Posted on Oct 18, 2024
‘That must end’: U.S. government urges new practices as ransomware payments fuel endless cycle of...
329
19
7
7
7
0
Posted 1 mo ago
Responses: 3
"Sources say the FBI advises against paying a hacker’s ransom request, but that the government also understand companies may need to pay the price to get back control of critical operations."
This is fact and I am knee deep in these events throughout the year as an Incident Response Advisor. To some companies, we're talking about whether they will have a business or not should they refuse to pay. It is hard to tell clients that we cannot make recommendations one way or another, we can only hope to recover as much of the data as possible (if the Threat Actors were not as effective in wiping everything), or possibly break the encryption (which is a not very common). I've literally been on calls with the C-suites asking the questions between themselves, whether they will be able to continue their business as they also express concern over the many people who work for their company. Then there are other areas like medical communities, supply / logistics, transportation, etc who potentially have life impacting decisions to face. There is no easy solution for those who have been ransomed already. This is why I also point this out during pro-active engagements when it comes to having mature cybersecurity programs with solid backup strategies. Some listen, some don't, some have to make priorities based on what they able to afford. Again, not an easy fix to this.
This is fact and I am knee deep in these events throughout the year as an Incident Response Advisor. To some companies, we're talking about whether they will have a business or not should they refuse to pay. It is hard to tell clients that we cannot make recommendations one way or another, we can only hope to recover as much of the data as possible (if the Threat Actors were not as effective in wiping everything), or possibly break the encryption (which is a not very common). I've literally been on calls with the C-suites asking the questions between themselves, whether they will be able to continue their business as they also express concern over the many people who work for their company. Then there are other areas like medical communities, supply / logistics, transportation, etc who potentially have life impacting decisions to face. There is no easy solution for those who have been ransomed already. This is why I also point this out during pro-active engagements when it comes to having mature cybersecurity programs with solid backup strategies. Some listen, some don't, some have to make priorities based on what they able to afford. Again, not an easy fix to this.
(5)
(0)
Maj (Join to see)
Our local FBI guys pretty much just parrot the same thing: "we'd rather you not pay, but we understand you have a business to run."
There are still too many companies that don't think they need to consider cyber risk. I still find myself on the phone or across a table from someone saying "We aren't big enough/don't have enough to be a target." And there are others who don't know what they don't know. They make assumptions they can just pay for something, install it, and then let it run forever. Still others want to buy all the new flashy AI enabled tools, but don't want to pay attention to basic cyber hygiene. At worse, I have people frustrated why they can't connect their Windows XP workstations to a Server 2019 domain or asking how they can keep running their 16-bit DOS mode software in Windows 11.
I still think much of the problem stems from IT vendors selling it all as easy and telling non-technical business owners (and individuals) that they can do it all themselves. That's been happening since the 90s. If that were true, neither of us would be employed.
There are still too many companies that don't think they need to consider cyber risk. I still find myself on the phone or across a table from someone saying "We aren't big enough/don't have enough to be a target." And there are others who don't know what they don't know. They make assumptions they can just pay for something, install it, and then let it run forever. Still others want to buy all the new flashy AI enabled tools, but don't want to pay attention to basic cyber hygiene. At worse, I have people frustrated why they can't connect their Windows XP workstations to a Server 2019 domain or asking how they can keep running their 16-bit DOS mode software in Windows 11.
I still think much of the problem stems from IT vendors selling it all as easy and telling non-technical business owners (and individuals) that they can do it all themselves. That's been happening since the 90s. If that were true, neither of us would be employed.
(1)
(0)
Maj Kevin "Mac" McLaughlin
Pretty much across the board WRT pay or not pay. While flashy tools tend to suck immature companies into the mix, the larger problem IMO comes from app devs. While realizing some eventually die out while their Apps continue to exist, others make it hard for clients to upgrade them into supportable OSs and servers. Some of that is on the companies too, which fail to understand the dependencies of their Apps and kick the can down the road when it comes to modernizing it or migrating to a more up to date one. But there is also a responsbility from the CIOs/CISOs to identify these concerns early on and recognize that simply having them in the environment will prevent them from using many of the newer security features in Windows. I am dumbfounded that LANMAN Hashed are still rampant in many orgnizations prevent them from employing better ID and Access capabilities. I was abusing LANMAN since the late 90s on the AF's Red Team.
(2)
(0)
Maj (Join to see)
Maj Kevin "Mac" McLaughlin - The flashy tool buyer for us are mostly the non-tech business owners wanting to do it themselves. We are mostly working with small biz so when the owners know they need something the are pretty receptive. The problem comes when they think it will be free. We legitimately have the folks who will Charlton Heston "cold dead hands" some very old crap, though. We've been fortunate to only have one ransomware event and that was in a formerly cheap client many years ago. Since then it's simple account takeovers for our on-going clients. Those are easy to kill if you are watching. We've had some interesting breach investigations through some law firm partners, though. I'm happy that I'm able to help out the little guys around here, but there are many days where I want to be back on a bigger team.
(1)
(0)
It's a struggle when most of the potential victims will hear this message and think they are talking to someone else. Most people don't think this applies to them. I'm sure most people had almost forgotten about ransomware, as well, since they weren't hearing about it regularly. It's not sensationalist enough for the news to carry any longer.
(2)
(0)
Read This Next