I make the analogy with the internet and money. Both were created with good intentions and huge benefits to individuals and society. Both have been co-opted by power and greed and used for nefarious activity.

It's a never ending war between, The Good, The Bad and The Ugly. The Ugly is always the hardest nut to crack.

 

$5 million is pocket change compared to what was at stake.

Hopefully this will have a silver lining: to alert essential infrastructure operations that defense grade software is required.

 

https://www.marketwatch.com/story/b...ssive-surge-in-ransomware-attacks-11621022496

The disabling of Colonial Pipeline’s operations last week underscored the threat malicious hackers pose to critical infrastructure in the U.S., while illustrating the usefulness of cryptocurrency to cyber criminals that seek to extort large sums of money in an efficient and easily concealed manner.

The episode is likely to bring even greater interest in the regulation of bitcoin BTCUSD, -0.02% and other cryptocurrencies as law enforcement seeks to track down the perpetrators and policymakers hope to prevent similar attacks from happening again, according to Yonatan Striem-Amit, chief technology officer at cybersecurity firm Cybereason.

 

https://www.intel471.com/blog/darkside-ransomware-shut-down-revil-avaddon-cybercrime

Intel 471 has observed numerous ransomware operators and cybercrime forums either claim their infrastructure has been taken offline, amending their rules, or they are abandoning ransomware altogether due to the large amount of negative attention directed their way over the past week.

On May 13, 2021, the operators of the DarkSide Ransomware-as-a-Service (RaaS) announced they would immediately cease operations of the DarkSide RaaS program. Operators said they would issue decryptors to all their affiliates for the targets they attacked, and promised to compensate all outstanding financial obligations by May 23, 2021. The group, which has been named as the one responsible for the Colonial Pipeline incident, also passed an announcement to its affiliates claiming a public portion of the group's infrastructure was disrupted by an unspecified law enforcement agency. The group’s name-and-shame blog, ransom collection website, and breach data content delivery network (CDN) were all allegedly seized, while funds from their cryptocurrency wallets allegedly were exfiltrated.

https://www.reuters.com/technology/...attack-vaccine-rollout-unaffected-2021-05-14/

Ireland's health service operator shut down all its IT systems on Friday to protect them from a "significant" ransomware attack, crippling diagnostic services, disrupting COVID-19 testing and forcing hospitals to cancel many appointments.

 

True, I understand. I also understand why people want/need to connect to their computers remotely. But when security is at stake, why not have your own private network?

Why is the global community running on MS WIN that is so flawed?
There is a simple way to make networked computers immune to hacking.

Probably because they don’t trust Linux, due to its flaws.

 

Of all of my clients that suffered ransomware attacks, we recovered all but one. That one shut off the backup software without telling us because “it slowed down the system”. We explained that the ten days of work they lost were really slow and made up for any time they “saved”.

I ran a hybrid MS/Linux System. Both were subject. With hardening and architecture, the Linux systems were actually hacked more often than the MS systems. Neither system ever caused an outage. MSWin web servers. Linux(HPUX) database servers. Linux routers, switches, firewalls, load balancer. Over ten years, we had two outages. One caused by a bug in HP mass storage software and one due to a very unusual electrical failure in a router.

 

5 key elements to avoid outages: Isolation, Security, Redundancy, Uninterruptible Power, and Backups. You can either do it or pay the piper when the sewage hits the fan. Pay for it up front or it will cost a whole lot more when it happens, and it almost always does eventually if you don't. What the lawyers call "Due Diligence" and like to sue over the failure thereof. Something that the Sys Admin at my local ISP hasn't figured out yet... Colonial is going to end up paying far more the 5 million ransom to correct their failure to do due diligence up front.

 

5 key elements to avoid outages: Isolation, Security, Redundancy, Uninterruptible Power, and Backups. You can either do it or pay the piper when the sewage hits the fan. Pay for it up front or it will cost a whole lot more when it happens, and it almost always does eventually if you don't. What the lawyers call "Due Diligence" and like to sue over the failure thereof. Something that the Sys Admin at my local ISP hasn't figured out yet... Colonial is going to end up paying far more the 5 million ransom to correct their failure to do due diligence up front.

And not to be redundant, redundancy.

CFOs don’t like redundancy. Why pay for two of everything if we can run on one?

We had two routers, four switches and four firewalls (two in the front end; two in the back end), two load balancer, three database servers (two in a RAC configuration and one standalone). Two of every application server and twenty web servers. Ten active and ten backup. The backups could be put into service within seconds. Plus, software updates were performed on the backups and swapped into production within a second. The other ten kept the prior software version for several days so we could revert within a second or two.

Two outages (including maintenance) in ten years. Not too shabby.

 

Probably because they don’t trust Linux, due to its flaws.

As I see it, going back half a century, IT managers everywhere were directed by corporate masters to install computerized data management systems and to select the best and most reliable systems available at the time. Since their jobs, careers and reputation were on the line they had no alternative but to recommend IBM and MS.

The choice was simple. They could easily be excused if the installed system failed to fulfill requirements. If the choice was something else and it failed they would be let go.

 

As I see it, going back half a century, IT managers everywhere were directed by corporate masters to install computerized data management systems and to select the best and most reliable systems available at the time. Since their jobs, careers and reputation were on the line they had no alternative but to recommend IBM and MS.

The choice was simple. They could easily be excused if the installed system failed to fulfill requirements. If the choice was something else and it failed they would be let go.

Today that's IBM and Linux.
https://www.ibm.com/it-infrastructure/z/os/linux

https://www.ibm.com/it-infrastructu...I0UahP6JSzPYWQdursRoCScwQAvD_BwE&gclsrc=aw.ds

 

As I see it, going back half a century, IT managers everywhere were directed by corporate masters to install computerized data management systems and to select the best and most reliable systems available at the time. Since their jobs, careers and reputation were on the line they had no alternative but to recommend IBM and MS.

The choice was simple. They could easily be excused if the installed system failed to fulfill requirements. If the choice was something else and it failed they would be let go.

Or they could bet their career on their technical skills, and design a secure system with best of class components that absolutely did not fail. MS Windows and Linux hybrid.

Two outages in ten years.

Five 9s uptime.

Zero successful break-ins. Zero data loss. Zero downtime for patches, upgrades and software releases.

 

https://www.cnn.com/2021/05/16/business/gas-shortage-dc/index.html

More than 80% of gas stations in DC are out of gas

 

Seems good to me. Those DC “leaders” have done little to protect us from computer thieves and now they are paying the price. And don’t forget those Republicans who don’t want “big government” to apply onerous regulations on private enterprise.
It’s a simple case of a company not protecting their systems properly and getting caught and paying the price. I am not sorry at all. Very similar to the Texas utilities who decided not to winterize their infrastructure and then whine about it when they got caught by a cold storm. Sometimes I think my country is really pathetic.

 

https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/

Try This One Weird Trick Russian Hackers Hate

 

https://www.reuters.com/article/us-cyber-jbs-idUSKCN2DD3RQ

The White House said on Tuesday that Brazil’s JBS SA has informed the U.S. government that a ransomware attack against the company that has disrupted meat production in North America and Australia originated from a criminal organization likely based in Russia.

The company, which has its North American operations headquartered in Greeley, Colorado, controls about 20% of the slaughtering capacity for U.S. cattle and hogs, according to industry estimates.

Two kill and fabrication shifts were canceled at JBS’s beef plant in Greeley due to the cyberattack, representatives of the United Food and Commercial Workers International Union Local 7 said in an email. JBS Beef in Cactus, Texas, also said on Facebook it would not run on Tuesday - updating an earlier post that had said the plant would run as normal.

JBS Canada said in a Facebook post that shifts had been canceled at its plant in Brooks, Alberta, on Monday and one shift so far had been canceled on Tuesday.

 

BUSTED!

Feds recovers millions in ransomware payments from Colonial Pipeline hackers (msn.com)

 

Still don't understand why they paid the ransome. I *assume* they had backups - and reloading the backups shouldn't have taken any more time than decrypting the files.

 

Still don't understand why they paid the ransome. I *assume* they had backups - and reloading the backups shouldn't have taken any more time than decrypting the files.

Don’t assume!

I worked at a Managed Service Provider, during a spike in ransomware attacks. We recovered all clients but one. They had turned off backups because backups slowed everything down and their work was more important. Until they were attacked and were out of business for the time it took us to rebuild everything from scratch.

 

BUSTED!

Feds recovers millions in ransomware payments from Colonial Pipeline hackers (msn.com)

The ransomware fools lost nearly half the value of the payment even before the FEDs got it.

The warrant authorized seizure of 63.7 bitcoin, or $2.3 million at the current exchange rate.

The hackers demanded and were paid a ransom of 75 bitcoin on May 8, according to the warrant affidavit. On that date, the value of bitcoin was higher — worth about $4.3 million.

 

Backing up is not all of the picture. Some idiot finally saw the profit in installing a graphical computer run Distributed Control Systems at our plant but never included redundancy. I went to one of the area control room to run the backup tar files on the system and the floppy drive had gunked up and failed. No amount of cleaning the drive had any consequences and so I had to shut the system down and replace the floppy drive. No biggie, only needed a few minutes of downtime to perform. Informed operations that I needed to do so and got approval and quickly replaced the floppy. This was a Xenix system running on good quality 8086 PC Clone hardware. Flipped the big red switch to start back up and the POST started and hung. After several attempts to reboot, I was stuck with a single station DCS dead in the water and no way to recover it! I had backups, but the hardware would not POST and boot to the operating software to install backups. I spent the next 19 hours rebuilding the base hardware platform from 360k floppies, installing the Xenix Operating Sytem, Loading and Compiling the operational software, then I could install the backup configuration software. Lost a day of operations at a key operations area of the plant costing 100s of thousands of dollars because someone didn't want to spend 30K$ for a redundant 2nd operating station that would allow full system operation during system backup or failure of one of the DCS front ends. I was given the go ahead after that episode to make all of the ~15 DCS systems redundant and supplied with uninterruptable power (both computers and I/O racks) to be able to run during short power outages in order to have a safe shutdown of the operation upon power failure to the operating area plus run-through for momentary power loss blips.