![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneEarly ransomware attacks were simple extortion. You open an infected email attachment, and it either contained the malware or downloaded the malware and it exploited your network and encrypted the network and demanded a ransom to get your data back.
Then the attackers got more sophisticated and hands-on involved.
The malware loaded a bunch of zero-day exploits, that is, attacks that were unknown or unpatched by operating system vendors, and thus undefended. This allowed the attackers full access to networks for an extended period of time. So they found valuable data, exfiltrated it to their GQ, THEN encrypted the servers that they had control over and demanded a ransom.
And part of the ransom demand was that you pay us to get your data back or you might not only face loss of your information, but you might also face us posting your data online or selling it to competitors.
The normal defense against ransomware has been good procedures for backups and recovery, and we used to think that was good enough. We could get our systems back: reformat, install a new copy of the operating system, patch, reload the data. Time consuming, but it's actually faster than unencrypting files because encryption/decryption is a very time-consuming process.
But the criminals are now posting internal corporate documents on public web servers, saying Company X didn't pay, they rebuilt their infrastructure without giving us a dime so here's their information.
This is obviously going to have potentially serious GDPR consequences in Europe, we'll see how it plays out over here, especially if no customer notification took place and if credit card information was involved.
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Then the attackers got more sophisticated and hands-on involved.
The malware loaded a bunch of zero-day exploits, that is, attacks that were unknown or unpatched by operating system vendors, and thus undefended. This allowed the attackers full access to networks for an extended period of time. So they found valuable data, exfiltrated it to their GQ, THEN encrypted the servers that they had control over and demanded a ransom.
And part of the ransom demand was that you pay us to get your data back or you might not only face loss of your information, but you might also face us posting your data online or selling it to competitors.
The normal defense against ransomware has been good procedures for backups and recovery, and we used to think that was good enough. We could get our systems back: reformat, install a new copy of the operating system, patch, reload the data. Time consuming, but it's actually faster than unencrypting files because encryption/decryption is a very time-consuming process.
But the criminals are now posting internal corporate documents on public web servers, saying Company X didn't pay, they rebuilt their infrastructure without giving us a dime so here's their information.
This is obviously going to have potentially serious GDPR consequences in Europe, we'll see how it plays out over here, especially if no customer notification took place and if credit card information was involved.
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
no subject
Date: 2019-12-17 10:29 pm (UTC)