Can somebody explain these ransomwear attacks?

Thu Jun 24 22:08:08 UTC 2021

A lot of the payments for Ransomware come from Insurance Companies under
"Business Interruption Insurance". It in fact may be more cost effective to
pay the ransom, than to pay for continued business interruption.

Of course along with paying the ransom, a full forensic audit of the
systems/network is conducted. The vector for many of these attacks is via a
worm triggered by someone opening an attachment on an email or downloading
compromised software from the Internet. Short of not allowing email
attachments or blocking Internet access, the best method is to properly
train users to not click on attachments or visit "untrusted" sites, but
nothing is perfect.

Shane

On Thu, Jun 24, 2021 at 6:01 PM Michael Thomas <mike at mtcc.com> wrote:

>
> On 6/24/21 2:55 PM, JoeSox wrote:
>
>
> It gets tricky when 'your' company will lose money $$$ while you wait a
> month to restore from your cloud backups.
> So Executives roll the dice to see if service can be restored quickly as
> possible keeping shareholders and customers happy as possible.
>
> But if you pay without finding how they got in, they could turn around and
> do it again, or sell it on the dark web, right?
>
> Mike
>
>
> On Thu, Jun 24, 2021 at 2:44 PM Michael Thomas <mike at mtcc.com> wrote:
>
>>
>> Not exactly network but maybe, but certainly operational. Shouldn't this
>> just be handled like disaster recovery? I haven't looked into this much,
>> but it sounds like the only way to stop it is to stop paying the crooks.
>> There is also the obvious problem that if they got in, something (or
>> someone) is compromised that needs to be cleaned which sounds sort of
>> like DR again to me.
>>
>> Mike
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210624/400f98c9/attachment.html>