Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Devastation by stupidity
12267 posts

Uber Geek

Lifetime subscriber

#262231 11-Jan-2020 14:44
Send private message

There is an item on RNZ about the Travelex ransomware attack. I have never experienced one, or any other attack, but I am wondering if anyone has? What happened?

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
435 posts

Ultimate Geek


  #2390272 11-Jan-2020 15:15
Send private message

They had an unsecured VPN, it encrypts server disk and asks for an unlock code that you only get by paying usually via bitcoin.


1092 posts

Uber Geek

Trusted

  #2390273 11-Jan-2020 15:15
Send private message

The company I was at back in 2014~ got hit by a variant of cryptolocker which took one of our site offline for a couple of days caused by a user opening a email attachment. Luckily we had pretty good monitoring in place so we picked up on it early and were able to lock down the WAN to prevent it spreading to other sites / our data centers.
We ended up restoring the server from backup (daily off site backups meant at most we lost a couple of days of data) and re-imaging the PCs. 


 
 
 
 


7615 posts

Uber Geek

Trusted
Subscriber

  #2390284 11-Jan-2020 16:16
Send private message

Had a school with a Synology who decided they no longer wanted to pay anyone or company for support, rather just use one of the parents.

As a result the Syno never got patched, then the Syno cryptolock hit, immediately it was mentioned in the interwebs I logged into the Syno and immediately realised it was hit. Rang them straight away and told them to just pull the power and don't ask questions.

Luckly it had started on the backup drive first, so only a few main share files had been locked, also lucky I had setup a GDrive backup, so was able to fully recover all list files, without the backup they would have been screwed.

Cyril

BDFL - Memuneh
67469 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2390427 11-Jan-2020 19:54
Send private message

sqishy:

 

They had an unsecured VPN, it encrypts server disk and asks for an unlock code that you only get by paying usually via bitcoin.

 

 

This is simplistic and wrong. Yes, an unpatched VPN seems to have been the vector. No the "unsecured VPN" is not responsible for encrypting the server disk, but rather someone had access by exploiting a vulnerability in the unpatched VPN and having the cryptolocker installed.

 

Interesting topic, as just this week I was communicating to someone who had their systems affected and managed to decrypt everything without paying the ransom - basically explained to the bad actor that they were not a business and couldn't afford the amount of money asked. I have screenshots and videos, will post on another thread later.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


22699 posts

Uber Geek

Trusted
Lifetime subscriber

  #2390428 11-Jan-2020 19:55
Send private message

Prior to a few weeks/months ago, so long as you had good backups, there was really no need to consider paying a ransom. Since Ransomware has become such big business and IT has caught up and is moving toward doing a better job of protecting against it, the criminals have decided that to get around the "if you have a backup they won't pay" by now threatening to release a copy of the data they took when they encrypted. So even if you have a backup, there are some people who will likely need to pay to avoid the release of what could quite possibly be sensitive or privileged information.

 

IT Service Providers are now a big target. There have been some HUGE hits deployed by compromising the MSP/IT Provider, and using the IT providers links to their customers to encrypt the customers. 

 

It's a scary world out there now.


xpd

Budget Gamer
10607 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  #2390444 11-Jan-2020 21:04
Send private message

Had one myself on home server, frustrating but I was back up and running in a day or so thanks to regular backups.

 

Deal with them at work occasionally, usually they get in via poor RDP security.

 

 





XPD^ / DemiseNZ

 

Blog         Free Games        Twitter

 

My TradeMe Goodies

 

Disclaimer - It wasn't me, the dog ate my keyboard, my account was hacked, I was drunk, ALIENS.


263 posts

Ultimate Geek


  #2390465 11-Jan-2020 23:41
Send private message

work got hit last year (corporate hq overseas). expensive, as it was pegged at roughly $1M/day for 3 weeks.

 

recovered by restoring backups, but the time it took to ensure that all clients all over the world is "secure" before granting network access was a pain in the but.

 

it is real. it has a quantifiable monetary value.

 

 


 
 
 
 


1474 posts

Uber Geek

Trusted
Nurse (R)
Lifetime subscriber

  #2390496 12-Jan-2020 10:26
Send private message

CBS 60 minutes in Aug 2019 did a great report on just this topic which I saw when it aired (FTA) on Prime:

 

How cybercriminals hold data hostage... and why the best solution is often paying a ransom

 

Then a side report they did: Ransomware: Prevent your computer from being infected

 

The bit I found interesting is that one victim, Atlanta city, refused to pay the demanded $50,000. Instead, the city spent $20 million to recover on its own.

 

As I have always told all my friends and relatives - backup - backup - backup but the clever crooks can get around that as well by putting in time delay coding so your backups are infected as well.

