Ransomware gang extorts jet maker Bombardier

Homebuilt Aircraft & Kit Plane Forum

Help Support Homebuilt Aircraft & Kit Plane Forum:

pwood66889

Well-Known Member
Joined
Feb 10, 2007
Messages
1,937
Location
Sopchoppy, Florida, USA
Local school system also "Paid the Piper." Surprising how many outfits still have these problems. The Second you hear of difficulties, get another piece of software! Yeah, I did IT for a year or so...
 

Vigilant1

Well-Known Member
Lifetime Supporter
Joined
Jan 24, 2011
Messages
6,796
Location
US
Though the situation remains murky, there's a recent move by the US Treasury to make it illegal to pay these ransoms or to facilitate the payment of ransoms (which itself is an industry). Apparently it would depend on which group is demanding the payment, though I can't imagine it is easy for anyone to know that information. More here:Is It Illegal to Pay Ransomware? | P&N
 
Last edited:

Pilot-34

Well-Known Member
Joined
Apr 7, 2020
Messages
1,298
Location
Most of me is in IL but my hearts in Alaska

Yellowhammer

Well-Known Member
HBA Supporter
Joined
Feb 21, 2020
Messages
559
Location
Born In Alabama, reside: Louisiana (unfortunately)
Though the situation remains murky, there's a recent move by the US Treasury to make it illegal to pay these ransoms or to facilitate the payment of ransoms (which itself is an industry). Apparently it would depend on which group is demanding the payment, though I can't imagine it is easy for anyone to know that information. More here:Is It Illegal to Pay Ransomware? | P&N


As long as our government would go out and prosecute and bring these criminals to justice folks might opt not to pay the ransom.
 

pwood66889

Well-Known Member
Joined
Feb 10, 2007
Messages
1,937
Location
Sopchoppy, Florida, USA
Like I say, I did IT for a bit. Moved on to Aircraft Mechanic, but did retain a lot of good stuff.
Firstly; security comes first by locking the front door. It should serprize no one at the number of networks that are left plugged all the time.
Second - know your traffic! There has been enough cheap disks over the last 2 decades to back stuff up as things happen. Then when it dies, one has chapter and verse.
Finally; most IT troops are fighting todays fires, and studying for that next Micro$oft or whom-ever test they have to pass to keep their job, to really look at "What's happening now." Just a shout out to what is probably coming to a computer near you.
 

Pilot-34

Well-Known Member
Joined
Apr 7, 2020
Messages
1,298
Location
Most of me is in IL but my hearts in Alaska
I suppose what you say is true but it just doesn’t seem right why should I have to lock my door I’ve never understood that? Instead why isn’t there a way to trace back these ransom where people why isn’t there an affective inner net police force
 

Hephaestus

Well-Known Member
Joined
Jun 25, 2014
Messages
2,281
Location
YMM
Are you would think with the creator of the Internet would have some sort of responsibility for that?
I for one blame al gore :)

I suppose what you say is true but it just doesn’t seem right why should I have to lock my door I’ve never understood that? Instead why isn’t there a way to trace back these ransom where people why isn’t there an affective inner net police force
Or restore just restore the system to the day before's backups, pre-infection.

Apparently backups aren't a thing anymore?
 

Kyle Boatright

Well-Known Member
Joined
Nov 11, 2012
Messages
1,259
Location
Marietta, GA
Or restore just restore the system to the day before's backups, pre-infection.

Apparently backups aren't a thing anymore?
How long do you keep backups and how far back does the infection go? You may have a month old backup, but it doesn't have the last month's work, and everything newer is corrupted. Rock meet hard place.
 

AdrianS

Well-Known Member
Joined
Jul 5, 2014
Messages
719
Location
Australia
I for one blame al gore :)


Or restore just restore the system to the day before's backups, pre-infection.

Apparently backups aren't a thing anymore?
The 'best' ransomware stays dormant for a while - long enough to ensure your recent backups are also encrypted.
How many month's data are you prepared to lose?
 

Hephaestus

Well-Known Member
Joined
Jun 25, 2014
Messages
2,281
Location
YMM
Ah, never had the pleasure - but you'd think if the backups were being encrypted leading up to the hijack - that would setoff alarms... Because you'd want to check the integrity of the backup as part of the backup process no?
 

dlkjrice

Member
Joined
Mar 9, 2013
Messages
6
Location
Osage, IA
Are you would think with the creator of the Internet would have some sort of responsibility for that?
That's like saying the person who invented banks should reimburse for all bank robberies. Guy who invented cars should pay for all car thefts. Yadda, yadda, yadda. You get my point.
 

spaschke

Well-Known Member
Joined
Oct 24, 2012
Messages
249
Location
Denver, CO
The 'best' ransomware stays dormant for a while - long enough to ensure your recent backups are also encrypted.
How many month's data are you prepared to lose?
you don't have to lose anything but the $ it takes to pay employees to restore data to a sandbox, check for the virus, do a diff on the data and save or print off the differences. Go back another day/week, check again and so on until the virus is not found, then put the data differences in the cleanly restored system. The problem is it could cost more than the ransom.
 

AdrianS

Well-Known Member
Joined
Jul 5, 2014
Messages
719
Location
Australia
Ah, never had the pleasure - but you'd think if the backups were being encrypted leading up to the hijack - that would setoff alarms... Because you'd want to check the integrity of the backup as part of the backup process no?
Most ransomeware encrypts the data when its stored to disk/backup, and decrypts it when it's read.
The victim usually only finds out when it stops decrypting.
 

pwood66889

Well-Known Member
Joined
Feb 10, 2007
Messages
1,937
Location
Sopchoppy, Florida, USA
One large difficulty is that most backups are stored but not checked. One place I heard of had special machines that did nothing but run restored backups! If your data was encrypted when stored, the runs from backup would show that pretty quick! Of course, the OS build on the checking machine is pristine.
There had been a place that religiously did backups. Then, when they needed one, they found out the tape drive they used did not write!
I have said "Work, like matter/energy, is conserved. It tales so much work - the variable is who does it!" And what the costs are if not accomplished.
 

Hephaestus

Well-Known Member
Joined
Jun 25, 2014
Messages
2,281
Location
YMM
One large difficulty is that most backups are stored but not checked.
Clearly we knew what we were doing with tape reels when I was a young pup.

Probably why I'm confused - would have thought there would be a verification process involved.
 
Top