SoylentNews is people
SoylentNews
from the how-many-times-must-we-say-"don't-open-suspicious-emails"? dept.
US Coast Guard discloses Ryuk ransomware infection at maritime facility:
An infection with the Ryuk ransomware took down a maritime facility for more than 30 hours; the US Coast Guard said in a security bulletin it published before Christmas.
The agency did not reveal the name or the location of the port authority; however, it described the incident as recent.
"Forensic analysis is currently ongoing but the virus, identified as 'Ryuk' ransomware," the US Coast Guard (USCG) said in a security bulletin meant to put other port authorities on alert about future attacks.
USCG officials said they believe the point of entry was a malicious email sent to one of the maritime facility's employees.
"Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility's access to critical files," the agency said.
The USCG security bulletin describes a nightmare scenario after this point, with the virus spreading through the facility's IT network, and even impacting "industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations."
Coast Guard officials said the Ryuk infection caused "a disruption of the entire corporate IT network (beyond the footprint of the facility), disruption of camera and physical access control systems, and loss of critical process control monitoring systems."
The maritime facility -- believed to be a port authority -- was forced to shut down its entire operations for more than 30 hours, the Coast Guard said.
(Score: 4, Interesting) by canopic jug on Wednesday January 01 2020, @05:50PM (4 children)
It is the vendor's fault. The vendor has claimed that the software is fit for purpose and it isn't. The user has used the software as it was intended and it was the software which failed not the user. So blaming the individual who happened to get the payload is not appropriate. Despite that, as a distraction, M$ has been bleating about attachments for ages, so long that many will repeat it even if they might know better than to do so.
However, there is another large problem blaming the victim distracts from, aside from the lack of fitness for purpose. There is also the lack of federated file sharing like we used to have in the 1990s. Back then there were several platforms, two were AFS and Novell Netware. The former faded away from active neglect. The latter was eliminated through one of M$ many, targeted whisper campaigns. There haven't been any realistic replacements for either. Dropbox, Box, and similar are not realistic options, despite the marketeering. So clownish managers end up forcing their staff to use a kludge like e-mail attachments instead. Keeping the documents in a distributed filesharing network will make it once again be far easier to manage access control, confidentiality, and malware analysis.
Money is not free speech. Elections should not be auctions.
(Score: 0) by Anonymous Coward on Wednesday January 01 2020, @06:45PM
Well, AFS is still with us. IBM released it to the community about 20 years ago and it is being developed on as OpenAFS. I think one of the principals there has even been putting out a commercial release under a different name, but I don't know about its compatibility.
Primary use is in academia though, because in 2020 federated filesystems are not that appropriate nor useful for most users. Yes, we need an object storage (and management!) system for corporate use, but managers are still on the "outsource everything" bandwagon.
(Score: 1) by RandomFactor on Wednesday January 01 2020, @07:37PM (2 children)
There's also GDrive of course, and now you are seeing a lot of onedrive/sharepointonline links becoming the new defacto file sharing methodology for O365 customers. These are also, consequently, currently all the rage for phishing links. Compromise or set up a small tenant, drop some badness on it. And send the links to everyone hoping the IT security folks have trusted MS links because the business has been screaming when their files don't get through. Good times.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 0) by Anonymous Coward on Wednesday January 01 2020, @09:19PM (1 child)
If I see a Onedrive or Gdrive link, I know it is probably phishing. That's almost a sure sign.
(Score: 3, Touché) by Gaaark on Wednesday January 01 2020, @11:55PM
If I see Windows, I know it is garbage. Windows is a sure sign.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---