Results 1 to 16 of 16

Thread: US travel giant CWT pays $4.5 million crypto-locker ransom

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    US travel giant CWT pays $4.5 million crypto-locker ransom

    And the negotiations from the $10 million demand to payment were on a public forum.
    Read more.

  2. #2
    Senior Member
    Join Date
    Jan 2009
    Location
    Central Scotland
    Posts
    539
    Thanks
    0
    Thanked
    17 times in 12 posts
    • jnutt's system
      • Motherboard:
      • MSi X570
      • CPU:
      • AMD Ryzen 3700X
      • Memory:
      • 32gig DDR 3600
      • Storage:
      • Samsung 1tb NVME M.2 SSD
      • Graphics card(s):
      • EVGA 2070Super
      • PSU:
      • Stock
      • Case:
      • Cooler Master
      • Operating System:
      • Windows10 64bit
      • Monitor(s):
      • Samsung 32" and 24"
      • Internet:
      • Cable 350mb

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    I'm sick of these crooks getting away with this chit!

  3. #3
    Old Geezer
    Join Date
    Jul 2016
    Location
    Under a rusty bucket
    Posts
    540
    Thanks
    53
    Thanked
    42 times in 31 posts

  4. #4
    Senior Member
    Join Date
    Sep 2014
    Posts
    400
    Thanks
    0
    Thanked
    9 times in 9 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    And why would the hackers do this ?
    They got money, they have data that is their safe card when they get caught.

    It's an win win for them in this difficult situation.

  5. #5
    Senior Member
    Join Date
    Apr 2016
    Posts
    772
    Thanks
    0
    Thanked
    9 times in 9 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Well proper companies has backups.. my previous company I worked for got attacked, but the competent IT guys work just waved them off... and then installed the backup.

  6. #6
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by DevDrake View Post
    And why would the hackers do this ?
    They got money, they have data that is their safe card when they get caught.

    It's an win win for them in this difficult situation.
    The hackers are not stupid and this is, as above, a business for them. If you screw over this one "customer", you may make a killing, but no one will ever pay a ransom again. They also will struggle to get other teams to work with them on jobs as they're seen to be ruining the ransom business.

    The other thing to consider is that this is a job with a lot of costs. The kit you use is burnable (obviously, and depending on what you're doing there may be a lot of it including cars / vans, a Yagi rifle or two and so on) and the skilled people willing to take the risk are expensive. You may put months (or more) work into this, setting up a botnet or pivots or phishing people. There was an attack on a large company and the attackers were in the network for two years before executing their attack. The odds of getting caught are very high as time progresses and so many of these scams will fail, but people and equipment will still need paying for.

    Once you get paid, you have to fence the money. There are plenty of people looking to do this for you, but their cut is not small.

    To keep business good, it is a poor idea to sell the company's data to competitors, especially when those competitors may just report you or actually be the next victim.

    If it were me, I'd send a "taste" of data off to an up and coming exec of the next target, then I'd send him more with a trojan in it. Then I'd wait for him to take that trojan to work for me. Then I'd do them, too.

  7. #7
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    In Ransomware threat action, you always want to fulfil your end of the deal because if you don't, people won't pay or your payouts will be less.

    It's in the hackers best interest to unlock the data so if they hit them or others like them in the future, others will be more likely to pay up.

    Malware and hacking are multi billion dollar businesses now, if you aren't an honest thief then people don't shell out.

  8. #8
    Long member
    Join Date
    Apr 2008
    Posts
    2,427
    Thanks
    70
    Thanked
    404 times in 291 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    I did love the "AV software doesn't help" thing. It's so true. I've not used any antivirus (aside from windows defender) for over a decade. I do occasional scans using a downloadable tool if I suspect any issues.

    There are tools (Veil evasion, for example) which will create AV invisible malware with a custom payload with a few commands. Sometimes it takes a few tries to customise it properly, but it's like 30 minutes work. There are websites which will test that malware against AV software for you, so you can see if it evades all, or just the AV software specific to your target.

