Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Rikkitic

Awrrr
18658 posts

Uber Geek

Lifetime subscriber

#262231 11-Jan-2020 14:44
Send private message

There is an item on RNZ about the Travelex ransomware attack. I have never experienced one, or any other attack, but I am wondering if anyone has? What happened?

 

 





Plesse igmore amd axxept applogies in adbance fir anu typos

 


 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
sqishy
470 posts

Ultimate Geek


  #2390272 11-Jan-2020 15:15
Send private message

They had an unsecured VPN, it encrypts server disk and asks for an unlock code that you only get by paying usually via bitcoin.




Andib
1363 posts

Uber Geek

ID Verified
Trusted

  #2390273 11-Jan-2020 15:15
Send private message

The company I was at back in 2014~ got hit by a variant of cryptolocker which took one of our site offline for a couple of days caused by a user opening a email attachment. Luckily we had pretty good monitoring in place so we picked up on it early and were able to lock down the WAN to prevent it spreading to other sites / our data centers.
We ended up restoring the server from backup (daily off site backups meant at most we lost a couple of days of data) and re-imaging the PCs. 





<# 
       .DISCLAIMER
       Anything I post is my own and not the views of my past/present/future employer.
#>


cyril7
9058 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2390284 11-Jan-2020 16:16
Send private message

Had a school with a Synology who decided they no longer wanted to pay anyone or company for support, rather just use one of the parents.

As a result the Syno never got patched, then the Syno cryptolock hit, immediately it was mentioned in the interwebs I logged into the Syno and immediately realised it was hit. Rang them straight away and told them to just pull the power and don't ask questions.

Luckly it had started on the backup drive first, so only a few main share files had been locked, also lucky I had setup a GDrive backup, so was able to fully recover all list files, without the backup they would have been screwed.

Cyril



freitasm
BDFL - Memuneh
79258 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2390427 11-Jan-2020 19:54
Send private message

sqishy:

 

They had an unsecured VPN, it encrypts server disk and asks for an unlock code that you only get by paying usually via bitcoin.

 

 

This is simplistic and wrong. Yes, an unpatched VPN seems to have been the vector. No the "unsecured VPN" is not responsible for encrypting the server disk, but rather someone had access by exploiting a vulnerability in the unpatched VPN and having the cryptolocker installed.

 

Interesting topic, as just this week I was communicating to someone who had their systems affected and managed to decrypt everything without paying the ransom - basically explained to the bad actor that they were not a business and couldn't afford the amount of money asked. I have screenshots and videos, will post on another thread later.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


networkn
Networkn
32350 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2390428 11-Jan-2020 19:55
Send private message

Prior to a few weeks/months ago, so long as you had good backups, there was really no need to consider paying a ransom. Since Ransomware has become such big business and IT has caught up and is moving toward doing a better job of protecting against it, the criminals have decided that to get around the "if you have a backup they won't pay" by now threatening to release a copy of the data they took when they encrypted. So even if you have a backup, there are some people who will likely need to pay to avoid the release of what could quite possibly be sensitive or privileged information.

 

IT Service Providers are now a big target. There have been some HUGE hits deployed by compromising the MSP/IT Provider, and using the IT providers links to their customers to encrypt the customers. 

 

It's a scary world out there now.


xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2390444 11-Jan-2020 21:04
Send private message

Had one myself on home server, frustrating but I was back up and running in a day or so thanks to regular backups.

 

Deal with them at work occasionally, usually they get in via poor RDP security.

 

 





       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 


nitro
656 posts

Ultimate Geek


  #2390465 11-Jan-2020 23:41
Send private message

work got hit last year (corporate hq overseas). expensive, as it was pegged at roughly $1M/day for 3 weeks.

 

recovered by restoring backups, but the time it took to ensure that all clients all over the world is "secure" before granting network access was a pain in the but.

 

it is real. it has a quantifiable monetary value.

 

 


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
FineWine
2981 posts

Uber Geek

Trusted
Nurse (R)
Lifetime subscriber

  #2390496 12-Jan-2020 10:26
Send private message

CBS 60 minutes in Aug 2019 did a great report on just this topic which I saw when it aired (FTA) on Prime:

 

How cybercriminals hold data hostage... and why the best solution is often paying a ransom

 

Then a side report they did: Ransomware: Prevent your computer from being infected

 

The bit I found interesting is that one victim, Atlanta city, refused to pay the demanded $50,000. Instead, the city spent $20 million to recover on its own.

 

As I have always told all my friends and relatives - backup - backup - backup but the clever crooks can get around that as well by putting in time delay coding so your backups are infected as well.

 

 





Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.


  #2390497 12-Jan-2020 10:40
Send private message

I have first-hand experience of ransomware, & quite a clever one too. Got hit by Gandcrab 5.3 when it was a fresh release & so no decryptor available. This was the first time I'm aware of that the ransomware created an individual encryption algorithym for each infected computer - at that stage a decryptor looked to be a remote possibility. I'm not sure there even is one today.

I was working on my laptop at the time, so was able to minimise the damage but it chewed up some 300GB between my laptop & file server in a few seconds. Fortunately I live by the 3 B's of computing rule - backup, backup, backup.

For fun I investigated decryption possibilities but decided there was a far easier option & simply wiped & restored. Problem solved.




Megabyte - so geek it megahertz

MadEngineer
4271 posts

Uber Geek

Trusted

  #2390586 12-Jan-2020 14:20
Send private message

FineWine:

CBS 60 minutes in Aug 2019 did a great report on just this topic which I saw when it aired (FTA) on Prime:


How cybercriminals hold data hostage... and why the best solution is often paying a ransom


Then a side report they did: Ransomware: Prevent your computer from being infected


The bit I found interesting is that one victim, Atlanta city, refused to pay the demanded $50,000. Instead, the city spent $20 million to recover on its own.


As I have always told all my friends and relatives - backup - backup - backup but the clever crooks can get around that as well by putting in time delay coding so your backups are infected as well.


 

this is why you must employ a proper backup rotation scheme. Any failure to backup properly means you’re simply not running a backup.

https://en.m.wikipedia.org/wiki/Backup_rotation_scheme



Grandfathering is simple: have media for each daily backup, media for five Fridays or your end of week and media for 12 months and a couple for yearly plus spares, all stored off site.




You're not on Atlantis anymore, Duncan Idaho.

Hammerer
2476 posts

Uber Geek

Lifetime subscriber

  #2390593 12-Jan-2020 14:42
Send private message

I've seen a two fake ransomware infections.

 

The people I help can't tell the difference and I only just stopped one paying the money. There is some sort of user interface locking to make it hard for them to check.


  #2390646 12-Jan-2020 15:40
Send private message

Yes, I must admit that I made a mischievous blog post recommending that people take advantage of this ignorance.

 

I recommended a quick Google image search for WannaCry wallpaper, which they should download & set as desktop wallpaper. Next, right-click, hide icons.

 

 

Final step - feign shock & horror, now go home & have the day off.





Megabyte - so geek it megahertz

Rikkitic

Awrrr
18658 posts

Uber Geek

Lifetime subscriber

  #2390652 12-Jan-2020 16:07
Send private message

I have had the fake porn one a couple of times but that was just an email to an account that was in a hacked database. I have never been hit by anything else.

 

 





Plesse igmore amd axxept applogies in adbance fir anu typos

 


 


PANiCnz
990 posts

Ultimate Geek


  #2390666 12-Jan-2020 16:55
Send private message

One of the guys at work was at Maersk when they got hit by NotPetya, he has some great stories.


Jogre
182 posts

Master Geek


  #2391021 13-Jan-2020 14:28
Send private message

I've had a couple of good ones. Had one client get hit, recovered server from backups and all OK...except the finance guy had been archiving email to PSTs (because he always did this) so the emails were no longer on server so that was all lost. They had a proposal to move to 365 on their desk for months which might have helped a smidge.

 

Had another client pay it, was $1000 or so which was getting off easy.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.