Armed Polite Society
Main Forums => The Roundtable => Topic started by: Grandpa Shooter on May 13, 2021, 05:52:54 PM
-
I just read an article about Colonial paying a $5,000,000 ransom to the hacker group that tied up their computer system (which apparently did not cripple the pipeline) after claiming they would never do that. Aside from that being a dangerous concession to terrorism, doesn't that signal the world that we are so weak that they can shut down our systems at will? What's next, the railroads, canals, power grids, medical technology.......?
-
Colonial is a private company. I'm sure they would rather not have paid, but how much would it have cost them if they didn't pay and the gas shortage expanded both geographically and temporally? People would be calling for their heads, and the anti-oil current administration would do the same thing to Colonial that they are doing to anyone that was in the vicinity of 06JAN.
$5 million is a lot cheaper than losing everything, and all of Colonial upper management going to federal prison without bail for five years waiting for a trial on a trumped up federal charge for not delivering oil to the public. Colonial might have worked with a different administration to not pay, with the administration perhaps using the strategic reserves and/or devoting significant cyber resources to the problem. The current administration has only said this wouldn't happen if we all drove electric cars. So I can't fault Colonial.
-
Having read about it in my professional circles, I know for a fact that various US healthcare facilities have paid ransomware to hackers who have shut down their electronic medical records.
-
Trace the money and blow them off the face of the Earth.
Woody
-
Trace the money and blow them off the face of the Earth.
Woody
Wrong president
-
What am I missing here?
Seems that, if you have a good, recent backup you could simply restore the system and be back up & running?
I realize it'd be a bigger deal than if my laptop got shut down, but still....
-
I just read an article about Colonial paying a $5,000,000 ransom to the hacker group that tied up their computer system (which apparently did not cripple the pipeline) after claiming they would never do that. Aside from that being a dangerous concession to terrorism, doesn't that signal the world that we are so weak that they can shut down our systems at will? What's next, the railroads, canals, power grids, medical technology.......?
100 bitcoin, would be my guess
(last ransomware I helped with, small business, was asking .5 bitcoin.)
-
Trace the money and blow them off the face of the Earth.
Woody
A "turn the other Little Boy" attitude if ever I saw one.
-
What am I missing here?
Seems that, if you have a good, recent backup you could simply restore the system and be back up & running?
I realize it'd be a bigger deal than if my laptop got shut down, but still....
Depends on how big and complicated their systems are, how good their backups (and security) are. How well things are documented. Did it get into the SCADA stuff?
Ransomeware stress tests your recovery. And even if they get a good decryption key, they're looking at a lot of work.
(Last ransomware remediation I did, last week, they had no backup. Zero, zip, nada. Fortunately for them the new owner had moved from a locally housed application, to the cloud based version. )
-
Wrong president
Yup. Elections have consequences.
Woody
-
A "turn the other Little Boy" attitude if ever I saw one.
Umm ... Is that good or bad? =|
Woody
-
Little Boy was the code name for the type of bomb dropped on Hiroshima.
-
5 mil was probably chump change compared to the operational losses
-
I had read that it never got to the controls, just the business side and the company pulled the plug to protect the pipeline. Not sure if accurate the reporting is as good as it always is.
-
Depends on how big and complicated their systems are, how good their backups (and security) are. How well things are documented. Did it get into the SCADA stuff?
Ransomewhere stress tests your recovery. And even if they get a good decryption key, they're looking at a lot of work.
(Last ransomware remediation I did, last week, they had no backup. Zero, zip, nada. Fortunately for them the new owner had moved from a locally housed application, to the cloud based version.
So, if you do get a good decryption key, you can restore your data. With a lot of work.
I wonder if Colonial will invest in a (better) backup system?
I've been around computers for a while now, but never heard of SCADA.
-
Little Boy was the code name for the type of bomb dropped on Hiroshima.
I thought so, but wasn't sure if it fit the context. So, yes. Drop that sucker.
Woody
-
So, if you do get a good decryption key, you can restore your data. With a lot of work.
I wonder if Colonial will invest in a (better) backup system?
I've been around computers for a while now, but never heard of SCADA.