  9. #9
    Senior Member
    Join Date
    Aug 2019
    Posts
    902
    Thanks
    12
    Thanked
    34 times in 26 posts
    • Gentle Viking's system
      • Motherboard:
      • Gigabyte Aorus extreme X399
      • CPU:
      • TR 1920 X
      • Memory:
      • G Skill 64GB ( 8 X 8 ) PC3600 @ 3400
      • Storage:
      • Samsung evo 500GB nvme - 256GB Kingston SSD - 4TB spinning disk
      • Graphics card(s):
      • Powercolor 5700 XT red devil
      • PSU:
      • Corsair RM850I
      • Case:
      • Working on it, done summer 2020
      • Operating System:
      • windows 10 Ulti
      • Monitor(s):
      • 27" iiyama GB2788HS
      • Internet:
      • docis 3.1 cable 1000/100 mbit

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    So these guys will not go after the "backers" of bitcoin ? i mean if no bank want to have anything to do with bitcoin, bitcoin is worthless as it have no real currency to be exchanged into.
    Personally if i was the dictator of Denmark i would ban bitcoin in any way as one of the first things. so people better start selling when my tanks are rolling up to the parliament here to make pulp of the people there.

  10. #10
    HEXUS.Squirrel Output's Avatar
    Join Date
    Nov 2007
    Posts
    2,264
    Thanks
    999
    Thanked
    473 times in 325 posts
    • Output's system
      • Motherboard:
      • Gigabyte AORUS Master X570
      • CPU:
      • AMD Ryzen 9 3950X
      • Memory:
      • 32GB (2x16GB) DDR4 Kingston Fury Renegade @ 3600MHz CL16
      • Storage:
      • Sandisk Ultra 3D 2TB
      • Graphics card(s):
      • Sapphire Nitro+ RX 7800 XT
      • PSU:
      • EVGA SuperNOVA 750 G3
      • Case:
      • bequiet Dark Base Pro 900 Rev.2
      • Operating System:
      • Windows 10 Pro x64
      • Monitor(s):
      • AOC AGON AG274QZM 27" + Dell S2721DGFA 27"

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    I skimmed the title at first, so was thinking it was talking about the OEM PSU manufactuerer.

    The negotiations in an area open to the public is certainly an interesting note. Although I do agree it seems to go against the general advice of experts not to pay as it gives more encouragement to anyone (not just the particular group in this case) seeking to take similar actions.

    It wouldn't surprise me if CWT has insurance to cover the cost though, as that seems to be the sort of thing that has been mentioned increasingly in recent times with reports of some companies or local governments as time passes.

    Plus there's also no guarantee that whoever is behind any crypto-locker attack will actually provide the decryption keys, they could just demand more money afterwards or just never provide the decryption keys at all.

  11. #11
    Senior Member
    Join Date
    Jun 2009
    Posts
    400
    Thanks
    3
    Thanked
    13 times in 12 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Seems like a very polite exchange of blackmail... Still, not to keen on the idea of funding black hats.

  12. #12
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,948
    Thanks
    354
    Thanked
    255 times in 173 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 11
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by FRISH View Post
    Seems like a very polite exchange of blackmail... Still, not to keen on the idea of funding black hats.
    I don't think this is black hats - this is organised gangs. I'm guessing even having backups is no use if they get long term access to your network and can hit the backups too. My firm has moved to cloud backups of local machines. I guess that would really help as you can probably roll any attack back by just restoring the cloud backups (I assume there is no global delete all backups mechanism as a protection from the admin account being hacked).
    Trust

    Laptop : Dell Inspiron 1545 with Ryzen 5500u, 16gb and 256 NVMe, Windows 11.

  13. #13
    Senior Member
    Join Date
    Aug 2016
    Posts
    4,033
    Thanks
    943
    Thanked
    1,026 times in 738 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by Friesiansam View Post
    So they're sure the nice hackers will do as they say and delete all the stolen data?
    They can't be sure, but the hackers may do so. If the ransom is paid and the data subsequently leaked, it undermines the case for future victims go pay up, and ruins the hackers' business model.

    Hos about legislation making company bosses criminally liable, with jail time, for paying out, and making their companies liable for a fine of 100x whatever they paid?

