Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
Affiliate link
 
 
 

Affiliate link: Find your next Lenovo laptop, desktop, workstation or tablet now.
nztim
2280 posts

Uber Geek

ID Verified
Trusted
TEAMnetwork
Subscriber

  #2739265 5-Jul-2021 17:40
Send private message

So awesome to see all the MSPs helping each other out putting aside the fact we are competitors




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 


sampler
439 posts

Ultimate Geek

ID Verified
Trusted
Lifetime subscriber

  #2739270 5-Jul-2021 17:46
Send private message

billgates: @sampler @Dynamic @networkn @nztim @michaelmurfy can you please make contact on below email address as there is an MSP that is looking for help. Thanks! 

 

Yup did the same. Offered support from both our NZ and AU side of the company... They are interested in "boots on the ground" in VIC AU .. lets see if they take offer up.


sampler
439 posts

Ultimate Geek

ID Verified
Trusted
Lifetime subscriber

#2739271 5-Jul-2021 17:48
Send private message

nztim: So awesome to see all the MSPs helping each other out putting aside the fact we are competitors

 

 

 

You! Me! ... outside! .. now!

 

lol ...

 

 




Sideface
7534 posts

Uber Geek

Trusted
DR
Lifetime subscriber

  #2739300 5-Jul-2021 19:29
Send private message

Radio NZ - $100m ransom demand after companies hit by global cyber attack

 

breaking

 


The hackers alleged to be behind a mass ransomware attack that affected hundreds of companies worldwide are demanding $US70 million ($NZ100m) to liberate the data.

 

The demand was posted by REvil cybercrime gang on their blog.

 

Allan Liska, with cybersecurity firm Recorded Future, said the message appeared to be authentic and that the blog had been in use by that group since last year. ...

 

Liska said he believed the hackers had bitten off more than they could chew by scrambling the data of hundreds of companies at a time and that the $US70m demand was an effort to make the best of an awkward situation.

 

"For all of their big talk on their blog, I think this got way out of hand," he said.

 

 

- Reuters / RNZ

 

EDIT: This report does not clarify who is supposed to pay the ransom - presumably Kaseya.





Sideface


Oblivian
6614 posts

Uber Geek

ID Verified

  #2739305 5-Jul-2021 20:09
Send private message

Call me daft in this field. But what exactly will come of throwing lots of manpower offers out.

 

Is that to assist in isolating the services and getting a usable base service back up fresh ASAP (and worry about the lost stuff later). Or has someone already worked out how to un-do it, albeit time consuming manual work that bods help with

 

There's a cheaper than $5m example here

 

And the ransom note in each dir. With some shocking english.

 

https://blog.talosintelligence.com/2021/07/revil-ransomware-actors-attack-kaseya.html 


mobiusnz
304 posts

Ultimate Geek


  #2739448 6-Jul-2021 09:04
Send private message

Sideface:

 

Radio NZ - $100m ransom demand after companies hit by global cyber attack

 

breaking

 


The hackers alleged to be behind a mass ransomware attack that affected hundreds of companies worldwide are demanding $US70 million ($NZ100m) to liberate the data.

 

The demand was posted by REvil cybercrime gang on their blog.

 

Allan Liska, with cybersecurity firm Recorded Future, said the message appeared to be authentic and that the blog had been in use by that group since last year. ...

 

Liska said he believed the hackers had bitten off more than they could chew by scrambling the data of hundreds of companies at a time and that the $US70m demand was an effort to make the best of an awkward situation.

 

"For all of their big talk on their blog, I think this got way out of hand," he said.

 

 

- Reuters / RNZ
EDIT: This report does not clarify who is supposed to pay the ransom - presumably Kaseya.

 

 

$70 million seems cheap if its proven that the hackers will work to provide all the master keys etc so Kaseya can create a tool to easily decrypt all clients.

 

The damage to their image is going to be massive and coming up with a solution thats quick for their customers might help them retain their customers.

 

There is of course the whole don't pay the ransom argument but it seems no matter how hard that is shouted hackers keep writing these tools and finding ways to encrypt data.

Its all very well to say "Backup" and that's your core data and that's fine - With these ones that worm the network and kill workstations left right and centre and all the cost of rebuilding workstations, the issues to users who can't cope with the subtle changes after a reinstall and all the little bits of lost data where someone had a work in progress saved to their PC or a plugged in USB drive etc.

It just seems to me Kaseya must have some sort of public liability insurance and assuming they can demonstrate to the insurer that they had done enough to attempt to stop this they surely the insurance can pay the money assuming there is a completely positive outcome in terms of ease of decryption of ALL customer data?





Matt Beechey

 

Mobius Network Solutions

networkn
27335 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2739452 6-Jul-2021 09:10
Send private message

mobiusnz:

 

$70 million seems cheap if its proven that the hackers will work to provide all the master keys etc so Kaseya can create a tool to easily decrypt all clients.

 

The damage to their image is going to be massive and coming up with a solution thats quick for their customers might help them retain their customers.

 

There is of course the whole don't pay the ransom argument but it seems no matter how hard that is shouted hackers keep writing these tools and finding ways to encrypt data.

Its all very well to say "Backup" and that's your core data and that's fine - With these ones that worm the network and kill workstations left right and centre and all the cost of rebuilding workstations, the issues to users who can't cope with the subtle changes after a reinstall and all the little bits of lost data where someone had a work in progress saved to their PC or a plugged in USB drive etc.

