Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Lock him up!
11154 posts

Uber Geek

Lifetime subscriber

# 262231 11-Jan-2020 14:44
Send private message quote this post

There is an item on RNZ about the Travelex ransomware attack. I have never experienced one, or any other attack, but I am wondering if anyone has? What happened?

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
304 posts

Ultimate Geek


  # 2390272 11-Jan-2020 15:15
Send private message quote this post

They had an unsecured VPN, it encrypts server disk and asks for an unlock code that you only get by paying usually via bitcoin.


1026 posts

Uber Geek

Trusted

  # 2390273 11-Jan-2020 15:15
One person supports this post
Send private message quote this post

The company I was at back in 2014~ got hit by a variant of cryptolocker which took one of our site offline for a couple of days caused by a user opening a email attachment. Luckily we had pretty good monitoring in place so we picked up on it early and were able to lock down the WAN to prevent it spreading to other sites / our data centers.
We ended up restoring the server from backup (daily off site backups meant at most we lost a couple of days of data) and re-imaging the PCs. 


 
 
 
 


7190 posts

Uber Geek

Trusted
Subscriber

  # 2390284 11-Jan-2020 16:16
3 people support this post
Send private message quote this post

Had a school with a Synology who decided they no longer wanted to pay anyone or company for support, rather just use one of the parents.

As a result the Syno never got patched, then the Syno cryptolock hit, immediately it was mentioned in the interwebs I logged into the Syno and immediately realised it was hit. Rang them straight away and told them to just pull the power and don't ask questions.

Luckly it had started on the backup drive first, so only a few main share files had been locked, also lucky I had setup a GDrive backup, so was able to fully recover all list files, without the backup they would have been screwed.

Cyril

BDFL - Memuneh
65282 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2390427 11-Jan-2020 19:54
Send private message quote this post

sqishy:

 

They had an unsecured VPN, it encrypts server disk and asks for an unlock code that you only get by paying usually via bitcoin.

 

 

This is simplistic and wrong. Yes, an unpatched VPN seems to have been the vector. No the "unsecured VPN" is not responsible for encrypting the server disk, but rather someone had access by exploiting a vulnerability in the unpatched VPN and having the cryptolocker installed.

 

Interesting topic, as just this week I was communicating to someone who had their systems affected and managed to decrypt everything without paying the ransom - basically explained to the bad actor that they were not a business and couldn't afford the amount of money asked. I have screenshots and videos, will post on another thread later.





21748 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2390428 11-Jan-2020 19:55
One person supports this post
Send private message quote this post

Prior to a few weeks/months ago, so long as you had good backups, there was really no need to consider paying a ransom. Since Ransomware has become such big business and IT has caught up and is moving toward doing a better job of protecting against it, the criminals have decided that to get around the "if you have a backup they won't pay" by now threatening to release a copy of the data they took when they encrypted. So even if you have a backup, there are some people who will likely need to pay to avoid the release of what could quite possibly be sensitive or privileged information.

 

IT Service Providers are now a big target. There have been some HUGE hits deployed by compromising the MSP/IT Provider, and using the IT providers links to their customers to encrypt the customers. 

 

It's a scary world out there now.


xpd

SysOp
10244 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2390444 11-Jan-2020 21:04
Send private message quote this post

Had one myself on home server, frustrating but I was back up and running in a day or so thanks to regular backups.

 

Deal with them at work occasionally, usually they get in via poor RDP security.

 

 





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : Ryzen 5 3600 / 16GB DDR4 / RX580 4GB    Console : Xbox One

 

Now on BigPipe 100/100 and 2Talk  Add me on Steam   My Lego

 

*** AMIGA UNLIMITED REDUX BBS - SOON***


192 posts

Master Geek


  # 2390465 11-Jan-2020 23:41
Send private message quote this post

work got hit last year (corporate hq overseas). expensive, as it was pegged at roughly $1M/day for 3 weeks.

 

recovered by restoring backups, but the time it took to ensure that all clients all over the world is "secure" before granting network access was a pain in the but.

 

it is real. it has a quantifiable monetary value.