    Make it unprofitable to pay. If the motive of the hackers is money, destroy the motive to comply.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  14. #14
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by Saracen999 View Post
    They can't be sure, but the hackers may do so. If the ransom is paid and the data subsequently leaked, it undermines the case for future victims go pay up, and ruins the hackers' business model.

    Hos about legislation making company bosses criminally liable, with jail time, for paying out, and making their companies liable for a fine of 100x whatever they paid?

    Make it unprofitable to pay. If the motive of the hackers is money, destroy the motive to comply.
    Not trying to be too much of an ass in saying this but i am being pretty incredulous: how on earth could that possibly fix anything?!?

    You're literally making it legislation that if your security is breached, you're either jailed for paying to re-operate the business or your business goes under making hundreds if not thousands of employees jobless.

    These hackers will breach a business, read their financial data and know exactly how much they can extort without causing the business to fold.

    But what you're forgetting is that to make the extortion scam effective, you have to threaten the viability of the business continuing to operate. Oh, so now it's a jailable offence to pay the ransom to get your business back online while you sanitise the entry points and analyse the threat chain to stop it happening again? Business owners will survive a business going under, but not the employees as much.

    Saracen, i have a lot of respect for you (with the exception of your extremist data privacy observations) but a legislative suggestion to screw a business and making them criminally liable trying to recover from a breach is just ridiculousness of the highest order.

    How about someone kidnaps your family and ransoms them back to you? You pay the ransom, they're returned then bobby turns up and says "hey buddy, you're under arrest for paying the ransom for your family and oh yeah, here is a financially crippling fine for paying that ransom turn you from an upper class occupier to homeless, chop chop, get your family to pack your bags, the bailiffs are here".

    Jesus H Christ.

  15. #15
    Senior Member
    Join Date
    Aug 2016
    Posts
    4,033
    Thanks
    943
    Thanked
    1,026 times in 738 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Perhaps if company directors knew their behinds would be in a sling, they'd take steps to avoid putting their users data at risk in the first place, and not taking sufficient steps to prevent it. Which, of course, merely serves to encourage hackers in the first place.

    How about someone kidnaps your family and ransoms them back to you
    How about it? Where did I say anything, directly or indirectly, about kidnapping cases? It has nothing to do with what we're talking about.


    As for "extremist" views on data privacy, well excuse me is I choose to regard MY data as private. If you remember what I've said, it's that I highly regard my privacy, and object vehemently to companies 8nvading or abusing it for any reason, unless I've agreed to it. I've not suggested anybody else should feel the same way. If you don't care how companies abuse your data, that's your decision. My point is that how my data is used should be my decision. I fail to see the extremism.

    The problem is that many companies not only don't give users the choice, but some go to extreme lengths to deprive us of it, up to and including lying about what they use it for and the measures they take to preserve it.

    Give the people runnng such companies "skin in the game".

    If they get hit, they are liable to personal punishment, in the event that they cannot prove they took all reasonable steps to prevent it, including serious penalties for not doing so. This is actually already in line with measures in place under both US and EU law to punish companies for data breaches. Like I said, make it more painful to get caught out than to risk user's data and maybe those responsible for making decisions will take their responsibilities for user's data, about which they often gave the users little choice in the first place, more seriously.

    It's like health and safety, or regulations about building safety. Fail to take responsibilities seriously and director's, and even responsible managers, can (and occasionally are) liable to personal penalties, including substantial periods behind bars. The principle is identical.

    In fact, in my opinion, there are more than a few cases where those criminal sanctions aren't used enough, up to and including unsafe fir cladding on buildings. Or storing vast quantities of explosive materials like ammonium nitrate close to built-up areas, though it looks like the authorities are looking for some backsides to fry in that latter example.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  16. #16
    Senior Member
    Join Date
    May 2014
    Posts
    2,385
    Thanks
    181
    Thanked
    304 times in 221 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by Saracen999 View Post
    Perhaps if company directors knew their behinds would be in a sling, they'd take steps to avoid putting their users data at risk in the first place, and not taking sufficient steps to prevent it. Which, of course, merely serves to encourage hackers in the first place.

    How about it? Where did I say anything, directly or indirectly, about kidnapping cases? It has nothing to do with what we're talking about.


    As for "extremist" views on data privacy, well excuse me is I choose to regard MY data as private. If you remember what I've said, it's that I highly regard my privacy, and object vehemently to companies 8nvading or abusing it for any reason, unless I've agreed to it. I've not suggested anybody else should feel the same way. If you don't care how companies abuse your data, that's your decision. My point is that how my data is used should be my decision. I fail to see the extremism.

    The problem is that many companies not only don't give users the choice, but some go to extreme lengths to deprive us of it, up to and including lying about what they use it for and the measures they take to preserve it.

    Give the people runnng such companies "skin in the game".

    If they get hit, they are liable to personal punishment, in the event that they cannot prove they took all reasonable steps to prevent it, including serious penalties for not doing so. This is actually already in line with measures in place under both US and EU law to punish companies for data breaches. Like I said, make it more painful to get caught out than to risk user's data and maybe those responsible for making decisions will take their responsibilities for user's data, about which they often gave the users little choice in the first place, more seriously.

    It's like health and safety, or regulations about building safety. Fail to take responsibilities seriously and director's, and even responsible managers, can (and occasionally are) liable to personal penalties, including substantial periods behind bars. The principle is identical.

    In fact, in my opinion, there are more than a few cases where those criminal sanctions aren't used enough, up to and including unsafe fir cladding on buildings. Or storing vast quantities of explosive materials like ammonium nitrate close to built-up areas, though it looks like the authorities are looking for some backsides to fry in that latter example.
    You dodged my entire point to jump into total irrelevancy then dial back to something worth responding to.

    And the kidnapping metaphor is totally relevant. The kidnappers (hackers) took your family (data), made it inaccessible to you (ransomware/encrypted/exfiltrated), ransomed you for their safe return, if you don't pay up then your family is gone (data/decryption keys are destroyed). Your point is to make the voluntary payment to these criminals to get your valuables back a liable and criminal offence. In literally every case, no one turned around and went "well our security wasn't good enough" because even with the most cutting/bleeding edge SIEM, artificially intelligent, behavioural analysis, locked down tighter than a nuns unmentionables; there will always be a way. You don't see banks getting sued when a vault is raided because to sue them, you'd have to prove the bank was criminally incompetent/or had a dereliction in their responsibility to secure goods. The same happens in the security trade, you have to prove that Sophos didn't know about the Windows DNS bug that allows you to take over an entire network administratively with nothing more than a Raspberry Pi, you also have to prove Microsoft didn't know about since server 2003. It's a ridiculous notion.

    These ways can be anything from brute forcing the firewall externally to beating a security analyst half to death to get his access key, 2FA receiver and passcodes. Do you know how many of these threat actions are done by compromising general people and not crushing the defenses? Over 60% last time I checked the Verizon breach report.

    And you want to criminalise businesses and their leaders for something they actually have marginal control from vendor to vendor over.

    Your legislation would effectively boil down to "I won't pay the ransom because of the large fines and potential jailtime, lets try and recover our systems" or "i will pay the ransom, we'll get financially crippled and our leadership will go to jail leaving the business rudderless". Those two options are "potentially close the business" or "definitely close the business", that's an impossible choice.

    In fact, the people who should be fined if this ridiculous notion would ever gain traction are the businesses who let this happen. Intel for Spectre/Meltdown derivatives, any hacl ppreceded by them, Intel should have been financially responsible for. Stupid crap like that, not the business who got attacked.

    Iranian nuclear plants that was creating weapons grade fissile material. When you actually read about the security the plants had, it was pretty top notch for the time. All users were educated on the "don't be stupid", the security systems in place isolated the entire plants systems from any networked systems that could be contactable outside the plant. A memory stick was the likely infection vector, a damned USB stick dropped in the car park.

    But yeah, a tired engineers mistake one day is totally a reason for legislation to arrest the leadership and financially cripple them.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •