that out loud?

 

[Pilot-34]

Are you would think with the creator of the Internet would have some sort of responsibility for that?

 

[pwood66889]

Like I say, I did IT for a bit. Moved on to Aircraft Mechanic, but did retain a lot of good stuff.
Firstly; security comes first by locking the front door. It should serprize no one at the number of networks that are left plugged all the time.
Second - know your traffic! There has been enough cheap disks over the last 2 decades to back stuff up as things happen. Then when it dies, one has chapter and verse.
Finally; most IT troops are fighting todays fires, and studying for that next Micro$oft or whom-ever test they have to pass to keep their job, to really look at "What's happening now." Just a shout out to what is probably coming to a computer near you.

 

[Pilot-34]

I suppose what you say is true but it just doesn’t seem right why should I have to lock my door I’ve never understood that? Instead why isn’t there a way to trace back these ransom where people why isn’t there an affective inner net police force

 

[Hephaestus]

Are you would think with the creator of the Internet would have some sort of responsibility for that?

I for one blame al gore

I suppose what you say is true but it just doesn’t seem right why should I have to lock my door I’ve never understood that? Instead why isn’t there a way to trace back these ransom where people why isn’t there an affective inner net police force

Or restore just restore the system to the day before's backups, pre-infection.

Apparently backups aren't a thing anymore?

 

[Kyle Boatright]

Or restore just restore the system to the day before's backups, pre-infection.

Apparently backups aren't a thing anymore?

How long do you keep backups and how far back does the infection go? You may have a month old backup, but it doesn't have the last month's work, and everything newer is corrupted. Rock meet hard place.

 

[AdrianS]

I for one blame al gore


Or restore just restore the system to the day before's backups, pre-infection.

Apparently backups aren't a thing anymore?

The 'best' ransomware stays dormant for a while - long enough to ensure your recent backups are also encrypted.
How many month's data are you prepared to lose?

 

[Hephaestus]

Ah, never had the pleasure - but you'd think if the backups were being encrypted leading up to the hijack - that would setoff alarms... Because you'd want to check the integrity of the backup as part of the backup process no?

 

[dlkjrice]

Are you would think with the creator of the Internet would have some sort of responsibility for that?

That's like saying the person who invented banks should reimburse for all bank robberies. Guy who invented cars should pay for all car thefts. Yadda, yadda, yadda. You get my point.

 

[spaschke]

The 'best' ransomware stays dormant for a while - long enough to ensure your recent backups are also encrypted.
How many month's data are you prepared to lose?

you don't have to lose anything but the $ it takes to pay employees to restore data to a sandbox, check for the virus, do a diff on the data and save or print off the differences. Go back another day/week, check again and so on until the virus is not found, then put the data differences in the cleanly restored system. The problem is it could cost more than the ransom.

 

[AdrianS]

Ah, never had the pleasure - but you'd think if the backups were being encrypted leading up to the hijack - that would setoff alarms... Because you'd want to check the integrity of the backup as part of the backup process no?

Most ransomeware encrypts the data when its stored to disk/backup, and decrypts it when it's read.
The victim usually only finds out when it stops decrypting.

 

[pwood66889]

One large difficulty is that most backups are stored but not checked. One place I heard of had special machines that did nothing but run restored backups! If your data was encrypted when stored, the runs from backup would show that pretty quick! Of course, the OS build on the checking machine is pristine.
There had been a place that religiously did backups. Then, when they needed one, they found out the tape drive they used did not write!
I have said "Work, like matter/energy, is conserved. It tales so much work - the variable is who does it!" And what the costs are if not accomplished.

 

[Hephaestus]

One large difficulty is that most backups are stored but not checked.

Clearly we knew what we were doing with tape reels when I was a young pup.

Probably why I'm confused - would have thought there would be a verification process involved.