NGC Ransomware

[slowmover]

I have 3 questions that never get addressed during all this  news coverage. How is it that this can’t be PREVENTED from happening? Once it does why can’t it be remedied? And why can’t the payment be traced to its source. All these hotshot virus protection firms seem to be paper tigers.

[Mayor_of_BBQ]

it can't be prevented because individual users on the system network keep clicking on phishing links emailed to their work accounts. I work at a hospital with hundreds of employees, many of whom have no knowledge of computers and are deff not savy to hackers' tricks. When a 70+ year old employee who doesnt even have a smart phone is forced to check their email weekly, or log into LMS to watch training videos, there is a lot of margin of error! Some of these spoof emails are very very well done!

As for tracking the money, that's what the blockchain/cryptocurrency is for. They don't exactly ask you to mail a check to their PO box

[Stretch]

In order:

1. The bad guys are VERY clever in getting into software systems. And the human link is still the weakest.
2. There is no universal technical solution. Every IT system is different. And the human link is still the weakest.
3. Ransom can now be paid in bitcoin. Ransom payments can now be received without revealing the
    ransomer's identity. It can also still be paid with prepaid debit cards and the like. All difficult to trace.
4. Most of these syndicates are Russian or based in the former Russian states. It's virtually impossible to
    prosecute these people because of current Russian/International law. And that doesn't even take into account
    the maze of international servers with the laws of their own countries, the Dark Web, etc..

Currently it's an insoluble problem, and the best defense right now is a strong IT security posture.

                                                                                    -Stretch

[slowmover]

Yeah I knew they didn’t mail a check but you’re saying with the CIA, FBI , and military intelligence they can’t track a cyber currency transaction?

[oldbike54]

Yeah I knew they didn’t mail a check but you’re saying with the CIA, FBI , and military intelligence they can’t track a cyber currency transaction?

 In some cases they have tracked the transaction , right back to Russia where no one can do anything about the crime .

 Dusty

[LowRyter]

It can be prevented if the affected had put in the proper safeguards and protocols.  Obviously this is 20/20 hindsight but the warnings were there and businesses failed to act either by ignorance or greed.   Potentially any essential network shouldn't be connected to the internet and the resulting intranet could be controlled by physical safeguards and physical keys or card readers coupled with passwords.  BTDT. They could also have redundant back up systems and simulations.  It's a matter of costs, efficiency and convenience trade offs.

There are few legal requirements for most businesses to make hardened mgt/info systems.  I think utilities are one of the few (I'm not saying they employ the intranet example I cited above).  Many industries, such as the gas pipeline, have resisted these regulations.   So defining "essential" is key.

So far as remedies, it's normally been cheaper to pay the scoundrels and move on.

Regarding tracing these payments, I have to wonder where all out tax dollars have gone considering the cost for the NSA and other cyber security?   A few years ago the FBI was whining that couldn't even unlock an Apple phone. 

[LowRyter]

wHOOAAA

It looks like the Feds caught up with the money regarding the Gas Pipeline hack.  Looks like the Bitcoin just lost a customer. 

Good for our side.

(I'll gladly eat crow regarding my last post    )

[Mayor_of_BBQ]

Yeah I knew they didn’t mail a check but you’re saying with the CIA, FBI , and military intelligence they can’t track a cyber currency transaction?

that there is the entire point of cryptocurrency like bitcoin

[cloudbase]

For your third question:

US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers

https://www.cnn.com/2021/06/07/politics/colonial-pipeline-ransomware-recovered/index.html

[LowRyter]

yep, bitcoin lost another customer. 

I'll eat crow

[stormshearon]

I worked at Microsoft for 11 plus years before I retired. The security folks there ran phishing attacks against selected employees, most of whom were engineers of the software persuasion. They had a nearly 50 percent success rate. At Microsoft. Directed at actual software engineers. People who absolutely know better. Yet nearly 50 percent were happy to divulge their network credentials. Now imagine what the success rate is against regular folks who do not live and breathe computers for a living.

Couple that with companies who do not want to spend the money to make their systems secure in case something happens. Rather like people who don't want to adequately prepare for a possible oil leak from a huge tanker in a very pristine location (like Alaska - say the Exxon Valdez) because unless the leak happens, the money and equipment are not 'justified' by the accountants/managers.