IT Professionals, Guilty

Sign in, Rotunda IT Department.

Paul Reid spoke too soon yesterday.

The site to register for a vaccine is still live at the moment anyway.

Fuckin ransomware bastards. Its at epidemic levels at the moment.

According to Morning Ireland the vaccine programme is UNAFFECTED.

The lads orchestrating the attack have been shrewd here.

They’ve waited for Bitcoin to dip and want the HSE to buy the dip on their behalf and send them the Bitcoin to their wallet then.

Attacking Health services is borderline terrorism with the disruption it will cause.

1 Like

Off the top of my head globally lately we’ve had attempts to poison water supplies, cutting off oil supplies, attacks on power stations and now this. I’m sure there have been countless other notable examples.

It’s the next epidemic.

Have done the same to an Irish electrical contractor last week but hasn’t made the news. They got it sorted but not sure was it they paid up or fixed it themselves internally.

It’s getting harder and harder to fix internally as they are now exfilterating data and publishing that online if the ransom isn’t paid.

Plus most companies have cyber insurance now, so a lot have been paying out, which only encourages more attacks.

1 Like

$5 million was paid to cunts in Eastern Europe for the colonial pipeline hack. These hackers need to experience some IRL consequences for their actions.

Private sector are paying, public sector aren’t.

1 Like

Education and Health in the UK and Ireland are being hammered in the last few weeks. Ryuk is the ransomware variant is doing the damage. It gets into the network on a compromised device or some clown clicking on a link that they shouldn’t. It then looks around the network until it finds a vulnerable domain admin account.

Once it has this it calls home and a human operator takes over. Using the admin account, the operator uses Microsoft tools to propagate scripts across the server infrastructure to schedule the disable of AV, deletion of backups and the encryption of the hard drives. They can be rooting around the network for 2 or 3 weeks before they push the button on the attack itself.

They also look for your cyber Insurance cover to gauge how much you’re covered for, and they let you know this in the ransomware note.

These operators get paid 400k a year.

7 Likes

These guys are all proper professional operations now. Its very very difficult to defend against.

One tip I’ve heard for users with a home PC is to install the Russian language keyboard. You don’t need to use it, but a lot of ransomware checks for its presence and if it detects it, it won’t deploy. It won’t do you much good against one of the proper groups but may help in a drive by attack.

That’s interesting. For enterprises, I’d advise checking how many domain admin accounts you have and get rid of 90% of them. MFA should be rolled out to all users and the domain admins should have MFA internally too.

3 Likes

Also if your remote access solution has the capability you should geo-fence it and only allow access from countries from where you would expect access. Might not be practical in a large org but for most SME’s 99% of the access should be within in the ROI so it really helps to restrict access to just ROI IPs.

1 Like

Would they not just use a VPN to bypass that?

1 Like

yes, they would and they’d use something like TOR to even further mask their origins. Could do it if the device had gps based off anything other than wifi - but even then that can be masked.

If they target you, they’ll get you. Nothing you can do about it.

If someone really wants to get in, they’ll get in.

What you are trying to avoid is the initial entry or attempted entry. If they ping two gateways while looking for victims, one responds and the other doesn’t (due to the geofencing) they’ll just focus on the one that responds.
It’s like the burglar alarm on your house. If you have a box on the wall and your neighbour doesn’t they’ll probably try them instead.

We see one a day now. All big companies.