It just seems to me Kaseya must have some sort of public liability insurance and assuming they can demonstrate to the insurer that they had done enough to attempt to stop this they surely the insurance can pay the money assuming there is a completely positive outcome in terms of ease of decryption of ALL customer data?

 

 

I saw somewhere that this may not be covered by Kaseya Insurance as it's potentially excluded by their contracts under the acts of war or terrorism clauses. I am unsure how true that is. I'd imagine even if they can wiggle out of it, the damage to their reputation would be massive.




networkn
27335 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2739454 6-Jul-2021 09:14
Send private message

In case anyone here is interested, and it's in a way, related:

 

 

 

https://www.gavsto.com/how-secure-is-your-rmm-and-what-can-you-do-to-better-secure-it/

 

 

 

Going through this checklist should be every IT companies top priority right now I think.

 

We have made the decision to remove RMM agents from our own infrastructure. Thankfully, in some ways, we are small enough, that managing ours manually, or ultimately perhaps with a different tool to the one we manage our clients with, is practical. Our thinking behind this decision is related to the fact that if the worst happens, we should hopefully, have our systems up to assist our clients instead of rebuilding our own before that.

 

 


freitasm
BDFL - Memuneh
73969 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2739456 6-Jul-2021 09:21
Send private message

networkn:

 

Going through this checklist should be every IT companies top priority right now I think.

 

 

"Area 1 – Keep your solutions updated"

 

Well, that's what brought in the malware in first place...

 

🙄





Are you happy with Geekzone? Consider subscribing or making a donation.

 

 

 

freitasm on Keybase | My technology disclosure 

 

These links are referral codes: Sharesies | Mighty Ape | Norton 360 | Lenovo laptops | GoodsyncGeekzone Blockchain Project


networkn
27335 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2739457 6-Jul-2021 09:26
Send private message

freitasm:

 

networkn:

 

Going through this checklist should be every IT companies top priority right now I think.

 

 

"Area 1 – Keep your solutions updated"

 

Well, that's what brought in the malware in first place...

 

🙄

 

 

I know, but at the end of the day, you can't protect every surface 100% and in far more cases, it will be the solution, rather than the problem.

 

In my opinion, if you don't stay updated you WILL be compromised, if you do, you MIGHT.

 

 

 

 


mobiusnz
304 posts

Ultimate Geek


  #2739665 6-Jul-2021 12:31
Send private message

freitasm:

 

networkn:

 

Going through this checklist should be every IT companies top priority right now I think.

 

 

"Area 1 – Keep your solutions updated"

 

Well, that's what brought in the malware in first place...

 

🙄

 

 

That was my thought - Don't update until its been in market for a while - Even then though a hacker could seed a backdoor / command and control but leave it dormant for a period and then hit the go button once its out there on mass. 

I use Connectwise control currently hosted on my own server. I have very limited logins to it - 2FA enabled (Even on my fingerprint locked phone I force myself to not add it as a trusted device) and I'm paranoid about the fact that if someone compromises my Control server they then have access to a lot of client pc's. I'm more comfortable with it hosted on my system and the clients connect back to me rather than being a cloud system I have no control over.  There is still the chance that they introduce a bug with a backdoor too allow hackers to get in around 2FA etc but secondly I guess I have the partial "safety" that I'm not likely to be a direct target due to my size. But there is still always the chance that if a backdoor is found it can be scripted to search and infect automatically looking for any installs much like was done with Exchange servers compromises recently.

I do think Geo-blocking is a very valuable tool in this day and age.





Matt Beechey

 

Mobius Network Solutions

tripper1000
1463 posts

Uber Geek


  #2739684 6-Jul-2021 13:20
Send private message

Anyone with Netflix knows how to get around geo-blocking.

 

I think we are rapidly approaching the point where cutting the fibre to Russia is the most feasible solution. At the least it will prompt the local authorities to stop protecting (encouraging?) these guys.

 

Air-gapping your network from the threat is in an excellent layer of protection


mobiusnz
304 posts

Ultimate Geek


  #2739690 6-Jul-2021 13:30
Send private message

tripper1000:

 

Anyone with Netflix knows how to get around geo-blocking.

 

I think we are rapidly approaching the point where cutting the fibre to Russia is the most feasible solution. At the least it will prompt the local authorities to stop protecting (encouraging?) these guys.

 

Air-gapping your network from the threat is in an excellent layer of protection

 

 

I'm down with the cause

 

#airgaprussia





Matt Beechey

 

Mobius Network Solutions

CYaBro
3803 posts

Uber Geek

ID Verified
Subscriber

  #2740267 7-Jul-2021 01:17
Send private message


ANglEAUT
1688 posts

Uber Geek

Trusted

  #2740806 7-Jul-2021 20:52
Send private message

mobiusnz: ... I do think Geo-blocking is a very valuable tool in this day and age.

 

And egress filtering

 

 

 

tripper1000: Anyone with Netflix knows how to get around geo-blocking. ...

 

Maybe at home, yes. In a corporate environment? Not so easy. Or do you use management agents like Kaseya at home?





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

 

RZmask referral | with small


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24


New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49


Github Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37


Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20


Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11


Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04


Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08


JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05


New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35


Chromecast With Google TV Review
Posted 10-Jun-2022 17:10


Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01


Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01


HP Envy Inspire 7900e Review
Posted 9-Jun-2022 20:31


Philips Hue Starter Kit Review
Posted 4-Jun-2022 11:10


Sony Expands Its Wireless Speaker X-series Range
Posted 4-Jun-2022 10:25









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.