I forget the acronym, but in my company it is the internal system that is used to track all the metering data across our pipeline, production and customer meters. I can pull up a small program and see all the flows in and out of the pipeline (pressures also) and do trending. I didn't realize until later that a lot of people call those systems SCADA.
We have a separate group that does industrial network security at all industrial locations. Hardware and software firewalls and all that. Remote access is very limited.
-
I thought so, but wasn't sure if it fit the context. So, yes. Drop that sucker.
Woody
I would be curious just how serious the FBI/CIA get about cyber crime. Seems to me it ought to be high on their list.
Maybe someone could plant a story that the same people traffic in guns.
-
Why would it have to be a government entity delivering "justice"?
Might not get the money back but sometimes sending a clear message to the next in line to try might not be a bad thing?
I'm sure there must be a discreet "private contractor" somewhere out there willing to get the job done.
[ar15] [ar15] [ar15]
-
The FBI, etc., won't really get involved.
Computers are hard.
And... They aren't tracing financials where they can confiscate money, with maybe some going missing. They just need the computers to keep working. Where's the payoff in that?
-
Supervisory Control and Data Acquisition. SCADA. That was my first job out of college, programming microcontrollers for the oil and gas industry.
-
The FBI, etc., won't really get involved.
Computers are hard.
And... They aren't tracing financials where they can confiscate money, with maybe some going missing. They just need the computers to keep working. Where's the payoff in that?
At some point, it is affecting commerce. I guess the effect of this corruption on commerce doesn't even register compared to the effect of Govt corruption on commerce so they are not concerned about the competition.
-
I thought so, but wasn't sure if it fit the context. So, yes. Drop that sucker.
Woody
I didn't get it at first myself
-
The optimist in me thinks they paid it so the FBI can trace where the Bitcoin goes. It would explain why they changed their tune suddenly.
In America, you can take down hospitals, and people will just shake their heads and blame the hospitals. Mess with our gas, and we will literally go to war.
-
I thought so, but wasn't sure if it fit the context. So, yes. Drop that sucker.
Woody
It was a poorly structured joke anyhow, nothing negative to you, but it would not have come up if you hadn't mentioned wiping them off the face of the earth. They can't all be good ones. Blame my writers.
-
Yup. Stolen elections have consequences.
Woody
-
Looks like the FBI or some other agency actually did something. The group responsible for the attack, DarkSide, is shutting down after having a bunch of their computers ad equipment seized.
https://www.intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime
-
Looks like the FBI or some other agency actually did something. The group responsible for the attack, DarkSide, is shutting down after having a bunch of their computers ad equipment seized.
https://www.intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime
It's much easier to get away with this stuff when it only hits the big bad corporations without any downstream negative impacts. When it causes stuff like regional gas shortages that affect the peasants, it's harder to claim that you're Robin Hood. Given this groups supposed credo, I think they screwed up on this one from the PR side.
-
And I guess a number of govt organizations were probably fully aware of those sites and activities and did nothing about it for reasons. Of course, they might not know who the actual ransomware actors are.
-
I expect somewhere this is the new way the CIA and others fund their black projects. Bonus points if you ransom one of the targets of your project, get them to pay for further attacks against them.
-
Love your correction!
Woody
-
It was a poorly structured joke anyhow, nothing negative to you, but it would not have come up if you hadn't mentioned wiping them off the face of the earth. They can't all be good ones. Blame my writers.
Not to worry. Sometimes a little slow on the uptake. ... (Or is that the uptick ?) =D
Woody
-
(https://i.redd.it/8ywmi32jy4471.jpg)
-
What about order 66?
-
What about order 66?
It was changed to order 69
-
Seems the meat company has paid over 11 million to hackers. Keep paying and guess what happens?
-
Seems the meat company has paid over 11 million to hackers. Keep paying and guess what happens?
I imagine they could hire some really good IT guys and infrastructure with that sort of money.
-
I imagine they could hire some really good IT guys and infrastructure with that sort of money.
Darn few people I run into want to pay for adequate backup.
-
Darn few people I run into want to pay for adequate backup.
Or they pay for it and then never use it.
-
Trace the money and blow them off the face of the Earth.
Woody
Paging Ms. Harris, Ms. Kamala Harris...