SoylentNews is people
SoylentNews
from the getting-the-horses-back-after-closing-the-barn-doors dept.
Why you can't bank on [just] backups to fight ransomware anymore:
[...] [The] belief that no personally identifying information was breached in [a] ransomware attack is common among victims of ransomware—and that's partially because ransomware operators had previously avoided claiming they had access to victims' data in order to maintain the "trust" required to extract a payment. Cyber insurance has made paying out an attractive option in cases where there's no need for an organization to reveal a breach, so the economics had favored ransomware attackers who provided good "customer service" and gave (usually believable) assurances that no data had been taken off the victims' networks.
Unfortunately, that sort of model is being blown up by the Maze and Sodinokibi (REvil) ransomware rings, which have adopted a model of using stolen data as leverage to ensure customers will make a payment. Even in cases where a victim can relatively quickly recover from a ransomware attack, they still will face demands for payment in order to avoid the publication or sale of information stolen by the attackers before the ransomware was triggered.
Maze and REvil are targeted ransomware attacks that break from the established norm of ransomware attacks in other ways. Telling users not to click on email attachments and to recognize phishing sites isn't stopping these attackers from getting in. Both have relied on exploits of known weaknesses in Internet-facing infrastructure of their victims—be it an Oracle WebLogic vulnerability, a long-ago patched weakness in Pulse Secure VPN servers, or hacks of managed service providers' systems.
Being able to quickly get back up and running after a breach is a very good thing. It is also not enough. Preventing attackers from exfiltrating confidential information is likely more difficult and potentially more costly. Especially since Europe enacted GDPR (General Data Protection Regulation) and some other jurisdictions in the US have enacted laws requiring prompt disclosure and notification after a breach.
(Score: 2, Interesting) by Anonymous Coward on Monday February 10 2020, @04:21AM (1 child)
I use a cheap WalMart ONN Android tablet these days for browsing the net. That is it's primary use for me. For the same reason I use tongs to touch unknown objects I find on the sidewalk.
I have a 128GB SD card in the tablet. And many ways of downloading things of interest for later vetting for transfer into my main personal system, which no longer sees the net at all. My main system is WIN7, multiple CloneZilla images, and hasn't seen a security update since Microsoft sent out that FTDI Chip Killer under disguise as a security patch. Not only did that piss me off big time, it also destroyed my trust of Microsoft and the methods they use... which they gingerly call a "service". Microsoft's meaning of the word "Trust" is so highly different than my concept of that word. But, I have to consider the business aspects. That FTDI interface chip and the robustness of my stuff means a lot to me. For many top corporate business executive types, this kind of thing is just a trivial bullet point line item on a boardroom meeting. They get paid top salary whether or not the thing works. No wonder they take this kinda stuff, no skin off their back.
(Score: 2) by takyon on Monday February 10 2020, @04:36AM
This is the way to go. If you want security, keep it off the internet. If you want the internet, find a sacrifice.
Just don't get a Walmart EVOO tablet: https://www.youtube.com/watch?v=2XABj1cCJiE [youtube.com]
https://slickdeals.net/f/13830260 [slickdeals.net]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]