(Associated Press) Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.
An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.
They reported ransom demands of up to $5 million.
The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though “the scale of this incident may make it so that we are unable to respond to each victim individually.”
Deputy National Security Advisor Anne Neuberger later issued a statement saying President Joe Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.
Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved. more here
An example of Biden’s response. “Stop it, you dog faced commie soldiers”.
Jackass Joe and BFI:
A moron hanging of the side of a Mack trash truck checking dumsters for hackers…
…so, he’s going to put our etiolated lesbian army up against Putin’s warriors?
https://twitter.com/i/status/1395093475230724103
…good luck with that…
Guess all those “I’m a Nigerian prince” email scams weren’t paying off….
…this is why all the critical process tool computer systems I manage have NO physical connection to the Internet unless I am physically present and made prior arrangements with an OEM to remote a system for a specific purpose, and even then it’s a VPN tunneling all the way.
There is NO firewall that works but an AIR firewall.
Period.
I don’t know if this group put out the EvilLocker ransomware a couple of years ago, but that one was kind of interesting. We had a subsystem that some third shift guy connected to the Interwebs to surf porn, and it locked most of the executables up tighter than a Chinese prison. This system had a separate storage for automatic backup, but EvilLocker also propagates to ALL mapped drives, so it followed it out and got those too.
It’s interesting because it changes the file extensions of encrypted files to .EVIL.
…because I’m not an idiot, I had OFFLINE backups too, so we trashed that system and I spun up a clean one. We lost maybe a week of the 5 years of records and had physical recordings of those, so it wasn’t the end of the world, we were back up later on the following shift.
It is the height of stupidity to actually PAY the ransom.
For one thing, THEY DID THE DAMAGE IN THE FIRST PLACE. Are you going to trust them to FIX it?
For another, you’re sending money BLIND. What are you gonna do if you get nothing in return, give them a bad review on Angie’s List?
Third, they wrecked your shit after your best efforts to keep them OUT. What do you think they’re gonna do if you INVITE THEM IN and WILLINGLY suspend your security to install whatever they give you FOR them?!?
Unplug and frequent offline backup. It’s the only REAL protection.
And if you have asshole foreign owners that want to see your processes from another country so they can tuck into their kippers while being able to bitch in real time about downtime like I do, there’s a number of “productivity displays” (Vorne makes a nice one) where you can hardwire IO bridge data to externally accessible IT systems with ZERO possibility of any external access in the other direction.
As to your employees, ANY computer you put on a floor around lightly supervised shift employees WILL be used to access porn if at all possible.
Kiosk those systems.
Have NO internet facing portal on them.
And make sure everyone KNOWS there’s no Internet.
Don’t expect Management to help, tho, if they’re minorities or Muslims.
…you know why…
Russia… Russia… Russia !!! Haven’t we all heard this before?
Just like the dot-indians who invade my home to sell me sh1t I do not need, these ransomware crooks are just another flavor of terrorist.
War on terror, anyone?
I type all my company invoices on a Typewriter with multi colour paper.
White to Customer
Yellow to Accountant
Pink for the Customer’s Ass Hole just in case they don’t pay the white copy.
The system works, the Unit never gets a virus, the 82 year old owner can find anything in 10 seconds, and we have 3 backups just in case a Typewriter takes a Biden in its pants.
Go Ahead laugh at me!
Why is it legal to pay ransom? Ban it and cut off Russian internet access to America. Make the Russians lose money on lost sales and make it the Russian government’s problem if they want to do business with the capitalists again.
BFI probably hacked it, or any of the other alphabet soup organizations. Had to keep idle hands busy without fake dossiers to gin up.