 

 


 
 
 
 


1093 posts

Uber Geek

Subscriber

  # 2390496 12-Jan-2020 10:26
Send private message quote this post

CBS 60 minutes in Aug 2019 did a great report on just this topic which I saw when it aired (FTA) on Prime:

 

How cybercriminals hold data hostage... and why the best solution is often paying a ransom

 

Then a side report they did: Ransomware: Prevent your computer from being infected

 

The bit I found interesting is that one victim, Atlanta city, refused to pay the demanded $50,000. Instead, the city spent $20 million to recover on its own.

 

As I have always told all my friends and relatives - backup - backup - backup but the clever crooks can get around that as well by putting in time delay coding so your backups are infected as well.

 

 





iMac 27" (late 2013), Airport Time Capsule + Airport Express, iPhone7, iPad6, iPad Mini2

 

Panasonic Blu-ray PVR DMR-BWT835 + Panasonic Viera TH-L50E6Z, Chromecast Ultra, Yamaha AVR RX-V1085


368 posts

Ultimate Geek

Subscriber

  # 2390497 12-Jan-2020 10:40
Send private message quote this post

I have first-hand experience of ransomware, & quite a clever one too. Got hit by Gandcrab 5.3 when it was a fresh release & so no decryptor available. This was the first time I'm aware of that the ransomware created an individual encryption algorithym for each infected computer - at that stage a decryptor looked to be a remote possibility. I'm not sure there even is one today.

I was working on my laptop at the time, so was able to minimise the damage but it chewed up some 300GB between my laptop & file server in a few seconds. Fortunately I live by the 3 B's of computing rule - backup, backup, backup.

For fun I investigated decryption possibilities but decided there was a far easier option & simply wiped & restored. Problem solved.




Megabyte - so geek it megahertz


1975 posts

Uber Geek


  # 2390586 12-Jan-2020 14:20
Send private message quote this post

FineWine:

CBS 60 minutes in Aug 2019 did a great report on just this topic which I saw when it aired (FTA) on Prime:


How cybercriminals hold data hostage... and why the best solution is often paying a ransom


Then a side report they did: Ransomware: Prevent your computer from being infected


The bit I found interesting is that one victim, Atlanta city, refused to pay the demanded $50,000. Instead, the city spent $20 million to recover on its own.


As I have always told all my friends and relatives - backup - backup - backup but the clever crooks can get around that as well by putting in time delay coding so your backups are infected as well.


 

this is why you must employ a proper backup rotation scheme. Any failure to backup properly means you’re simply not running a backup.

https://en.m.wikipedia.org/wiki/Backup_rotation_scheme



Grandfathering is simple: have media for each daily backup, media for five Fridays or your end of week and media for 12 months and a couple for yearly plus spares, all stored off site.

2086 posts

Uber Geek

Lifetime subscriber

  # 2390593 12-Jan-2020 14:42
Send private message quote this post

I've seen a two fake ransomware infections.

 

The people I help can't tell the difference and I only just stopped one paying the money. There is some sort of user interface locking to make it hard for them to check.


368 posts

Ultimate Geek

Subscriber

  # 2390646 12-Jan-2020 15:40
Send private message quote this post

Yes, I must admit that I made a mischievous blog post recommending that people take advantage of this ignorance.

 

I recommended a quick Google image search for WannaCry wallpaper, which they should download & set as desktop wallpaper. Next, right-click, hide icons.

 

 

Final step - feign shock & horror, now go home & have the day off.





Megabyte - so geek it megahertz




Lock him up!
11154 posts

Uber Geek

Lifetime subscriber

  # 2390652 12-Jan-2020 16:07
Send private message quote this post

I have had the fake porn one a couple of times but that was just an email to an account that was in a hacked database. I have never been hit by anything else.

 

 





I don't think there is ever a bad time to talk about how absurd war is, how old men make decisions and young people die. - George Clooney
 


697 posts

Ultimate Geek


  # 2390666 12-Jan-2020 16:55
Send private message quote this post

One of the guys at work was at Maersk when they got hit by NotPetya, he has some great stories.


128 posts

Master Geek

Microsoft NZ

  # 2391021 13-Jan-2020 14:28
Send private message quote this post

I've had a couple of good ones. Had one client get hit, recovered server from backups and all OK...except the finance guy had been archiving email to PSTs (because he always did this) so the emails were no longer on server so that was all lost. They had a proposal to move to 365 on their desk for months which might have helped a smidge.

 

Had another client pay it, was $1000 or so which was getting off easy.


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.