Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsHas anyone had any experience with the Black kingdom ransomware?
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
Hatch

797 posts

Ultimate Geek


  #2678696 22-Mar-2021 17:35
Send private message

I’m sorry everyone, I have no sway in IT matters. The current guy (and it is just a guy) has a lot of trust with the organisation.
Not wanting to be defeatist, there’s nothing much I can do.

I mentioned to someone in authority that I had read that Microsoft had issued urgent patches a week or so ago and the conversation really went nowhere.




networkn
Networkn
32353 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2678703 22-Mar-2021 17:41
Send private message

Hatch: I’m sorry everyone, I have no sway in IT matters. The current guy (and it is just a guy) has a lot of trust with the organisation.
Not wanting to be defeatist, there’s nothing much I can do.

I mentioned to someone in authority that I had read that Microsoft had issued urgent patches a week or so ago and the conversation really went nowhere.

 

Unfortunately, I suspect you are in for more pain then I'm sorry. Buckle in, it's gonna get bumpy. Sorry I can't be more encouraging. Perhaps management might need to learn the hard way, it works that way sometimes.

 

Sorry for your trouble.

networkn
Networkn
32353 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2678706 22-Mar-2021 17:44
Send private message

Hammerer:

 

Hatch:

We’ve been told that the likely culprit for our security breach is someone opened a ransomware file.......

 

The culprit is the ransomware "publisher".

 

I hope your organisation isn't actually labeling a staff member as "the culprit" of the security breach. A culprit commits an illegal or evil deed. That is not a term that should be used for an inadvertant mistake even if it is negligent or doesn't follow the prescribed procedures.

 

 

 

 

We encourage our customers to not take a puniative approach to security breaches. In our experience, it stops people from admitting issues, difficult to detect at times, which puts the organization at risk.

 

We encourage customers to take a "how can we do this better next time" approach instead. A person feeling like they might get in trouble, may not be entirely forthcoming about the extent of the mistake they made, making tracking the full width and breadth of a breach difficult.

 

 



sparkz25
750 posts

Ultimate Geek
Inactive user


  #2678711 22-Mar-2021 17:49
Send private message

networkn:

 

Hatch: I’m sorry everyone, I have no sway in IT matters. The current guy (and it is just a guy) has a lot of trust with the organisation.
Not wanting to be defeatist, there’s nothing much I can do.

I mentioned to someone in authority that I had read that Microsoft had issued urgent patches a week or so ago and the conversation really went nowhere.

 

Unfortunately, I suspect you are in for more pain then I'm sorry. Buckle in, it's gonna get bumpy. Sorry I can't be more encouraging. Perhaps management might need to learn the hard way, it works that way sometimes.

 

Sorry for your trouble.

 

 

Sounds like the IT Guy ignored all the messages or hadn't read the news over the last few weeks.

 

As Networkin has mentioned, you could be in for a bumpy rollercoaster ride, Good Luck

xpd

xpd
Geek @ Coastguard NZ
13768 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2678818 22-Mar-2021 21:04
Send private message

Or he just dosent have enough experience to understand exactly what the exploits were doing. 

 

If you get on with your boss, maybe suggest that the tech guy gets signed up to some mailing lists etc - but by sounds of it, he just gets called in when needed so he may not check his email that often for it to be worthwhile.

 

 




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 

michaelmurfy
meow
13257 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2678882 22-Mar-2021 23:51
Send private message

Hatch: I’m sorry everyone, I have no sway in IT matters. The current guy (and it is just a guy) has a lot of trust with the organisation.
Not wanting to be defeatist, there’s nothing much I can do.

I mentioned to someone in authority that I had read that Microsoft had issued urgent patches a week or so ago and the conversation really went nowhere.

 

That really sucks to hear but good on you for taking that step to mention the exploit it in the first place.

 

Seeing you have not mentioned the company you work for, or the IT company on here it could be maybe worth showing this thread to your boss - likely not going to do anything, but you've got a whole bunch of industry professionals basically saying you need to shift to cloud based email (Office 365 or similar) along with ensuring patching + Windows Updates occur frequently. I work for a large corporate and we have to apply Microsoft patches all the way to Production within 48 hrs from Microsoft releasing them - being a large corporate you can imagine how many 100's of servers needs patching. Your IT guy can handle 1 if I can handle the 80 assigned to me in a single night :)

 

I know you won't say but it sounds like you may have some older equipment (Windows Server 2008 R2 / Exchange 2010 / Windows 7) still up and running which is a huge risk for the business and all customers as a whole. Disclose that you got compromised to CERT + your customers (this is a requirement I believe) and be prepared for a bumpy ride.

 

Furthermore - self-hosting Exchange especially on an ISP often leads to email delivery problems which is bad for business email :)




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

richms
28189 posts

Uber Geek

Trusted
Lifetime subscriber

  #2678885 23-Mar-2021 00:17
Send private message

TBH if that is their attitude to one of the most critical business requirements, I would be looking for another job because this could be the straw that breaks the customers trust in the place.

 

Another thing, Any personal service you have logged into from work, or have used works email as a way to reset the password need to be taken care of before they start to go thru the dumps they will have taken from the server before destroying it.

