Results 1 to 16 of 16

Thread: US travel giant CWT pays $4.5 million crypto-locker ransom

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    30,251
    Thanks
    0
    Thanked
    1,941 times in 682 posts

    US travel giant CWT pays $4.5 million crypto-locker ransom

    And the negotiations from the $10 million demand to payment were on a public forum.
    Read more.

  2. #2
    Senior Member
    Join Date
    Jan 2009
    Location
    Central Scotland
    Posts
    488
    Thanks
    0
    Thanked
    16 times in 11 posts
    • jnutt's system
      • Motherboard:
      • MSi Z77A GD80
      • CPU:
      • Intel i7
      • Memory:
      • 16gig
      • Storage:
      • Samsung 500gig SSD
      • Graphics card(s):
      • EVGA 1070SC
      • PSU:
      • CoolerMaster 750w
      • Case:
      • Cooler Master
      • Operating System:
      • Windows10 64bit
      • Monitor(s):
      • Samsung 28" and 24"
      • Internet:
      • Cable 300mb

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    I'm sick of these crooks getting away with this chit!

  3. #3
    Old Geezer
    Join Date
    Jul 2016
    Location
    Under a rusty bucket
    Posts
    423
    Thanks
    20
    Thanked
    28 times in 19 posts

  4. #4
    Senior Member
    Join Date
    Sep 2014
    Posts
    357
    Thanks
    0
    Thanked
    9 times in 9 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    And why would the hackers do this ?
    They got money, they have data that is their safe card when they get caught.

    It's an win win for them in this difficult situation.

  5. #5
    Senior Member
    Join Date
    Apr 2016
    Posts
    470
    Thanks
    0
    Thanked
    3 times in 3 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Well proper companies has backups.. my previous company I worked for got attacked, but the competent IT guys work just waved them off... and then installed the backup.

  6. #6
    Long member
    Join Date
    Apr 2008
    Posts
    1,903
    Thanks
    63
    Thanked
    328 times in 232 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by DevDrake View Post
    And why would the hackers do this ?
    They got money, they have data that is their safe card when they get caught.

    It's an win win for them in this difficult situation.
    The hackers are not stupid and this is, as above, a business for them. If you screw over this one "customer", you may make a killing, but no one will ever pay a ransom again. They also will struggle to get other teams to work with them on jobs as they're seen to be ruining the ransom business.

    The other thing to consider is that this is a job with a lot of costs. The kit you use is burnable (obviously, and depending on what you're doing there may be a lot of it including cars / vans, a Yagi rifle or two and so on) and the skilled people willing to take the risk are expensive. You may put months (or more) work into this, setting up a botnet or pivots or phishing people. There was an attack on a large company and the attackers were in the network for two years before executing their attack. The odds of getting caught are very high as time progresses and so many of these scams will fail, but people and equipment will still need paying for.

    Once you get paid, you have to fence the money. There are plenty of people looking to do this for you, but their cut is not small.

    To keep business good, it is a poor idea to sell the company's data to competitors, especially when those competitors may just report you or actually be the next victim.

    If it were me, I'd send a "taste" of data off to an up and coming exec of the next target, then I'd send him more with a trojan in it. Then I'd wait for him to take that trojan to work for me. Then I'd do them, too.

  7. #7
    Senior Member
    Join Date
    May 2014
    Posts
    1,751
    Thanks
    111
    Thanked
    230 times in 166 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    In Ransomware threat action, you always want to fulfil your end of the deal because if you don't, people won't pay or your payouts will be less.

    It's in the hackers best interest to unlock the data so if they hit them or others like them in the future, others will be more likely to pay up.

    Malware and hacking are multi billion dollar businesses now, if you aren't an honest thief then people don't shell out.

  8. #8
    Long member
    Join Date
    Apr 2008
    Posts
    1,903
    Thanks
    63
    Thanked
    328 times in 232 posts
    • philehidiot's system
      • Motherboard:
      • Father's bored
      • CPU:
      • Cockroach brain V0.1
      • Memory:
      • Innebriated, unwritten
      • Storage:
      • Big Yellow Self Storage
      • Graphics card(s):
      • Semi chewed Crayola Mega Pack
      • PSU:
      • 20KW single phase direct grid supply
      • Case:
      • Closed, Open, Cold
      • Operating System:
      • Cockroach
      • Monitor(s):
      • The mental health nurses
      • Internet:
      • Please.

