Payroll Provider gets Encrypted & Pays Ransom
-
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
Even paying the ransom didn't work as expected!
Or DID work as expected, who actually expects that to work?
-
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
The FBI is telling people to not pay the ransom, but Cyber Security experts are telling clients to pay the ransom.
Different goals.
-
@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
The FBI is telling people to not pay the ransom, but Cyber Security experts are telling clients to pay the ransom.
Different goals.
The FBI's goal is to stop the act entirely. The SCE's goal is to get paid as much as possible and save face with their people.
-
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
The FBI is telling people to not pay the ransom, but Cyber Security experts are telling clients to pay the ransom.
Different goals.
The FBI's goal is to stop the act entirely. The SCE's goal is to get paid as much as possible and save face with their people.
Well, and the FBI's goal is to protect "everyone", they don't particularly care about the company that has been hit. The consultants job is to protect the company that has been hit and no concern about others.
-
@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
The FBI is telling people to not pay the ransom, but Cyber Security experts are telling clients to pay the ransom.
Different goals.
The FBI's goal is to stop the act entirely. The SCE's goal is to get paid as much as possible and save face with their people.
Well, and the FBI's goal is to protect "everyone", they don't particularly care about the company that has been hit. The consultants job is to protect the company that has been hit and no concern about others.
The consultant is the protect their customer? They are already infected, not much to protect them from.
-
@Dashrender said in Payroll Provider gets Encrypted & Pays Ransom:
@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
The FBI is telling people to not pay the ransom, but Cyber Security experts are telling clients to pay the ransom.
Different goals.
The FBI's goal is to stop the act entirely. The SCE's goal is to get paid as much as possible and save face with their people.
Well, and the FBI's goal is to protect "everyone", they don't particularly care about the company that has been hit. The consultants job is to protect the company that has been hit and no concern about others.
The consultant is the protect their customer? They are already infected, not much to protect them from.
that's not true. Protecting them from data loss or financial loss.
-
What I find most interesting about this article is how nonchalant the Marketing person is about this. "We paid and it sucked."
-
@JaredBusch said in Payroll Provider gets Encrypted & Pays Ransom:
But restoring an entire infrastructe is never a fast task.
Couple ways...
- Snapshots plus an orchestration system that can recall and mount them (SRM, Veeam).
- Not being a Muppet and keeping backup, and infrastructure management on a different domain (or just off the domain if some small shop and use local SSO database for vCenter, and local user accounts for Veeam/backup servers).
- Use a DRaaS service provider that has immutable retention that can't be restored (A lot of Veeam partners will do this for you). Fairly certain this is an option from iLand and some others.
-
@DustinB3403 said in Payroll Provider gets Encrypted & Pays Ransom:
Um. . . fire those experts and get someone in there who once you're are up to fix your systems, that meet real RTO and RPO objectives. . .
You realize that the consultants who get brought in to clean up these messes are almost never the same muppets who built this out, or let this happen?
-
@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:
@JaredBusch said in Payroll Provider gets Encrypted & Pays Ransom:
@scottalanmiller's recent example clearly shows that. I would be interested to know how many man hours @NTG sunk into restoring that. And it was a small typical SMB office. Not a huge SaaS provider.
Not done yet. But ~28 to mostly recovered.
I"ve seen everything from 1 billable hour of labor (kicking off Veeam restore of 4 VM's and coming back when it was done) to 200 hours (rebuild from scratch, and recovered core ERP database from a developer clone on someone's laptop).