These days, not a month goes by that we hear about a new major ransomware attack. But how did we get to this point where our data and services could be held for ransom?
The Evolution of Ransomware: How Did We Get Here?
- Thread starter marcelblackbeard
- Start date
Healthcare is way too expensive, so expensive that you probably die helpless without insurance and with so many money they can’t buy few hard disks to make a nas for backups?
Why? Are they have put their prices on assessment and we didn’t see it?
Why? Are they have put their prices on assessment and we didn’t see it?
What we have here is a failure by our government to realize how important it is to totally eradicate all forms of ransomware, and this can be done by tracking down and permanently eliminating all parties, this would be a great job for our elite forces of the military, Seals, and Special Operations forces and the way it's done is by gathering information, formulating a plan and then destroy the enemy at the source.
Trapped Nowhere
Posts: 188 +213
I remember the green dot moneypak days. ruined it for everyone else pretty quickly :/
I believe that one of the hospital attacks did result in at least one person's death.
I think it was a woman in Germany...
The issue is not that they had no backups.
The article even specifically states the health care has good backups.
The trouble is paving and restoring a server and then restoring from backup.
This takes a serious amount of time.
Imagaine all you have is a data backup, now hand me your hard drive so I drill a hole in it.
How long will it take you to get your machine backup and running again?
Now tripple that for a server so you can wipe and rebuild the raid array and reconfigure windows, install your programs, restore from backup, and the amount of time you need for ONE computer multiply that for all the machines in teh hospital say one for every room and 4-5 for each nurses station. how much time is this??
Speaking from experience we are talking a day or two for each server, 2-4 hours per machine.
Say you have 100 patient rooms and 20 nurses stations, and 10 servers...
20 to 40 man hour days for the servers, 240 to 480 man hours for all the machines.
And you have to start with the network first, no computers can be up until you can confirm the network is clean, then no computers can be on until they are all wiped and reimaged.
We are talking MONTHS of work before everything is back to some semblance of normal and even then nothing will be the same as it was before no matter how hard you try.
Luckily with virtualization and good backups you cut this time down significantly if you are able to pinpoint the breach and fix it (not just location but time as well) maybe you can get back up faster and only drop (lose) a months worth of data.
Tyr Antilles
Posts: 15 +9
Simple solution: enforce law that makes paying ransom illegal regardless of the damage done. End of story. Second solution: ban cryptocurrencies. They are wasting a huge amount of energy without producing anything at all and they are tools for money laundering.
In the era where privacy don't really exist, they are selling us a story about "invisible" hackers that cannot be found, but who can blackmail everyone. LOL. Does anyone really believe that? The only reason why government agencies "cannot" catch them is because those hackers work for them. Either them, or big private corporations who hold government agencies in their pocket. That's the only way they can stay "private".
And BitCoin "privacy"? LOL. Wallets can be traced, BC conversion to goods or real money can be traced, eventually all the transactions can be traced, since the system basically memorizes all the transactions. One can use proxies and mediators to get cash (because cash is really hard to trace), but if someone wants, they can find the mediators, and then the final client.
And BitCoin "privacy"? LOL. Wallets can be traced, BC conversion to goods or real money can be traced, eventually all the transactions can be traced, since the system basically memorizes all the transactions. One can use proxies and mediators to get cash (because cash is really hard to trace), but if someone wants, they can find the mediators, and then the final client.
Avro Arrow
Posts: 3,721 +4,821
Neatfeatguy
Posts: 1,617 +3,045
Had numerous customers at my last job call in about crypto ransomware on their main office computers (their main work computer for their franchise stores, all employee data, sales information and so on for all their store locations). They'd ask if we can get rid of it so they can get back to work.
I'd have to tell them that we can't, but their backup data should be safe and we could get them up and running using it. Then I'd ask, "You do have a backup of your server, right?"
Uh....no. (this was always the answer from these callers)
Then they'd ask where they could get one and how fast we could get their data back, then I'd have to explain to them we couldn't recover any data because that's not how it works. Then I'd have to explain how a backup system works and what they cost if they want to go that route in the future and blah, blah, blah.
Sorry, there's nothing we can do to recover the data if you don't have a backup, then you're left with two options:
1) trash the drives and start over (yep, lose all your data and start from a clean slate)
or
2) give in and pay the ransom
I think the ransom at the time a rash of these calls came in was asking for 2500 Bitcoins, which in turn the cost of a bitcoin then was around the $200 mark. So these little franchise owners, since they're too stupid to have backup of their data had to restart from scratch or somehow find a way to pay upwards of $500,000 to get their files unlocked. I think they all just gave in and started new, never recovering their encrypted data from the crypto ransomware.
Only a few franchise owners that I ever worked with actually had redundancy built into their office computers. I know this because a couple stores called over the years I worked this job, asking why they have a message up on their office computer saying something about a hard drive not detected - I'd remote in and see that the computer couldn't detect the backup drive for the RAID1. I'd tell them to contact their owner and let him know the backup drive has failed and to come and replace it. I liked dealing with that owner, he was a smart guy and knew his stuff. I could walk him through any issue he didn't know how to resolve himself, but that was a rarity. Most of these business owners were pretty stupid.
I'd have to tell them that we can't, but their backup data should be safe and we could get them up and running using it. Then I'd ask, "You do have a backup of your server, right?"
Uh....no. (this was always the answer from these callers)
Then they'd ask where they could get one and how fast we could get their data back, then I'd have to explain to them we couldn't recover any data because that's not how it works. Then I'd have to explain how a backup system works and what they cost if they want to go that route in the future and blah, blah, blah.
Sorry, there's nothing we can do to recover the data if you don't have a backup, then you're left with two options:
1) trash the drives and start over (yep, lose all your data and start from a clean slate)
or
2) give in and pay the ransom
I think the ransom at the time a rash of these calls came in was asking for 2500 Bitcoins, which in turn the cost of a bitcoin then was around the $200 mark. So these little franchise owners, since they're too stupid to have backup of their data had to restart from scratch or somehow find a way to pay upwards of $500,000 to get their files unlocked. I think they all just gave in and started new, never recovering their encrypted data from the crypto ransomware.
Only a few franchise owners that I ever worked with actually had redundancy built into their office computers. I know this because a couple stores called over the years I worked this job, asking why they have a message up on their office computer saying something about a hard drive not detected - I'd remote in and see that the computer couldn't detect the backup drive for the RAID1. I'd tell them to contact their owner and let him know the backup drive has failed and to come and replace it. I liked dealing with that owner, he was a smart guy and knew his stuff. I could walk him through any issue he didn't know how to resolve himself, but that was a rarity. Most of these business owners were pretty stupid.
maxxcool7421
Posts: 406 +615
I work for an AV firm. I have to handle front line customers in addition to my set TAM accounts.
The frontline customers are a 100% horror show.
--server 2008 servers with fat 32 drives
--Av installed but disabled because it is a single cpu or dual core vmware guest and AV eats to much 'money'
--No intrusion prevention on critical devices ... not even IDS
--ancient root cert stores preventing many security applications from loading
--NO EFFING 2FA!? .. I cannot express the seething horror of watching third party support move files by hand typing unc pathing .. with no prompts for 2fa
--the ahem .. ''third party support'' on the end of the phone doesn't even know what a windows-junction is, or how to check a cert, or sha a file, or use the windows recovery console boot options
and lastly many of the offshore support I work with from frontline does not give a crap .. their metrics are based on taking a call not solving it
ransomware works .. because 90% of the people I deal with are the lowest paid staff on earth, because the parent company in the breach paid the least they could to get a iso 9000/1 cert .
The frontline customers are a 100% horror show.
--server 2008 servers with fat 32 drives
--Av installed but disabled because it is a single cpu or dual core vmware guest and AV eats to much 'money'
--No intrusion prevention on critical devices ... not even IDS
--ancient root cert stores preventing many security applications from loading
--NO EFFING 2FA!? .. I cannot express the seething horror of watching third party support move files by hand typing unc pathing .. with no prompts for 2fa
--the ahem .. ''third party support'' on the end of the phone doesn't even know what a windows-junction is, or how to check a cert, or sha a file, or use the windows recovery console boot options
and lastly many of the offshore support I work with from frontline does not give a crap .. their metrics are based on taking a call not solving it
ransomware works .. because 90% of the people I deal with are the lowest paid staff on earth, because the parent company in the breach paid the least they could to get a iso 9000/1 cert .
Uncle Al
Posts: 10,174 +9,651
Until Capital Punishment is implemented for hacking, cracking, etc. it will never slow down. Laws also need to be enacted that forces IP's to track down hackers, block them, and turn over all records on them to the Fed's it won't get better and of course, public disclosure of all punishments including executions will spread the word.
Too harsh? Consider the elderly couple who has their life savings stolen, preventing them from getting food, clothing, shelter, medical attention .... which cuts their life span considerably .... nothing short of murder that should be treated that way.
Too harsh? Consider the elderly couple who has their life savings stolen, preventing them from getting food, clothing, shelter, medical attention .... which cuts their life span considerably .... nothing short of murder that should be treated that way.
Bullwinkle M
Posts: 911 +817
Ransomware has nothing to do with stealing your life savings
Stay on topic
You have a one sided view that the problem is hackers and not the Tech Corporations that are causing the problem
If you got Ransomware, it is because the tech monopolies want the end users to forever be liable for any damages ever done on your home computer (Read their licenses sometime)
Ransomware is easy to stop at the home computer, but that would leave Big tech liable for damages caused online / in the cloud with online services
Sure, capital punishment is the only way to stop this mess, but try aiming that weapon at the people who caused it
Ransomware in a Big Company or Corporation is a different matter and requires a different strategy, but again, they don't care when it's "YOUR" data
Last edited:
Vanderlinde
Posts: 433 +273
Some malware is simply highly sophisticated enough that it blueprints any network it's resident on, and accordingly encrpyt most valuable things.
By the time you reach out for your backups, suddenly your backups are encrypted too. Oops.
Gastec
Posts: 548 +285
"So how did we get to the point where our data and services could be held for ransom? And with a single attack paying out millions of dollars, should we be hopeful for this trend to ever end?"
No end in sight, as long as individuals backed by national governments, by their respective "secret" or "security" agencies are doing the ransomware, on the contrary.
No end in sight, as long as individuals backed by national governments, by their respective "secret" or "security" agencies are doing the ransomware, on the contrary.
Similar threads
Latest posts
-
Asus releases firmware update to address game crashes on Intel CPUs- Malone12 replied
-
8BitDo updates gamepads with drift-proof hall-effect analog sticks- Daniel Sims replied