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    I did love the "AV software doesn't help" thing. It's so true. I've not used any antivirus (aside from windows defender) for over a decade. I do occasional scans using a downloadable tool if I suspect any issues.

    There are tools (Veil evasion, for example) which will create AV invisible malware with a custom payload with a few commands. Sometimes it takes a few tries to customise it properly, but it's like 30 minutes work. There are websites which will test that malware against AV software for you, so you can see if it evades all, or just the AV software specific to your target.

  9. #9
    Senior Member
    Join Date
    Aug 2019
    Posts
    549
    Thanks
    1
    Thanked
    21 times in 16 posts
    • Gentle Viking's system
      • Motherboard:
      • Gigabyte Aorus extreme X399
      • CPU:
      • TR 1920 X
      • Memory:
      • G Skill 64GB ( 8 X 8 ) PC3600 @ 3400
      • Storage:
      • Samsung evo 500GB nvme - 256GB Kingston SSD - 4TB spinning disk
      • Graphics card(s):
      • Powercolor 5700 XT red devil
      • PSU:
      • Corsair RM850I
      • Case:
      • Working on it, done summer 2020
      • Operating System:
      • windows 10 Ulti
      • Monitor(s):
      • 27" iiyama GB2788HS
      • Internet:
      • docis 3.1 cable 1000/100 mbit

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    So these guys will not go after the "backers" of bitcoin ? i mean if no bank want to have anything to do with bitcoin, bitcoin is worthless as it have no real currency to be exchanged into.
    Personally if i was the dictator of Denmark i would ban bitcoin in any way as one of the first things. so people better start selling when my tanks are rolling up to the parliament here to make pulp of the people there.

  10. #10
    HEXUS.Squirrel Output's Avatar
    Join Date
    Nov 2007
    Posts
    1,928
    Thanks
    783
    Thanked
    320 times in 240 posts
    • Output's system
      • Motherboard:
      • Gigabyte AORUS Master X570
      • CPU:
      • AMD Ryzen 9 3950X
      • Memory:
      • 32GB (2x16GB) DDR4 Corsair Vengeance Platinum @ 3200MHz
      • Storage:
      • Sandisk Ultra 3D 2TB
      • Graphics card(s):
      • Gigabyte RX Vega 56 Gaming OC 8GB
      • PSU:
      • EVGA G3 750
      • Case:
      • bequiet Dark Base Pro 900 Rev.2
      • Operating System:
      • Windows 10 Pro x64
      • Monitor(s):
      • 2 x Dell P2214H

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    I skimmed the title at first, so was thinking it was talking about the OEM PSU manufactuerer.

    The negotiations in an area open to the public is certainly an interesting note. Although I do agree it seems to go against the general advice of experts not to pay as it gives more encouragement to anyone (not just the particular group in this case) seeking to take similar actions.

    It wouldn't surprise me if CWT has insurance to cover the cost though, as that seems to be the sort of thing that has been mentioned increasingly in recent times with reports of some companies or local governments as time passes.

    Plus there's also no guarantee that whoever is behind any crypto-locker attack will actually provide the decryption keys, they could just demand more money afterwards or just never provide the decryption keys at all.

  11. #11
    Senior Member
    Join Date
    Jun 2009
    Posts
    351
    Thanks
    3
    Thanked
    12 times in 11 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Seems like a very polite exchange of blackmail... Still, not to keen on the idea of funding black hats.

  12. #12
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,525
    Thanks
    228
    Thanked
    174 times in 118 posts
    • cheesemp's system
      • Motherboard:
      • Gigabyte Z77-D3H
      • CPU:
      • Intel i5 3570k @ 4.2
      • Memory:
      • 16gb Crucial Ballastix Elite DDR3 @1866
      • Storage:
      • 64Gb M4 + 240Gb arc100 + 500Gb TcSunbow SDD (for games only) 1x500Gb HDD
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Antec 650W Semi modular
      • Case:
      • NZXT Source S340 Mid Tower
      • Operating System:
      • Win 10
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~30Mb

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by FRISH View Post
    Seems like a very polite exchange of blackmail... Still, not to keen on the idea of funding black hats.
    I don't think this is black hats - this is organised gangs. I'm guessing even having backups is no use if they get long term access to your network and can hit the backups too. My firm has moved to cloud backups of local machines. I guess that would really help as you can probably roll any attack back by just restoring the cloud backups (I assume there is no global delete all backups mechanism as a protection from the admin account being hacked).
    Trust

    Laptop : Lenovo G505s A8-5550m 8Gb 240Gb SSD Radeon HD 8550G + Radeon HD 8570M dual graphics

  13. #13
    Senior Member
    Join Date
    Aug 2016
    Posts
    1,754
    Thanks
    396
    Thanked
    387 times in 297 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by Friesiansam View Post
    So they're sure the nice hackers will do as they say and delete all the stolen data?
    They can't be sure, but the hackers may do so. If the ransom is paid and the data subsequently leaked, it undermines the case for future victims go pay up, and ruins the hackers' business model.

