Submitted by giuliomagnifico t3_yvweup in technology
Comments
_bobby_tables_ t1_iwgfnqi wrote
Why not just make it illegal to not have your data backed up?
Remarkable-Way4986 t1_iwghbvf wrote
Don't pay criminals for crimes or they will do it more often
Toad32 t1_iwgkbl7 wrote
Seriously, I have recovered from ransomware because we had backups of everything. It brought us down for 2 hours while the restore took place.
MisterMcBob t1_iwglnjo wrote
Maybe countries should focus on beefing up their cybersecurity defenses. Ransomware is easy to avoid if you have proper backups.
skaterfromtheville t1_iwgm6je wrote
What timeframe backup are you on
g2g079 t1_iwgmbgf wrote
My old job had viruses everywhere when I started. Machines hadn't been wiped for decades and even their antivirus licensing server was down because of malware
I spent months reimaging every machine in that place. I kept everything updated and the PCs running like new. Meanwhile, my senior coworker and our vendor pissed around for a replacement backup solution for over a year after the old one failed during a restore.
Eventually, I quit for a better opportunity. A few years later EVERYTHING got ransomware there. I only found out because months after the attack they had asked a local community college for help imaging machines because it was going slower than expected due to their senior guy going to Vegas.
Like wtf. This was a mental healthcare place. You should have called professionals. Instead you asked if their are any students that can help because you sent your senior guy to fucking Vegas.
So glad I left that place. Still wonder if they had a working backup.
[deleted] t1_iwgmj9t wrote
The problem is that ransomware groups steals data before encrypting them, known as double-extortion, threatening to sel or leak them if the victim dont pay, so backups isnt an complete solution as you might think.
Some even conduct triple extortion attacks, with DDoS attacks on top of the threat of the data leak
MisterMcBob t1_iwgmnuq wrote
True but beefier cybersecurity defenses would prevent the attacker from getting access in the first place.
[deleted] t1_iwgn3rp wrote
True, I see too many companies who experience cyberattacks, including the largest, multi-billion enterprises, and when I see that, I get so pissed off, by realizing that home users have better security practices than the worlds largest businesses.
Like, its not difficult to secure your business against every attack vector, yet no business bother doing securing all their attack vectors, despite clearly having the resources to do so. It leaves me speechless.
Fun_Ad_9878 t1_iwgnj30 wrote
I kind of think that this is irrelevant. I have been part of two ransomware attacks and in both cases the only way to pay was bitcoin. I strongly discourage any form of paying ransomware attackers but those that do pay will not be stopped by any law.
Testicular_Wonder t1_iwgt35o wrote
Boy Australia that is sure going to stop the problem…
/s
Buckie188 t1_iwgtqlt wrote
Well this is just dumb. Educate yourself On what cryptocurrency is before you ask for a ban.
Fieos t1_iwgvjax wrote
It isn't that simple. Often times to recover significant amounts of data takes time. A business has to weigh out the loss of revenue during the recovery window versus the cost of paying the ransomware payment.
moderatevalue7 t1_iwgvmsh wrote
They will simply sell the data on the black market. Slightly less income, much more damage to the owners of the data
Fieos t1_iwgw0pz wrote
Not prevent, reduce the likelihood of an event happening.
[deleted] t1_iwgwm3k wrote
Cryptocurrency has not done anything positive for the world, it uses as much electricity as Greece, it has caused billions in damage, from fraud/scams, malware and like the topic is about, Ransomware, last year US banks paid 1.2 billion dollars in ransom payments.
People have litteraly killed themself after losing money in Crypto, its an scam, an ponzi scheme.
Remarkable-Way4986 t1_iwgy1ye wrote
Sounds like some of that money they are willing to spend on extortion should have been spent on better security
somabeach t1_iwgyno1 wrote
If you give a mouse a cookie, he'll ask for a glass of milk.
[deleted] t1_iwgzivn wrote
[deleted]
Buckie188 t1_iwgzri8 wrote
Also all the problems you are putting forward are also found in the regular currency market. If not moreso. I was very much against crypto until I started to educate myself around it.
Buckie188 t1_iwgztjr wrote
Oh just in case I haven’t stated- you are blatantly wrong.
Cyberinsurance t1_iwh4xgb wrote
This is one of those “nice in theory and bad in action”. No one wants to pay for extortions but sometimes you need to do it to get a decryptor.
_bobby_tables_ t1_iwh5ok3 wrote
It really is. A company should develop an action plan ahead of time. A recovery path should be designed to restore the most critical systems first. The plan should be updated and tested.
My company can recover from a worst case scenario starting with bare metal in less than three days for productuon systems, and another two days for non-critical systems (finance, HR, legacy and a few minor administrative systems).
This is really a solved problem with a little prep work. These days I see ransomware payments as a tax on stupidity and/or incompetence. I have no sympathy.
Fieos t1_iwh8wj7 wrote
It really isn't, especially when you are talking in the amounts of petabytes of backup data. Plus, so much of it depends on how you were compromised...
You should have an action plan, you should have backups, but saying it is 'simple' is pretty specific to the company. But you are an Internet badass, I get it.
Informal-Lead-4324 t1_iwh9c51 wrote
Thats like saying if a guy has sugar and is standing over your car hood ready to pour it into the engine, demanding 5$. Why would I fuck my car up for 5$?
Remarkable-Way4986 t1_iwha3g0 wrote
Hit the gas and watch as he flies off and hits his head. Then get out and kick his ass
Informal-Lead-4324 t1_iwhagon wrote
But you can't do that over the internet so what do you do? Lul
[deleted] t1_iwhe3xk wrote
[deleted]
Not_as_witty_as_u t1_iwhewiq wrote
How does a backup solve this though? Isn’t the ransom the threat of releasing the data?
Not_as_witty_as_u t1_iwhf0cq wrote
How does a backup help? They get the data and threaten to release it.
badillustrations t1_iwhfe1c wrote
> those that do pay will not be stopped by any law.
Can you explain this to me? Are you saying because it's in bitcoin the government can't stop the transfer?
blargmehargg t1_iwhgvfy wrote
Eh, the finances of public companies can make payments like this harder to hide.
I’m also against ever paying these ransoms, and if they’re going to make a law preventing it I think it should only apply to companies of a certain size (and there are various ways to draw that line.) This would allow small businesses who could be entirely crippled to the point they cease to operate to make their own decisions there (though I still think its an awful idea to comply.)
MisterMcBob t1_iwhi19f wrote
With ransomware it encrypts your files and you have to pay to get the key. If you have backups you can just restore to the latest backup before the files were encrypted.
reykjabitch t1_iwhkskz wrote
The point is that the government doesn't know what is vs. what is not a ransomware payment, and has no way of knowing, so what's the point of making it illegal.
comegetsumFUCKing t1_iwhqoqp wrote
no, the person you’re replying to has it correct. Tell me, what is hard to define about a ransomware attack? You get hacked, the data is locked and you have to pay a ransom to unlock it.
twilighteclipse925 t1_iwhrlct wrote
This! Almost every ransom attack that actually hurt a client I’ve dealt with was because they cut costs on their backups and lost weeks of data vs hours.
nvrmor t1_iwhtdku wrote
>internet badass, I get it.
You don't need to insult people. You could, you know, provide evidence to support your claim...
badillustrations t1_iwhte0v wrote
Are you saying because it won't automatically be disclosed, why bother to make it illegal? Aren't most laws not automatically detectable by authorities so they open an investigation?
Alan_Smithee_ t1_iwhtvxt wrote
How would they police it?
Plumsandsticks t1_iwhu0yc wrote
I wonder how this will play out. The main reason companies pay the ransoms is their insurance. Bigger companies are insured against interruptions to their business, so when an attack happens, the insurer is on the hook. From the insurer's standpoint, it's often cheaper to pay the ransom than to pay the company for the interruption, and so most ransom payments happen because the insurer demands it (to put it simply). Attackers know this very well.
When the companies won't be able to pay, it will likely drive the cost of business continuity insurance for everyone, at least until the attackers realize it's no longer so easy. I wonder what other unintended side-effects we'll see.
Cantora t1_iwhxxft wrote
Because we can choose not to only think of ourselves when we make these kinds of decisions. Why be so selfish?
As for that analogy, you should have insurance and if the police arrest the criminal then you shouldn't need to pay the excess. We're taking about Australia here.
But in the end, you're making a good point that the average person doesn't really give a shit about the greater good. It all boils down to not inconveniencing "me"
The law would need to make sure the ambiguity around insurance was clear, and would need to be tied with the right kind of education campaign to help people understand how to protect themselves and their data.
Fun_Ad_9878 t1_iwhyby7 wrote
Yes that is what I am saying. The premise of any law is that it can be enforced. It's true that bitcoin wallets are public info and many of their owners are known. Yet the only real way to enforce is with blocking bank accounts and banning certain types of credit card vendors much like gambling houses do. The only way to enforce ransomware payments would then be whistleblowers. I got news for you. Unlike license violations where the company pressures it's workers to break the law and the employee has no benefit, in the case of ransomware payments the employees are usually at fault and will be in no hurry to have their name out there since they likely suggested to pay it in the first place to cover up their mistakes.
​
Another issue is the size of the transfer. I have never paid for ransomware (so I don't know the price) but if the ransom is say less than 10k USD then it can be hidden in such ways but if it gets to be more then really there will be no way to hide it. This is where terrorists get stuck imo. Of course terrorists already have their money in bitcoin so it's likely less of an issue.
Informal-Lead-4324 t1_iwhz5b1 wrote
You're being selfish wtf. You're saying YOU get to decide whether or not someone has the ability to recover their data. Wtf. YOURE being authoritarian. And it's funny because we know Damn well corporate interests in your country would be exempt. There's 0 fucking chance your government is going to fine Facebook for paying a ransom on their own data.
So in this case what happens. The authorities "look into it" and you're out your data lol. Thanks officers.
Your last paragraph Is moot. In a world with 0day no click exploits, you're literally victim blaming people who technically could have done absolutely zero to prevent it.
badillustrations t1_iwhzfxc wrote
> I got news for you. Unlike license violations where the company pressures it's workers to break the law and the employee has no benefit, in the case of ransomware payments the employees are usually at fault
I guess I don't understand this assumption. There are equivalents of SOX compliance across many countries and that everyone in a compliance team would be totally cool signing off on illegal activity is a little strange to assume.
I think bitcoin is a little secondary to this conversation. Someone could convert X dollars to bitcoin and it's hard to track, but just taking X dollars out of an account needs to be accounted for just as if someone took it out to cash.
Fieos t1_iwhzqr0 wrote
Okay, sure.
- Source 20+ year IT veteran specializing in the private cloud computing areas of business continuity, disaster recovery, and cyber-threat resiliency.
People often think, "I have backup... I'm good."
How do you know if your backups aren't also compromised? Are you scanning for metadata changes in your archive? If your infrastructure was targeted, do you have a recovery plan for all your data center services? DNS/NTP/LDAP/SMTP/PKI/etc?
Do your business processes aligned to report and communicate internally (and possibly externally) in the event of a security breach? If you are compromised and recovering to an alternate restore target... do you have your VIPs configured to handle the new locale?
Do you have all your binaries for a site rebuild onsite in a vault and are all your runbooks current? Have you actually even tested restores?
Say you are recovering from backup and everything else is good? What is your throughput to get your data back on disk?
If your data is encrypted by a third party, what's the plan? If the data is already outside of the environment... what's the plan?
None of this is simple at scale.
_bobby_tables_ t1_iwhzw9i wrote
Wait. I was happy to be called an internet badass. I read no sarcasm at all into that.
nvrmor t1_iwi0d0v wrote
yeah but what if you just used a backup?
Fun_Ad_9878 t1_iwi0g27 wrote
>I think bitcoin is a little secondary to this conversation. Someone could convert X dollars to bitcoin and it's hard to track, but just taking X dollars out of an account needs to be accounted for just as if someone took it out to cash.
The expense could easily be itemized as a security expense. Data recovery expense. If they really wanted to get creative then they could list it as any old expense like employee's party or who knows what else. If a receipt is a problem then they can just pay said employee a bonus and he could convert it. There are plenty of ways. If the payment is done in conventional ways then it can be stopped usually.
DasKapitalist t1_iwi2ly9 wrote
>There are equivalents of SOX compliance across many countries and that everyone in a compliance team would be totally cool signing off on illegal activity is a little strange to assume.
Every USA-based company which does business internationally and "complies" with the FCPA laughs as your optimism. Bribing people in third world to do their job (or to "protect" your business from "accidents") is both illegal and ubiquitous. It's the sort of thing you'd see categorized as "consulting expenses, "travel and entertainment expense", or "risk mitigation expense".
For ransomeware, they'd probably just label it "data recovery expense" or "penetration testing expense" if the accountant had a sense of humor.
BCProgramming t1_iwi5ku7 wrote
Is this satire
nvrmor t1_iwi9kpj wrote
pfft you wouldn't know internet badass if it fragged you straight in the face. I ran gentoo in 2002 and have written DOZENS of bash scripts. All you need is a little rsync to stop ransomware and it doesn't take 2 braincells to figure that out genius jeez
LeastDescription4 t1_iwibztw wrote
In an unrelated note, do you know how invasive ASIC can be? Their "proactive surveillance" is fun.
Basically any financial company is well aware of the level of scrutiny behind stuff like this, so I wouldn't be surprised to see another government agency being given similar controls/access. Probably the OIAC I guess considering they already do the mandatory data breach reporting stuff.
Fieos t1_iwicibm wrote
Come at me bro... I still mostly remember my ICQ number.
LeastDescription4 t1_iwickks wrote
That's when you find out if ASIO is any good I guess. Or I guess you technically never find out...
atr0s t1_iwijitc wrote
He's got a point though. It only really applies if your business is big enough or controversial enough to be worth blackmailing, but if the attackers are already encrypting your data, they can copy it first and threaten to release it if you aren't going to pay because you have a backup.
Toad32 t1_iwijv9f wrote
Nightly external backup at 1am - internal Shadow copies at 12pm and 8pm.
hblok t1_iwiri9b wrote
Well, they tried banning criminals putting up the ransoms, but that didn't work, so time to go one step down the ladder.
_bobby_tables_ t1_iwiz1b3 wrote
Sensitive data at rest should be encrypted. So if hackers get your data, the risk of release is low. My company also insures for a year of LifeLock for any customers impacted by an intrusion.
BraidRuner t1_iwj80bj wrote
They should probably ban criminal activity as well and that should solve the problem, because banning things is always so effective. Criminals are well known to respect government edicts.
skunksmasher t1_iwjqf2j wrote
yall release that the word CONSIDER is a qualifier and makes the entire sentence meaningless!
Cantora t1_iwl0q9q wrote
You're on a very arbitrary tangent based purely on, what seems to be, biased speculation. You're not someone who has any input on this issue in Australia. Thank fuck for that.
quettil t1_iwn211b wrote
You can buy people from buying bitcoin.
quettil t1_iwn2b3i wrote
The company would have to buy the bitcoin, and then you have proof.
[deleted] t1_iwgeve3 wrote
All countries need to do this.
Ban Cryptocurrency while they are at it aswell.