SmarterASP.Net - Ransomware Encrypted







  • Ouch



  • Learned about "Data Diodes" today.

    One way network travel and/or limited travel. They break many protocols but present a physical barrier between two networks.

    Using virtualized routers, SonicWALL SonicOS can do this among others, it is possible to do something similar with a proper rule set.

    I wonder if folks are ever going to catch on to properly segmenting networks to prevent this kind of thing on client/customer workloads? 😞



  • @PhlipElder said in SmarterASP.Net - Ransomware Encrypted:

    I wonder if folks are ever going to catch on to properly segmenting networks to prevent this kind of thing on client/customer workloads? 😞

    It doesn't matter what kind of lock you have on the door, if what you have inside is more valuable than the work required to break in.

    You don't think the multinational corporations that have been attacked by ransomware the last couple of years have had network segmentation?

    Do you remember stuxnet? That's an example of how air-gapped systems are attacked. Ain't going to have more network segmentation than an air-gap. Point is that it doesn't matter what you do if someone is determined enough.



  • @Pete-S said in SmarterASP.Net - Ransomware Encrypted:

    @PhlipElder said in SmarterASP.Net - Ransomware Encrypted:

    I wonder if folks are ever going to catch on to properly segmenting networks to prevent this kind of thing on client/customer workloads? 😞

    It doesn't matter what kind of lock you have on the door, if what you have inside is more valuable than the work required to break in.

    You don't think the multinational corporations that have been attacked by ransomware the last couple of years have had network segmentation?

    Do you remember stuxnet? That's an example of how air-gapped systems are attacked. Ain't going to have more network segmentation than an air-gap. Point is that it doesn't matter what you do if someone is determined enough.

    Catch with Stuxnet was the permitting of flash drives to be plugged in.

    There is no foolproof system out there.

    However, that being said, one should start from a properly architected system in the first place.

    Are the ransomware baddies capable of bridging an air-gap? For most, no. State Actors yes. But then, there's something else going on there.

    Those in it for the money are after the low hanging fruit. The easy cool seven figure hit.



  • @PhlipElder said in SmarterASP.Net - Ransomware Encrypted:

    Those in it for the money are after the low hanging fruit. The easy cool seven figure hit.

    Yes, but the lowest hanging fruit has already been picked. Ransomware before 2017 was directed to consumers. Nowadays it's enterprises, government, health care etc that are attacked. What used to be the work of hobbyists have now turned into organized crime for the pros.

    There is even RaaS, ransomware as a service. Sophisticated ransomware is developed and then sold as a service to criminals that pay with a percentage of the income. A win-win situation so to speak...



  • @Pete-S higher hanging, but MUCH larger fruit.



  • @Pete-S said in SmarterASP.Net - Ransomware Encrypted:

    @PhlipElder said in SmarterASP.Net - Ransomware Encrypted:

    Those in it for the money are after the low hanging fruit. The easy cool seven figure hit.

    Yes, but the lowest hanging fruit has already been picked. Ransomware before 2017 was directed to consumers. Nowadays it's enterprises, government, health care etc that are attacked. What used to be the work of hobbyists have now turned into organized crime for the pros.

    There is even RaaS, ransomware as a service. Sophisticated ransomware is developed and then sold as a service to criminals that pay with a percentage of the income. A win-win situation so to speak...

    At this point we might as well just throw in the towel eh? 😛

    15e84ef1-d057-4aa7-936c-0514976f7866-image.png

    Credit: https://www.malware-traffic-analysis.net

    User training. Patching ... and ?


Log in to reply