    Hos about legislation making company bosses criminally liable, with jail time, for paying out, and making their companies liable for a fine of 100x whatever they paid?

    Make it unprofitable to pay. If the motive of the hackers is money, destroy the motive to comply.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  14. #14
    Senior Member
    Join Date
    May 2014
    Posts
    1,751
    Thanks
    111
    Thanked
    230 times in 166 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by Saracen999 View Post
    They can't be sure, but the hackers may do so. If the ransom is paid and the data subsequently leaked, it undermines the case for future victims go pay up, and ruins the hackers' business model.

    Hos about legislation making company bosses criminally liable, with jail time, for paying out, and making their companies liable for a fine of 100x whatever they paid?

    Make it unprofitable to pay. If the motive of the hackers is money, destroy the motive to comply.
    Not trying to be too much of an ass in saying this but i am being pretty incredulous: how on earth could that possibly fix anything?!?

    You're literally making it legislation that if your security is breached, you're either jailed for paying to re-operate the business or your business goes under making hundreds if not thousands of employees jobless.

    These hackers will breach a business, read their financial data and know exactly how much they can extort without causing the business to fold.

    But what you're forgetting is that to make the extortion scam effective, you have to threaten the viability of the business continuing to operate. Oh, so now it's a jailable offence to pay the ransom to get your business back online while you sanitise the entry points and analyse the threat chain to stop it happening again? Business owners will survive a business going under, but not the employees as much.

    Saracen, i have a lot of respect for you (with the exception of your extremist data privacy observations) but a legislative suggestion to screw a business and making them criminally liable trying to recover from a breach is just ridiculousness of the highest order.

    How about someone kidnaps your family and ransoms them back to you? You pay the ransom, they're returned then bobby turns up and says "hey buddy, you're under arrest for paying the ransom for your family and oh yeah, here is a financially crippling fine for paying that ransom turn you from an upper class occupier to homeless, chop chop, get your family to pack your bags, the bailiffs are here".

    Jesus H Christ.

  15. #15
    Senior Member
    Join Date
    Aug 2016
    Posts
    1,754
    Thanks
    396
    Thanked
    387 times in 297 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Perhaps if company directors knew their behinds would be in a sling, they'd take steps to avoid putting their users data at risk in the first place, and not taking sufficient steps to prevent it. Which, of course, merely serves to encourage hackers in the first place.

    How about someone kidnaps your family and ransoms them back to you
    How about it? Where did I say anything, directly or indirectly, about kidnapping cases? It has nothing to do with what we're talking about.


    As for "extremist" views on data privacy, well excuse me is I choose to regard MY data as private. If you remember what I've said, it's that I highly regard my privacy, and object vehemently to companies 8nvading or abusing it for any reason, unless I've agreed to it. I've not suggested anybody else should feel the same way. If you don't care how companies abuse your data, that's your decision. My point is that how my data is used should be my decision. I fail to see the extremism.

    The problem is that many companies not only don't give users the choice, but some go to extreme lengths to deprive us of it, up to and including lying about what they use it for and the measures they take to preserve it.

    Give the people runnng such companies "skin in the game".

    If they get hit, they are liable to personal punishment, in the event that they cannot prove they took all reasonable steps to prevent it, including serious penalties for not doing so. This is actually already in line with measures in place under both US and EU law to punish companies for data breaches. Like I said, make it more painful to get caught out than to risk user's data and maybe those responsible for making decisions will take their responsibilities for user's data, about which they often gave the users little choice in the first place, more seriously.

    It's like health and safety, or regulations about building safety. Fail to take responsibilities seriously and director's, and even responsible managers, can (and occasionally are) liable to personal penalties, including substantial periods behind bars. The principle is identical.

