Another Massive Ransomware Outbreak Is Going Global Fast

Forbes ^ | 06/27/2017 | Thomas Fox-Brewster

[MarchonDC09122009]

https://www.forbes.com/sites/thomasbrewster/2017/06/27/ransomware-spreads-rapidly-hitting-power-companies-banks-airlines-metro/#17b076ce7abd

Another Massive Ransomware Outbreak Is Going Global Fast

Security #​CyberSecurity Jun 27, 2017 @ 09:44 AM

Another Massive Ransomware Outbreak Is Going Global Fast

Thomas Fox-Brewster, Forbes Staff

Ransomware is causing severe problems for major critical infrastructure providers today.

Ukraine's government, National Bank and biggest power companies all warned of cyberattacks Tuesday. Airports and metro services in the country were also reportedly affected, though it appears they're victims of another massive ransomware outbreak that's spreading across the world fast and hitting a significant number of critical infrastructure providers.

[Mouton]

I clicked on an offer to speed up computer. That was it. I sped it to the dumpster.

[Chode]

thx... just trying to see what to stay away form

[palmer]

That would do it. All it takes is a single stupid user.

[AppyPappy]

Except all those computers are supposed to be locked down. However, you cannot guarantee that a student posing as a Tech Support guy knows what he is doing. It’s too easy to shut up management by making computers open to the world and every user an admin. And backups? WAY too much trouble. It’s easier just to yell at the central IT guys because they “let” a virus get through to your Yahoo account.

I just saw that the email address listed in the ransom has been shut down. Drama ensues.

[AppyPappy]

Next time, wipe it and install Linux on it. Problem solved.

[palmer]

Except all those computers are supposed to be locked down

We have the "lock down" requirement now, but nobody enforces it. The managers and marketing would be the first to complain that they can't install something or do something to weaken security. Of course I have refused the corporate offer as well, since they are really only protecting data at rest (everything else is pretend security).

[AppyPappy]

About once every few months, someone tried to break into my server using the typical userids (admin, terminal, root). I grabbed the IP address and called the security guys. It was their box trying to crack my server.
I thought that was pretty smart.
The userid alone(something like Th3_1ncred1ble!HulkH0g4n) would take something like 100 years for a box to guess. The password is even harder.
But it is a virtual box and someone cracked the virtual guy’s admin account so....Luckily they didn’t get to my box because I named it something nebulous(linuxdists)

[SaveFerris]

[Company level defense (at a minimum):
1) Establish a strong Infosec / Cybersecurity program. See the SAN top 20 policies
2) Strong boundary defenses (firewall / routers / vpn gateways)
3) Scan all emails (internal and external) for viruses
4) Establish an anti-phishing campaign to educate users
5) Regular backups of critical systems along with multiple snapshots of critical data
6) Regular scans of all servers and workstations for viruses
7) Maintain gold images of servers and workstations
8) Isolate the data center from internal networks via firewall that only allows specific approved connections through.
9) shut off any unnecessary services / ports
10) adopt a monthly internal vulnerability scanning of servers
11) adopt network based intrusion detection / host based for critical servers
12) Enforce the use of passphrases (12+ characters) not passwords]

Ha! Try telling any or that to some folks I worked for. They think it’s still 1970.

[SaveFerris]

Cover the mic, too.

[SaveFerris]

[I better check my Ukrainian accounts]

That’s why I moved my millions to Nigeria. I just gave my bank account number, bank routing number, social security number and my mother’s maiden name to a guy named Nigel.

AND he’s gonna help me move $35 million dollars out of Nigeria.

Whatta guy.