Welcome home, fellow Gator.

The Gator Nation's oldest and most active insider community
Join today!

Ransomware

Discussion in 'Too Hot for Swamp Gas' started by G8trGr8t, Nov 10, 2023.

  1. G8trGr8t

    G8trGr8t Premium Member

    34,528
    12,410
    3,693
    Aug 26, 2008
    ICBC hit by ransomware, others recently hit include Boeing who apparently paid to keep their data from being released. Hacking group out of Russia...

    ICBC Hit By Lockbit Ransomware Gang Linked to Boeing, Ion Attacks - Bloomberg

    Industrial & Commercial Bank of China Ltd. is suspected of being hacked by the same group that has — just in the past year — also hit Boeing Co., ION Trading UK and the UK’s Royal Mail. The prolific gang known as Lockbit is suspected to have orchestrated a ransomware attack against the US unit of ICBC, the world’s largest lender by assets, according to people familiar with the situation, who asked not to be identified because the information isn’t public. The attack has resulted in disruptions across the US Treasury market, with some transactions failing to clear and traders being asked to reroute their deals.

    Lockbit, a criminal gang with ties to Russia, specializes in using malicious software known as ransomware to encrypt files on its victims’ computers, then demanding payment to unlock the files. Earlier this year, it took credit for an attack against ION that paralyzed derivatives trading across markets for everything from commodities to bonds and forced several banks and brokers to process trades manually.

    On Thursday, ICBC confirmed in a statement on its website that a ransomware attack at its ICBC Financial Services unit resulted in disruption to some of its systems. The bank said it’s conducting a thorough investigation and progressing its recovery efforts. The lender said systems at its head office and other domestic and overseas affiliates, including its New York branch, weren’t affected.

    A week ago, Boeing disclosed a cyberattack that took down the website where it sells spare aircraft parts, software and services. Lockbit threatened to release “sensitive data” belonging to Boeing if it didn’t pay a ransom by Nov. 2. The hackers placed the company’s name on its website, with a countdown to the day last week. The name later disappeared from the site.
     
    • Informative Informative x 2
  2. mrhansduck

    mrhansduck GC Hall of Fame

    5,038
    1,019
    1,788
    Nov 23, 2021
    Not sure how widespread it is, but Florida's First Judicial Circuit got hit with a cyber attack over a month ago and is still dealing with it. There were cancelled hearings and lots of issues. I think things are about to get back to normal soon but no idea what's been happening behind the scenes.

    First Judicial Circuit continues investigation of cybersecurity breach
     
  3. ValdostaGatorFan

    ValdostaGatorFan GC Hall of Fame

    2,848
    623
    1,998
    Aug 21, 2007
    TitleTown, USA
    Welcome to the new(ish) normal. Despite the trend of companies improving their security postures and hardening their systems, it's going to continue. Forever.
     
    • Agree Agree x 2
  4. WarDamnGator

    WarDamnGator GC Hall of Fame

    11,513
    1,434
    1,718
    Apr 8, 2007
    I read a while back that most ransomware is planted by company workers and the foreign gangs give them a cut of the payoff.
     
    • Informative Informative x 4
  5. G8trGr8t

    G8trGr8t Premium Member

    34,528
    12,410
    3,693
    Aug 26, 2008
    not sure how I feel about Boeing paying them to keep their info private. Understand the motivation, don't like rewarding the crooks. feels like negotiating with terrorists
     
  6. ValdostaGatorFan

    ValdostaGatorFan GC Hall of Fame

    2,848
    623
    1,998
    Aug 21, 2007
    TitleTown, USA
    In IT this is usually a no-no. Not only does it reward attacks, it doesn't guarantee that there aren't backdoors or a mechanism to re-infect.
     
  7. ValdostaGatorFan

    ValdostaGatorFan GC Hall of Fame

    2,848
    623
    1,998
    Aug 21, 2007
    TitleTown, USA
    I'm of the opinion that there isn't a need for an insider attack. Sure, it would help, but users will click ANYTHING. If you get an email in past the filters, someone is likely to click on or download something.

    Our corp cybersecurity sends out occasional phishing emails and they've gotten one of my IT co-workers, who should know better, at least twice.
     
    • Agree Agree x 1
    • Informative Informative x 1
  8. jhenderson251

    jhenderson251 Premium Member

    3,421
    574
    2,043
    Aug 7, 2008
    As my organization's Chief Information Security Officer put it, "The reality is that we have to get it right every single time, and a criminal only has to get it right once."
     
  9. ValdostaGatorFan

    ValdostaGatorFan GC Hall of Fame

    2,848
    623
    1,998
    Aug 21, 2007
    TitleTown, USA
    Nailed it. It's the wild west out there.

    And you can buy every hardware and software product under the sun, but if you don't require ongoing cybersecurity training for your employees, you're doing it wrong.