    In fact, in my opinion, there are more than a few cases where those criminal sanctions aren't used enough, up to and including unsafe fir cladding on buildings. Or storing vast quantities of explosive materials like ammonium nitrate close to built-up areas, though it looks like the authorities are looking for some backsides to fry in that latter example.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  16. #16
    Senior Member
    Join Date
    May 2014
    Posts
    1,751
    Thanks
    111
    Thanked
    230 times in 166 posts

    Re: US travel giant CWT pays $4.5 million crypto-locker ransom

    Quote Originally Posted by Saracen999 View Post
    Perhaps if company directors knew their behinds would be in a sling, they'd take steps to avoid putting their users data at risk in the first place, and not taking sufficient steps to prevent it. Which, of course, merely serves to encourage hackers in the first place.

    How about it? Where did I say anything, directly or indirectly, about kidnapping cases? It has nothing to do with what we're talking about.


    As for "extremist" views on data privacy, well excuse me is I choose to regard MY data as private. If you remember what I've said, it's that I highly regard my privacy, and object vehemently to companies 8nvading or abusing it for any reason, unless I've agreed to it. I've not suggested anybody else should feel the same way. If you don't care how companies abuse your data, that's your decision. My point is that how my data is used should be my decision. I fail to see the extremism.

    The problem is that many companies not only don't give users the choice, but some go to extreme lengths to deprive us of it, up to and including lying about what they use it for and the measures they take to preserve it.

    Give the people runnng such companies "skin in the game".

    If they get hit, they are liable to personal punishment, in the event that they cannot prove they took all reasonable steps to prevent it, including serious penalties for not doing so. This is actually already in line with measures in place under both US and EU law to punish companies for data breaches. Like I said, make it more painful to get caught out than to risk user's data and maybe those responsible for making decisions will take their responsibilities for user's data, about which they often gave the users little choice in the first place, more seriously.

    It's like health and safety, or regulations about building safety. Fail to take responsibilities seriously and director's, and even responsible managers, can (and occasionally are) liable to personal penalties, including substantial periods behind bars. The principle is identical.

    In fact, in my opinion, there are more than a few cases where those criminal sanctions aren't used enough, up to and including unsafe fir cladding on buildings. Or storing vast quantities of explosive materials like ammonium nitrate close to built-up areas, though it looks like the authorities are looking for some backsides to fry in that latter example.
    You dodged my entire point to jump into total irrelevancy then dial back to something worth responding to.

    And the kidnapping metaphor is totally relevant. The kidnappers (hackers) took your family (data), made it inaccessible to you (ransomware/encrypted/exfiltrated), ransomed you for their safe return, if you don't pay up then your family is gone (data/decryption keys are destroyed). Your point is to make the voluntary payment to these criminals to get your valuables back a liable and criminal offence. In literally every case, no one turned around and went "well our security wasn't good enough" because even with the most cutting/bleeding edge SIEM, artificially intelligent, behavioural analysis, locked down tighter than a nuns unmentionables; there will always be a way. You don't see banks getting sued when a vault is raided because to sue them, you'd have to prove the bank was criminally incompetent/or had a dereliction in their responsibility to secure goods. The same happens in the security trade, you have to prove that Sophos didn't know about the Windows DNS bug that allows you to take over an entire network administratively with nothing more than a Raspberry Pi, you also have to prove Microsoft didn't know about since server 2003. It's a ridiculous notion.

    These ways can be anything from brute forcing the firewall externally to beating a security analyst half to death to get his access key, 2FA receiver and passcodes. Do you know how many of these threat actions are done by compromising general people and not crushing the defenses? Over 60% last time I checked the Verizon breach report.

    And you want to criminalise businesses and their leaders for something they actually have marginal control from vendor to vendor over.

    Your legislation would effectively boil down to "I won't pay the ransom because of the large fines and potential jailtime, lets try and recover our systems" or "i will pay the ransom, we'll get financially crippled and our leadership will go to jail leaving the business rudderless". Those two options are "potentially close the business" or "definitely close the business", that's an impossible choice.

    In fact, the people who should be fined if this ridiculous notion would ever gain traction are the businesses who let this happen. Intel for Spectre/Meltdown derivatives, any hacl ppreceded by them, Intel should have been financially responsible for. Stupid crap like that, not the business who got attacked.

    Iranian nuclear plants that was creating weapons grade fissile material. When you actually read about the security the plants had, it was pretty top notch for the time. All users were educated on the "don't be stupid", the security systems in place isolated the entire plants systems from any networked systems that could be contactable outside the plant. A memory stick was the likely infection vector, a damned USB stick dropped in the car park.

    But yeah, a tired engineers mistake one day is totally a reason for legislation to arrest the leadership and financially cripple them.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •