Results 1 to 16 of 16

Thread: Ransom payout by UofC

  1. #1

    Default Ransom payout by UofC

    http://www.cbc.ca/news/canada/calgar...blem-1.3621505

    Paying a $20,000 ransom may seem like a lot of money, but one expert says it's better than trying to wrestle control of the system back from hackers at the risk of losing data.
    I don't understand this - didn't the UofC back up their data regularly? Provided they did, couldn't they just reinstall? What's to stop the malware provider from asking for more?

    Seems crazy to me, just encourages more people to try do this, and UofC have announced themselves as a soft target.

  2. #2
    I'd rather C2E than work!
    Join Date
    Feb 2009
    Location
    Westmount, Edmonton
    Posts
    5,334

    Default

    Depends on how long it was in the system. The current crop of ransomware is designed to sit in the system for awhile encrypting things. If you don't catch it right away even your backups will be encrypted.

    "For every complex problem there is an answer that is clear, simple, and wrong"

  3. #3
    C2E Continued Contributor
    Join Date
    Nov 2007
    Location
    Edmonton
    Posts
    1,368

    Default

    There is far too many variables and unanswered questions for anyone on the outside to effectively critique their DR strategy. Depending on how and what was affected specifically, its not always as easy as "just reinstall". I'm sure they didn't make the decision lightly.

  4. #4

    Default

    Just a cross reference...


    First OS X ransomware detected in the wild, will maliciously encrypt hard drives
    06-03-2016, 09:54 PM
    http://www.connect2edmonton.ca/forum...ad.php?t=38359

  5. #5

    Default

    Quote Originally Posted by KC View Post
    Just a cross reference...

    First OS X ransomware detected in the wild, will maliciously encrypt hard drives
    06-03-2016, 09:54 PM
    http://www.connect2edmonton.ca/forum...ad.php?t=38359
    Because why would you start a cross reference with the platforms presently home to hordes of sophisticated ransomeware?
    I think of art, at its most significant, as a Distant Early Warning system that can always be relied on to tell the old culture what is beginning to happen to it. —Marshall McLuhan

  6. #6

    Default

    Quote Originally Posted by Dialog View Post
    Quote Originally Posted by KC View Post
    Just a cross reference...

    First OS X ransomware detected in the wild, will maliciously encrypt hard drives
    06-03-2016, 09:54 PM
    http://www.connect2edmonton.ca/forum...ad.php?t=38359
    Because why would you start a cross reference with the platforms presently home to hordes of sophisticated ransomeware?
    C2e is home to the hordes? Yes I suppose so.

    (And note all the malicious links I posted to that thread.)
    Last edited by KC; 09-06-2016 at 09:08 AM.

  7. #7
    I'd rather C2E than work!
    Join Date
    May 2008
    Location
    Clareview
    Posts
    7,330

    Default

    Wasn't the ransomeware activated via a email? Hindsight is all good and well but I don't keep any sensitive information online.
    Mom said I should not talk to cretins!

  8. #8
    I'd rather C2E than work!
    Join Date
    Feb 2009
    Location
    Westmount, Edmonton
    Posts
    5,334

    Default

    Don't know if it was activated by email but it only affected email of faculty and staff. I believe the paid the ransom because a lot of important, academic, and research communication was in the email . Restoring a large system like this from backup while avoiding reinfection is difficult, time consuming, and runs the risk of data loss. $20k was cheaper than that risk.

    I have been online for over 25 years now so the idea of not having important information on my computers doesn't work for me. Beyond basic security precautions (care with unsolicited email, firewalls, web hygiene, etc) individual users should have multiple backups ideally following the 3-2-1 rule: Three copies, two different mediums, one offsite.

    Frankly if I ended up with ransomware I'd check the integrity of my backups, reformat my computer and restore from the backups.

    "For every complex problem there is an answer that is clear, simple, and wrong"

  9. #9
    I'd rather C2E than work!
    Join Date
    May 2008
    Location
    Clareview
    Posts
    7,330

    Default

    I've been online more or less since the beginning as well. I'm a needle in a haystack and prefer to keep it that way as much as possible. The ransomware was paid out in bitcoin I believe and possibly uploaded to a autonomous pay pall account by either some 12 year old script kid to an Isis terrorist, hard to tell. I'm not that sophisticated to pull this sort of thing off but its scary. I hope Police catch those responsible.
    Mom said I should not talk to cretins!

  10. #10

    Default

    objectve-see and malwarebyte (beta for non-production environments) have software to try to stop the ransomware.

    I've been online 22 years now (1994 I think). I don't know what sensitive information isn't online now.

    Have now 2 backups but both are connected.

    Have old disconnected backup drives but not sure what good they'd be. Even with a current disconnected backup, how long can the ransomeware lay in wait?

    The OSX defence above stops encryption. So, how much legitimate encryption is going on, on a computer anyway?
    Last edited by KC; 10-06-2016 at 03:36 PM.

  11. #11

    Default

    Multiple backups in multiple places on multiple operating systems. Not bulletproof, but I'm not losing sleep over this.
    Giving less of a damn than ever… Can't laugh at the ignorant if you ignore them!

  12. #12

    Default

    Maybe ransomware is a good thing. Offers people a fresh start.

  13. #13
    I'd rather C2E than work!
    Join Date
    Feb 2009
    Location
    Westmount, Edmonton
    Posts
    5,334

    Default

    I mostly do security through good practice but one thing I do run is Little Snitch. It monitors outgoing connections and allows those you approve. Malicious code typically has to communicate with a command and control server and Little Snitch will stop that.

    I also use Ghostery as another major route of infection is website ads.

    "For every complex problem there is an answer that is clear, simple, and wrong"

  14. #14

    Default

    On my pc, I have microsoft's defender software and that's all.

  15. #15
    I'd rather C2E than work!
    Join Date
    May 2008
    Location
    Clareview
    Posts
    7,330

    Default

    ^ Do you mean Windows defender?
    Mom said I should not talk to cretins!

  16. #16

    Default

    Yeah. However the reviewers never give it a top ranking.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •