Announcement

Collapse
No announcement yet.

Ransomware

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Ransomware

    I'm sure you all know, there have been many cases of ransomware hacks recently. I don't know the details. but my impression is that a company can protect themselves from this simply by making frequent backups of important data, and storing them off-Net so they can't be hacked. Either I'm mistaken about that, or there are a lot of companies out there that aren't smart enough to make regular backups. Which is it?

    If there are any other measures that my clients and I should be taking to protect against this type of attack, please let me know what to do.

    Thanks & Have a good weekend! --
    Kent Multer
    Magic Metal Productions
    http://TheMagicM.com
    * Web developer/designer
    * E-commerce and Miva
    * Author, The Official Miva Web Scripting Book -- available on-line:
    http://www.amazon.com/exec/obidos/IS...icmetalproducA

    #2
    That's accurate, from the standpoint of being able to recover data. It is equally important to have infrastructure for restoring compromised systems to a functional state. Ransomware is also often designed just to halt a company's operations, so they pay to restore service, not necessarily pay to gain access to data they had no backup of. A hospital system is a good example; if they can't easily get 1000's of desktop computers back into service, they're losing massive amounts of revenue per day, even though those computers had no useful data.
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      Hi David, thanks for the info. I wasn't aware of this other type of ransomware. I would think that this type of attack can be prevented by standard security measures such as running anti-virus software and using strong passwords. So again, it's kind of a sad commentary about the number of companies that aren't taking these standard precautions. Or am I mistaken about that?
      Kent Multer
      Magic Metal Productions
      http://TheMagicM.com
      * Web developer/designer
      * E-commerce and Miva
      * Author, The Official Miva Web Scripting Book -- available on-line:
      http://www.amazon.com/exec/obidos/IS...icmetalproducA

      Comment


        #4
        Yep, for corporate and government networks, disabling mass amounts of systems is usually the goal; holding data hostage tends to work better on consumer computers where there are no backups. It's unfortunately not entirely uncommon for weird equipment to require some proprietary setup where it may not necessarily be easy to quickly deploy OS updates, have quality and up-to-date antivirus software, etc. Examples would be healthcare equipment, especially if it's FDA certified where they may even be forbidden from updating the attached computer, industrial controls, hardware with drivers that aren't kept up to date, so on and so forth. Of course keeping those types of systems on an isolated network is almost mandatory for keeping them from getting hacked. These scenarios are not particularly unusual in hospitals, factories, what I'd wager is probably pipelines where custom automated control systems are in place, while on the government side, those are typically just mismanaged and nightmarishly out of date.
        David Hubbard
        CIO
        Miva
        [email protected]
        http://www.miva.com

        Comment


          #5
          Then there's the fact that lots of infrastructure is OLD, and there aren't patches, and there is no inherent security in the system. And retrofitting new tech into some of these areas is problematic as whole systems would need to be pulled out and redone.

          Finally there are many business/organizations that can't or haven't put much budget into their IT and are thusly ripe for being caught without recent and easily restore-able backups.

          Comment


            #6
            We use a reputable online service to backup all of our computers, it works great! We also use a professional business class VLAN router/firewall, had it professionally configured and of course anti-virus software.

            But nothing is a 100% secure. Take the Chinese Communist Party, they have stolen many of our country's national defense technology via the internet.
            Thank you, Bill Davis

            Comment


              #7
              Somewhat related, I have a client getting bombarded with "ethical hacking" email warnings about "clickjacking" from someone that is concerned. "We found a vulnerability..." Pay me a bounty when you've verified the vulnerability.

              I suggested the client ignore the email or flag it as spam.

              Anyone here experienced "clickjacking?"

              Scott


              Need to offer Shipping Insurance?
              Interactive Design Solutions https://www.myids.net
              MivaMerchant Business Partner | Certified MivaMerchant Web Developer
              Competitive Rates, Custom Modules and Integrations, Store Integration
              AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
              My T-shirt Collection is mostly MivaCon T-shirts!!

              Comment


                #8
                ids I've not experienced it myself, but depending on what sort of client side libraries the site is running, there might be a vulnerability there. I've seen the results of it though, and it's wild.

                Comment


                  #9
                  Originally posted by cpp-dev View Post
                  ids I've not experienced it myself, but depending on what sort of client side libraries the site is running, there might be a vulnerability there. I've seen the results of it though, and it's wild.
                  Do Tell.

                  Scott
                  Need to offer Shipping Insurance?
                  Interactive Design Solutions https://www.myids.net
                  MivaMerchant Business Partner | Certified MivaMerchant Web Developer
                  Competitive Rates, Custom Modules and Integrations, Store Integration
                  AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
                  My T-shirt Collection is mostly MivaCon T-shirts!!

                  Comment


                    #10
                    Originally posted by ids View Post
                    Do Tell.
                    Imagine that every link you click opens a new window with warning text, and then the new window begins to open popups. Popups with out close buttons. Hidden confirmation windows. A completely un-useable mess. This is kinda the worst case scenario.

                    Some, are more subtle, they just slip a banner in where it wasn't at first. But then the element is z-indexed above all the content, so any click is registered by the new element first, and the previous mayhem ensues.

                    Or the click activates some malicious code that exploits a browser vulnerability that installs the ransom ware on the computer.

                    In any case having any one other than your ISP between you and the site is bad news.

                    And come to think of it, there's more than a few ISPs I don't want in there either.
                    Last edited by cpp-dev; 05-28-21, 09:48 AM.

                    Comment


                      #11
                      Thanks. This is an interesting rabbit hole.

                      My client's store is Colossus. Uses default clientside. But my quick research basically points to malware. So, the malware in essence will act on sites the user is loading in the vulnerable browser? I have not seen anything you can do from an HTML coding standpoint. So, that is the question. Malware? Coding? Prevention? My first logical guess is people browsing need to use antivirus or malware protection systems?

                      Scott
                      Need to offer Shipping Insurance?
                      Interactive Design Solutions https://www.myids.net
                      MivaMerchant Business Partner | Certified MivaMerchant Web Developer
                      Competitive Rates, Custom Modules and Integrations, Store Integration
                      AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
                      My T-shirt Collection is mostly MivaCon T-shirts!!

                      Comment


                        #12
                        For a lot of these issues the best defense is a well protected browser. It sounds like your user's browser/computer is the part that has the malware.

                        I need to confirm this, but I believe that all of the Miva written JS is already following industry best practices when it comes to clean and sane code. This is the "server side" aspects that can be used to help mitigate the malware.

                        Comment


                          #13
                          Thanks.

                          BTW: it was the client getting phishing emails from an "ethical hacker" expecting a bounty for discovering the "vulnerable in the site. The store was wondering what had to be done.

                          Scott
                          Need to offer Shipping Insurance?
                          Interactive Design Solutions https://www.myids.net
                          MivaMerchant Business Partner | Certified MivaMerchant Web Developer
                          Competitive Rates, Custom Modules and Integrations, Store Integration
                          AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
                          My T-shirt Collection is mostly MivaCon T-shirts!!

                          Comment


                            #14
                            Ohhhh! That is fishy!

                            There are ethical hackers out there, but demanding payment upfront about a supposed flaw, reeks of scam. If they're after more than money (aka believe in securing the internet to make it safer for all of us) and if they have found a real vulnerability, AND they're ethical, they'll show you the exploit or a proof of concept that shows that there is a real vulnerability.

                            Then, if there isn't a preexisting bounty program negotiations should go into how payment and a patch and disclosure will work.

                            At least that's what I understand about the process from listening to a number of Info Sec podcasts, aka I'm no expert, but I have heard some things.

                            Comment

                            Working...
                            X