 

 





iMac 27" (late 2013), Airport Time Capsule + Airport Express, iPhone7, iPad6, iPad Mini2

 

Panasonic Blu-ray PVR DMR-BWT835 + Panasonic Viera TH-L50E6Z, Chromecast Ultra, Yamaha AVR RX-V1085


495 posts

Ultimate Geek

Subscriber

  #2390497 12-Jan-2020 10:40
Send private message

I have first-hand experience of ransomware, & quite a clever one too. Got hit by Gandcrab 5.3 when it was a fresh release & so no decryptor available. This was the first time I'm aware of that the ransomware created an individual encryption algorithym for each infected computer - at that stage a decryptor looked to be a remote possibility. I'm not sure there even is one today.

I was working on my laptop at the time, so was able to minimise the damage but it chewed up some 300GB between my laptop & file server in a few seconds. Fortunately I live by the 3 B's of computing rule - backup, backup, backup.

For fun I investigated decryption possibilities but decided there was a far easier option & simply wiped & restored. Problem solved.




Megabyte - so geek it megahertz


2158 posts

Uber Geek

Trusted

  #2390586 12-Jan-2020 14:20
Send private message

FineWine:

CBS 60 minutes in Aug 2019 did a great report on just this topic which I saw when it aired (FTA) on Prime:


How cybercriminals hold data hostage... and why the best solution is often paying a ransom


Then a side report they did: Ransomware: Prevent your computer from being infected


The bit I found interesting is that one victim, Atlanta city, refused to pay the demanded $50,000. Instead, the city spent $20 million to recover on its own.


As I have always told all my friends and relatives - backup - backup - backup but the clever crooks can get around that as well by putting in time delay coding so your backups are infected as well.


 

this is why you must employ a proper backup rotation scheme. Any failure to backup properly means you’re simply not running a backup.

https://en.m.wikipedia.org/wiki/Backup_rotation_scheme



Grandfathering is simple: have media for each daily backup, media for five Fridays or your end of week and media for 12 months and a couple for yearly plus spares, all stored off site.

2165 posts

Uber Geek

Lifetime subscriber

  #2390593 12-Jan-2020 14:42
Send private message

I've seen a two fake ransomware infections.

 

The people I help can't tell the difference and I only just stopped one paying the money. There is some sort of user interface locking to make it hard for them to check.


495 posts

Ultimate Geek

Subscriber

  #2390646 12-Jan-2020 15:40
Send private message

Yes, I must admit that I made a mischievous blog post recommending that people take advantage of this ignorance.

 

I recommended a quick Google image search for WannaCry wallpaper, which they should download & set as desktop wallpaper. Next, right-click, hide icons.

 

 

Final step - feign shock & horror, now go home & have the day off.





Megabyte - so geek it megahertz




Devastation by stupidity
12267 posts

Uber Geek

Lifetime subscriber

  #2390652 12-Jan-2020 16:07
Send private message

I have had the fake porn one a couple of times but that was just an email to an account that was in a hacked database. I have never been hit by anything else.

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


727 posts

Ultimate Geek


  #2390666 12-Jan-2020 16:55
Send private message

One of the guys at work was at Maersk when they got hit by NotPetya, he has some great stories.


150 posts

Master Geek


  #2391021 13-Jan-2020 14:28
Send private message

I've had a couple of good ones. Had one client get hit, recovered server from backups and all OK...except the finance guy had been archiving email to PSTs (because he always did this) so the emails were no longer on server so that was all lost. They had a proposal to move to 365 on their desk for months which might have helped a smidge.

 

Had another client pay it, was $1000 or so which was getting off easy.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Chorus completes the build and commissioning of two new core Ethernet switches
Posted 8-Jul-2020 09:48


National Institute for Health Innovation develops treatment app for gambling
Posted 6-Jul-2020 16:25


Nokia 2.3 to be available in New Zealand
Posted 6-Jul-2020 12:30


Menulog change colours as parent company merges with Dutch food delivery service
Posted 2-Jul-2020 07:53


Techweek2020 goes digital to make it easier for Kiwis to connect and learn
Posted 2-Jul-2020 07:48


Catalyst Cloud launches new Solutions Hub to support their kiwi Partners and Customers
Posted 2-Jul-2020 07:44


Microsoft to help New Zealand job seekers acquire new digital skills needed for the COVID-19 economy
Posted 2-Jul-2020 07:41


Hewlett Packard Enterprise introduces new HPE GreenLake cloud services
Posted 24-Jun-2020 08:07


New cloud data protection services from Hewlett Packard Enterprise
Posted 24-Jun-2020 07:58


Hewlett Packard Enterprise unveils HPE Ezmeral, new software portfolio and brand
Posted 24-Jun-2020 07:10


Apple reveals new developer technologies to foster the next generation of apps
Posted 23-Jun-2020 15:30


Poly introduces solutions for Microsoft Teams Rooms
Posted 23-Jun-2020 15:14


Lenovo launches new ThinkPad P Series mobile workstations
Posted 23-Jun-2020 09:17


Lenovo brings Linux certification to ThinkPad and ThinkStation Workstation portfolio
Posted 23-Jun-2020 08:56


Apple introduces new features for iPhone iOS14 and iPadOS 14
Posted 23-Jun-2020 08:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.