Welcome, Guest. Please login or register.

Author Topic: Ransomware Attacks of 2018  (Read 312 times)

0 Members and 1 Guest are viewing this topic.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 7476
    • www.lscg.net
Ransomware Attacks of 2018
« on: January 14, 2019, 12:50:09 PM »
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4092
Re: Ransomware Attacks of 2018
« Reply #1 on: January 14, 2019, 09:43:50 PM »
One of my buddies spent a couple of weeks over Christmas working night and day on one.  Said it had three extra Trojans and was the worst he had seen.  Apparently someone in the Ohio office clicked something they shouldn't have.  Ransom demand was $190K.
-I'm only here because my flux capacitor is broken.

Offline TexasTechnician

  • Moderator
  • Posts: 370
Re: Ransomware Attacks of 2018
« Reply #2 on: January 15, 2019, 08:17:13 PM »
That is a nasty virus. It would go away if more people backed their data up and refused to pay but that isn't going to happen.

Online Keighlar

  • Moderator
  • Location: New York
  • Posts: 1378
    • Tech II Business Services
Re: Ransomware Attacks of 2018
« Reply #3 on: January 15, 2019, 08:37:14 PM »
That is a nasty virus. It would go away if more people backed their data up and refused to pay but that isn't going to happen.

The problem is that it can lie dormant for over a month so you never know it's there.  When you do go to restore a backup, if you don't have one from far enough back, you're just reinfected.
"And once the storm is over, you won't remember how you made it through, how you managed to survive. You won't even be sure whether the storm is really over. But one thing is certain. When you come out of the storm, you won't be the same person who walked in. That's what this storm's all about."―Haruki Murakam

Offline TexasTechnician

  • Moderator
  • Posts: 370
Re: Ransomware Attacks of 2018
« Reply #4 on: January 16, 2019, 09:33:11 PM »

The problem is that it can lie dormant for over a month so you never know it's there.  When you do go to restore a backup, if you don't have one from far enough back, you're just reinfected.


That is true. Backups can be scheduled and performed and maintained in a manner that would reduce the loss but not too many companies are willing to pay the price for it. I'm sure many more are doing so these days than in the recent past.



Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4092
Re: Ransomware Attacks of 2018
« Reply #5 on: January 19, 2019, 08:52:33 PM »
I've been configuring a dozen new firewalls for weeks.  Deep packet inspection, certificates on all the workstations, GEO-IP blocking, Capture ATP so everything goes up to the sandbox for inspection before it gets to the desktop.  New backup schemes going to the offsite NAS units.  I'm trying to scale down and this crap keeps making more work.
-I'm only here because my flux capacitor is broken.

Offline RATHER BE FISHING

  • Moderator
  • Location: South Texas
  • Posts: 911
Re: Ransomware Attacks of 2018
« Reply #6 on: January 21, 2019, 11:57:14 AM »
I've posted this before but anyone concerned with network vulnerabilities should register and visit www.darkreading.com to get the latest updates on the bad guys. Amazed at how many zero day exploits pop up and how often.
Vertical Comdial Dx80 and  DX120 Voice Mail Repair/Compact Flash Cards
Comdial Debut Compact Flash Cards

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4092
Re: Ransomware Attacks of 2018
« Reply #7 on: January 28, 2019, 07:49:52 PM »
This is from one of my friends over in a medical data center:

"One of our customers was hit on Saturday. We backup many of their servers and replicate that backup to our data center. The credentials of one of their techs was compromised which allowed the bad actor to delete the on prem and our backups of the systems as well. Then they infected the servers. About 105 of the 150 servers were infected before they got it stopped."
-I'm only here because my flux capacitor is broken.