 

Once they are onto the dump, they will register a similar domain name and start emailing customers with requests to pay new accounts, get customers to open malware "invoices" that they were not expecting with a template that looks exactly like ones that have been sent from the business in the past, and all sorts of other nasty things to try to get more people to let them into their systems.

 

 




Richard rich.ms

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
freitasm
BDFL - Memuneh
79294 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2678932 23-Mar-2021 08:41
Send private message

Office of the Privacy Commissioner | Privacy breaches

 

"Under the Privacy Act 2020, if your organisation or business has a privacy breach that is likely to cause anyone serious harm, you must notify the Privacy Commissioner and any affected people as soon as you are practically able."

 

AskUs | Article | Do we have to report privacy breaches? | Office of the Privacy Commissioner

 

"You may also have obligations to report the privacy breach to other organisations. You should definitely report the breach to your organisation's privacy officer, and you may also have contractual and professional obligations to report the breach to other parties. If the incident involves computer systems, then you should report the incident to CERT NZ. If the incident involves the possibility of identity theft, you should contact IDCare."

 

If as the result of this breach there could be some personal information compromised (and this means a lot of things in this context) then your company must report or otherwise be fined. 




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

Jogre
182 posts

Master Geek


  #2678941 23-Mar-2021 08:50
Send private message

Hatch: I’m sorry everyone, I have no sway in IT matters. The current guy (and it is just a guy) has a lot of trust with the organisation.
Not wanting to be defeatist, there’s nothing much I can do.

I mentioned to someone in authority that I had read that Microsoft had issued urgent patches a week or so ago and the conversation really went nowhere.

 

Trust within the organisation or knows the owner personally and catches up for golf every second Tuesday?

 

The number of advisories about the vulnerability are staggering so there's no excuse and as mentioned, blaming staff is really not on and is the sign of a weak personality/lack of professionalism. Any breaches we're involved in that result from staff clicking on something is an opportunity for training and improvement not finger-pointing. As Security partners, that's our failure to train and patch.

xpd

xpd
Geek @ Coastguard NZ
13768 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2678955 23-Mar-2021 09:06
Send private message

I think everyone has said what needs to be said, only thing you can do now, is hope this is a wake up call for the boss and some changes are made.

 

 

 

Along those lines....

 

Years ago, I used to look after a small companies office, they were concerned about losing data etc - they had an old PC in a corner doing nothing so I set it up as a basic file server and backup system.

 

In the past couple of years, I got a call asking for assistance because they got hit by ransomware - told them to tell the IT guy they were using to check the backup drive etc. 

 

Thats when they told me. 

 

The "server" had died a year earlier and they hadn't told me although I had been in touch for other issues.

 

Thankfully the database system they used had been copied to another PC in the office and that system had not been turned on in a week, so they ended up only losing a weeks work. 

 

They now work in the cloud. 

 

 




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 

Jogre
182 posts

Master Geek


  #2679040 23-Mar-2021 10:24
Send private message

Had a similar one, walked into business to pitch for managed IT support. Currently done by friend of boss. HP server sitting in plain view, failed HDD lights on 2 of the 5 disks. Offered to get HP to resolve without obligation, was told IT guy all over that. Went and saw them a month later and was taken outside and was quietly told they were recovering from a major outage with no backups available...

1101
3122 posts

Uber Geek


  #2679281 23-Mar-2021 14:17
Send private message

We all all making alot of assumptions here . We only have hearsay from someone who isnt directly involved

It could be the IT guy hand his hands tied by customer reluctance to spend money until things break
It could have been system on its knees & unpatchable , I know of 'servers' made from old PC's(yes) and in a barely usable state
I have Clients who ignore all advice .

 


we dont know for sure that this was caused by unpatched exchange .
we dont know if IT was under any sort of support contract .

richms
28189 posts

Uber Geek

Trusted
Lifetime subscriber

  #2679450 23-Mar-2021 17:30
Send private message

1101:

 

we dont know for sure that this was caused by unpatched exchange .
we dont know if IT was under any sort of support contract .

 

 

It happened. Therefore the person providing IT services failed.

 

If the place will not spend on correct infrastructure the only solution is to fire them as a client and let them go on their own.




Richard rich.ms

xpd

xpd
Geek @ Coastguard NZ
13768 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2679812 24-Mar-2021 12:44
Send private message

Microsoft have released a patch tool ......... 

 

https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/

 

 




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 

1101
3122 posts

Uber Geek


  #2680211 25-Mar-2021 10:52
Send private message

richms:

 

If the place will not spend on correct infrastructure the only solution is to fire them as a client and let them go on their own.

 

 

Sorry , but that sort of attitude really p*sses me off.
Its a service, not a dictatorship.

 

What happened to do the best you can within their budget .
What happened to help them as much as poss, give advice, try to steer them in the right direction. Even if all advice is ignored
What happened to Help them when it all falls over completely (thats when IT will make the money from the client).
What happened to I'll do what I can , on your terms , rather than F you go somewhere else

Ive had to deal with that sort of nightmare IT attitude , from both sides of the fence .

1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright