Most Businesses Pay Ransomware Demands, IBM Finds (eweek.com)

← Back to Stories (view on slashdot.org)

Most Businesses Pay Ransomware Demands, IBM Finds (eweek.com)

Posted by BeauHD on Wednesday December 14, 2016 @12:05PM from the give-into-demands dept.

According to an IBM Security report released on December 14, 70 percent of businesses impacted by ransomware end up paying the attackers. The amount varies but a majority of business respondents said they paid tens of thousands of dollars. eWeek reports: The 23-page IBM Security study surveyed 600 business leaders and 1,021 consumers in the U.S. 46 percent of business respondents reported that they had experienced ransomware in their organizations. Of the 46 percent that have been impacted by ransomware, 70 percent admitted that their organization paid the ransom. The amount paid to ransomware attackers varies, but of those business respondents that paid a ransom, 20 percent paid over $40,000, 25 percent paid between $20,000 and $40,000 and 11 percent paid between $10,00 to $20,000. On the consumer side, IBM's study found that the propensity to pay a ransom varies depending on whether or not the victim is a parent. 55 percent of consumers that identified themselves as being parents said they would pay a ransom to recover access to photos that had been encrypted, versus only 39 percent for consumers that don't have children. In an effort to help organizations respond quickly to ransomware threats, IBM's Resilient Incident Response Platform (IRP) is being enhanced with a new Dynamic Playbook for ransomware. Ted Julian, Vice President of Product Management and Co-Founder at Resilient, an IBM Company, explained that the basic idea behind the Dynamic Playbooks is to help provide organizations with an automated workflow or 'playbook' for how to deal with a particular security incident.

69 comments

Min score:

Reason:

Sort:

The unwritten part of the headline... by Anonymous Coward · 2016-12-14 12:08 · Score: 5, Insightful

Most companies dont have a backup regimen.
1. Re:The unwritten part of the headline... by mmell · 2016-12-14 12:32 · Score: 4, Interesting
  
  I worked for one that didn't pay - they had excellent backups and completely mediated the issue in under a week. I also worked for one that did pay . . . unfortunately, all they had was backups of encrypted files, so they didn't feel like they had a choice!
  They paid . . . and immediately implemented more secure and more reliable backups, combined with updating all software (where possible) to latest and greatest available versions. Also, they paperweighted the vast majority of their servers with McAfee's product turned up to "insanely secure" - which is how they discovered that the bad guys had left multiple back doors in place so they could try again. I'll wager they're still trying to make sense of it all.
2. Re:The unwritten part of the headline... by donaldm · 2016-12-14 12:37 · Score: 3, Insightful
  
  Most companies dont have a backup regimen.
  It would be more appropriate to say "Most companies don't have a disaster recovery plan" and/or don't test it out which is actually the most important part of a disaster recovery plan.
  The problem with paying extortion demands and ransomeware demands are extortion, only encourages these criminals to go after more lucrative targets with more sophisticated attack methods especially when their targets are willing to pay and pass on their incompetent loss of money to their customers or shareholders.
  
  --
  There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
3. Re:The unwritten part of the headline... by ShanghaiBill · 2016-12-14 13:18 · Score: 1
  
  extortion, only encourages these criminals to go after more lucrative targets
  That is not necessarily a bad thing. Many security breaches result in spam botnets or customer data leaks, that harm people not that were not responsible. The nice thing about ransomware is that the cost of bad security lands directly in the lap of the people that can actually do something about it.
4. Re:The unwritten part of the headline... by Tablizer · 2016-12-14 14:04 · Score: 2
  
  Also, they paperweighted the vast majority of their servers with McAfee's product turned up to "insanely secure"
  Oh, that's so annoying. Can make the systems run so slow that it's effective in thwarting the bad guys by making them fall asleep waiting for servers to respond. "Snorecurity". It's almost comparable to powering everything off. They won't hack a server with no power.
  Security: A, Productivity: F
  Makes me almost miss the good ol' days with VAX's, 2400 baud modems, and Commodore 64's. Wimpy hardware, yes, but it wasn't bogged down encrypting, decryption, and scanning, and-rescanning over and over again like a hungry dog paranoid of you stealing his bone.
  And the joy of trying to hunt down why On-Access-Scanning is jamming up certain applications at certain times for certain operations that requires voodoo to catch in the act in order to document the process to request an exception rule be added by the security staff, and users giving my apps poor scores because these scandogs make them into dogs. I'm not the bad programmer, McAfee is, dammit!
  
  --
  Table-ized A.I.
5. Re:The unwritten part of the headline... by CohibaVancouver · 2016-12-14 15:20 · Score: 1
  
  Oh, that's so annoying. Can make the systems run so slow that it's effective in thwarting the bad guys by making them fall asleep
  1995 called. They want their your out-of-date stereotypes about security software back.
6. Re:The unwritten part of the headline... by turbidostato · 2016-12-14 18:12 · Score: 2
  
  ...don't have a backup regimen, and use Microsoft Operating Systems.
  Perfect storm.
7. Re:The unwritten part of the headline... by Tablizer · 2016-12-14 18:15 · Score: 2
  
  We must be running 1995 McAfee then.
  
  --
  Table-ized A.I.
8. Re:The unwritten part of the headline... by Kiuas · 2016-12-14 20:52 · Score: 3, Interesting
  
  don't have a backup regimen, and use Microsoft Operating Systems.
  This actually is exactly what happened to a friend recently. They're running a lot of Linux servers, but as they were doing some sort of changes they were temporarily moving data from the linux machines to windows environment which got ransomwared and they got screwed. They have backups, but they're not up to date.
  To my knowledge they have no intention of paying the ransom.
  This is a perfect example of management having their heads up their asses. It's not that they don't have competent people who'd be more than willing to improve backups and general security (in fact the friend in question working as a systems analyst has been whining ever since he joined the company that their security is way too lax), it's that the upper management does not seem to care because they do not perceive the risks involved correctly.
  As someone from a management background education-wise I believe this is incredibly incompetent leadership. The whole reason companies hire experts is (or should be) that you listen to the feedback of said experts. If the guy most in-tune with your systems is telling you for a couple years that you're essentially begging to get screwed over, ignoring his warnings and prioritizing cutting costs is something that should get you fired. Unfortunately this is a case where the manager in question has known the founder of the company for who knows how long, so he pretty much has a permanent position due to nepotism, and right now it's costing them a lot of money, customers and also competent people (my friend is currently looking for new job, and I can't blame him).
  
  --
  "It is the business of the future to be dangerous" -Alfred North Whitehead
9. Re:The unwritten part of the headline... by sad_ · 2016-12-14 23:51 · Score: 1
  
  They have McAfee, now they are secure for ever!
  
  --
  On a long enough timeline, the survival rate for everyone drops to zero.
10. Re:The unwritten part of the headline... by Anonymous Coward · 2016-12-15 04:59 · Score: 0
  
  More like spending your life enforcing the Tragedy of Commons.
11. Re:The unwritten part of the headline... by LunaticTippy · 2016-12-15 06:52 · Score: 1
  
  What kind of ignorant recluse thinks security software has been solved for 20 years? The kind who condescendingly uses a tired "year XXXX called" put-down.
  
  Most of the businesses I'm familiar with struggle to this day with performance issues related to security software. You might notice that security breaches are commonplace despite all the wasted CPU cycles and read/writes. I honestly can't fathom why you'd be so dismissive of an issue that is costing many many millions of dollars in wasted power consumption, criminal loss, lost data, wasted man hours.
  
  --
  Man, you really need that seminar!
12. Re:The unwritten part of the headline... by turbidostato · 2016-12-15 07:49 · Score: 1
  
  "This is a perfect example of management having their heads up their asses."
  Yes, it probably is.
  "As someone from a management background education-wise I believe this is incredibly incompetent leadership"
  Humm... but not so sure about that.
  On one hand, from a purely business PoV, maybe having their proverbial IT asses wide open has been a net positive given what they have saved all this time in both direct and indirect costs and also costs of opportunity. What if I lose 100000$ to a hacker if all this time I haven't been hacked I save 1M$? Security costs -a lot, and its cost is from money of today, while loses are money of tomorrow. You say you have management background... what do they say? a buck today is worth more than a hundred tomorrow, or something?
  On the other, from a psychological one, you may think they are there for the money when most of them are mostly to feel the powah! Micromanaging, feeling over their "minions" and, in fact, being able to make a mess and still get away with it is *exactly* the kind of leadership they want to push over... why do you think this manager is on good friendship with the company owner but because they both are birds of a feather?
13. Re:The unwritten part of the headline... by Kiuas · 2016-12-15 09:33 · Score: 1
  
  What if I lose 100000$ to a hacker if all this time I haven't been hacked I save 1M$?
  - -
  what do they say? a buck today is worth more than a hundred tomorrow, or something?
  They do indeed say that, but it is not exactly as straightforward. It can be argued that the raw up-front cost of securing the system is more expensive than the work you have to do to recreate lost data, though certainly this is not always the case.
  But the problem is that this hypothetical damage to the company from such a hack is really hard to measure accurately (especially beforehand) because if you're only looking at the number of hours you need to pour in to undo direct damages you're missing a part of the picture, and a big one, the brand.
  They're not a huge multinational business, they're a midsize company that's geared towards a rather narrow corporate customer-base. The damage done by something like this in terms of future sales lost because this is entirely an unknown. It might be small enough to justify not securing it, but it also might be huge.People tend to suck at risk evaluation because in these types of 'high risk, high reward' situations that you're referring to what happens is that the rewards are overestimated and the risks are downplayed. I mean, with smaller companies that often have a few bigger clients, losing just one major client can make a huge dent in your cash-flow and send you spiraling down, Ignoring that potentiality in risk-analysis is foolish.
  I mean, at the very least if it is a calculated risk instead of stonewalling their own workers the management should be able to present their numbers on which their risk-taking is based. If they would come up with solid math taking into consideration the projected indirect effects on future sales and brand, then maybe I'd give them a pass. But to just downright ignore the issue without a proper explanation is incompetent leadership because it sends a signal that it really doesn't matter if the employees give a shit about anything as the management apparently doesn't either.
  
  --
  "It is the business of the future to be dangerous" -Alfred North Whitehead
14. Re:The unwritten part of the headline... by turbidostato · 2016-12-16 20:39 · Score: 1
  
  "If they would come up with solid math taking into consideration the projected indirect effects on future sales and brand, then maybe I'd give them a pass."
  I, of course, see your point, but playing devil's advocate, see what you do: you ask for a financial analysis (that you yourself accepted to be very difficult to do, if not impossible) on a non-expenditure while you don't ask for it on an expenditure. Does it even make sense?
  I mean, you didn't ask for an investment analysis on security (adding controls, procedures and products) and still you ask for "solid math" on "doing nothing"?
  And then, an important part of executive board's job is taking strategic decisions that are not fully backed by data but gut feelings -or else, the best CEO would be a junior accountant!
The one "good" thing about the hijackers by SensitiveMale · 2016-12-14 12:13 · Score: 4, Interesting

with ransomware is if you pay the ransom, they unlock your data.
It seems weird to say it is a business, but as long as the criminals don't screw over the victims, the victims know they can pay and not lose anything.
1. Re:The one "good" thing about the hijackers by Anonymous Coward · 2016-12-14 12:24 · Score: 0
  
  Paying ransom should be a felony. Rewarding crooks hurts everyone.
  Using ransomware should also be a crime with severe punishment.
2. Re:The one "good" thing about the hijackers by PRMan · 2016-12-14 12:26 · Score: 1
  
  Better customer service than Comcast or AT&T.
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
3. Re:The one "good" thing about the hijackers by Anonymous Coward · 2016-12-14 12:32 · Score: 1
  
  Paying ransom should be a felony.
  The crooks would love that. They'd get your ransom and then they could extort more money from you so they don't tell the cops you paid the random.
4. Re:The one "good" thing about the hijackers by CaptainDork · 2016-12-14 12:36 · Score: 1
  
  Your idea should only apply to you.
  
  --
  It little behooves the best of us to comment on the rest of us.
5. Re:The one "good" thing about the hijackers by taustin · 2016-12-14 12:38 · Score: 1
  
  Paying ransom should be a felony.
  You want to put people in prison for being the victim of a serious crime? Sounds a little harsh.
  And stupid.
6. Re:The one "good" thing about the hijackers by donaldm · 2016-12-14 13:03 · Score: 0
  
  Paying ransom should be a felony.
  You want to put people in prison for being the victim of a serious crime? Sounds a little harsh.
  And stupid.
  Actually the term Ransomware is also known as Cyberextortion which is a criminal offence so if you as a CEO of a firm give in to extortion demands you are effectively guilty of Collusion which is a criminal offence and if convicted can result in incarceration although in many cases just having the payment being made public is punishment enough since Customers and Shareholders alike don't like their money being used to pay criminals..
  
  --
  There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
7. Re:The one "good" thing about the hijackers by sexconker · 2016-12-14 13:07 · Score: 1
  
  Actually the term Ransomware [wikipedia.org] is also known as Cyberextortion which is a criminal offence so if you as a CEO of a firm give in to extortion demands you are effectively guilty of Collusion [wikipedia.org] which is a criminal offence and if convicted can result in incarceration although in many cases just having the payment being made public is punishment enough since Customers and Shareholders alike don't like their money being used to pay criminals..
  Actually, no. Not at all.
8. Re:The one "good" thing about the hijackers by Anonymous Coward · 2016-12-14 13:40 · Score: 0
  
  Maybe it should be. If nobody paid, the problem would solve itself. There would be a bit of collateral damage at the start but I like to think of it as culling stupidity out of the herd.
9. Re:The one "good" thing about the hijackers by Tablizer · 2016-12-14 13:40 · Score: 1
  
  The one "good" thing about the hijackers with ransomware is if you pay the ransom, they unlock your data.
  I saw nothing in TFA that indicated the success rate of recovery for those who pay.
  
  --
  Table-ized A.I.
10. Re:The one "good" thing about the hijackers by ShanghaiBill · 2016-12-14 15:00 · Score: 2
  
  Paying ransom should be a felony.
  That would just force it underground by disincentivizing victims from reporting the crime, and make it even harder for law enforcement to catch the crooks. Not every problem is a nail that needs to be hammered.
11. Re:The one "good" thing about the hijackers by ShanghaiBill · 2016-12-14 15:05 · Score: 2
  
  If nobody paid, the problem would solve itself.
  Sure. But as long as we are discussing totally unworkable fantasies, I would also like to point out that if no one had unprotected sex, we could eliminate STDs, and if all the armies in the world disbanded, we would have world peace.
  In the meantime, wear a condom, do backups.
12. Re:The one "good" thing about the hijackers by Anonymous Coward · 2016-12-14 15:41 · Score: 0
  
  ...as long as we are discussing totally unworkable fantasies...
  Maybe not so fantastical. Recently, the Prime Minister of Canada had to stand up and explain the government's stance on paying ransom. Two or three Canadians had been held for ransom and just been executed by terrorists in Indonesia (I think) because he didn't pay the ransom and wouldn't help the families pay it either. He said that paying ransom would just be putting a target on all Canadians overseas. He is against any country paying ransom but, of course, he only makes the rules for one.
13. Re:The one "good" thing about the hijackers by Anonymous Coward · 2016-12-14 16:46 · Score: 0
  
  There would be a bit of collateral damage at the start but I like to think of it as culling stupidity out of the herd.
  Damn son, that is word-for-word Nazi SS justification. That is what got us eugenics and the holocaust. You would have made a great war criminal.
14. Re:The one "good" thing about the hijackers by taustin · 2016-12-14 17:30 · Score: 1
  
  You are an idiot. And a psychopath, who should be put into a cage, and left there. Forever. Subhuman animals like you are precisely the sort who run that kind of criminal enterprise.
15. Re:The one "good" thing about the hijackers by taustin · 2016-12-14 17:32 · Score: 1
  
  You are an idiot, and precisely the sort of subhuman psychopath who runs that kind of criminal enterprise. You belong in a cage, like an animal, forever.
16. Re:The one "good" thing about the hijackers by taustin · 2016-12-14 17:36 · Score: 1
  
  Making it unmeasureable because the victims don't dare report it does not make it go away. In fact, it makes is easier to commit the crime, by far.
  Is that your goal? To make it easier to get away with that sort of criminal act? Do you have some personal interest in making it easier and safer to be a criminal? Do you have some vested personal interest in keeping the authorities from knowing about such crimes?
17. Re:The one "good" thing about the hijackers by tlhIngan · 2016-12-14 20:12 · Score: 1
  
  It seems weird to say it is a business, but as long as the criminals don't screw over the victims, the victims know they can pay and not lose anything.
  Actually, it's one where failure collapses the entire business model. Because right now the criminals are offering LOTS of support - they know the people may not know what bitcoin is so they will walk people through how to getting the payment down on the phone, even offering discounts and such.
  Because they know the only way people will pay is if they trust the people will unlock their data. The instant someone doesn't will result in complete loss of trust and make it impossible for future campaigns to work.
  This has resulted in a very odd situation where their support lines offer some very helpful support akin to Amazon. There are stories where a mother sobbed uncontrollably because she only raised about 80% of the money and was going to lose all her files. The criminals took pity and just took what she had and unlocked all her files.
18. Re: The one "good" thing about the hijackers by Anonymous Coward · 2016-12-14 22:18 · Score: 0
  
  Bullshit. If that was true, we wouldn't have spam either. With the relatively small risk and investment used to infect a network with ransomware compared to the VERY high reward if paid, only a tiny fraction of victims would have to pay for the scheme to remain profitable.
19. Re:The one "good" thing about the hijackers by brantondaveperson · 2016-12-14 22:36 · Score: 1
  
  That's only because the amount that the terrorists demand for the same return of their captives is normally beyond the means of the captives families, and obviously the government doesn't generally give much of a damn about them, so they don't pay. If Terrorists did what the ransomware guys do, which is to price the ransom at the level of the "families" (being companies, in this case, obviously) can afford, and to automatically catch large numbers of "victims" (data, since this is a computer situation), in a way that exposes the bad guys to almost zero risk, well - than in that case we'd have a comparable situation.
  But that's not how it works, which would be because ransomware is one hundred-percent a totally different thing from terrorists capturing the nationals of rich countries. This is just another example of how looking for an analogy fails to help you understand problems in the real world.
20. Re:The one "good" thing about the hijackers by Anonymous Coward · 2016-12-14 23:00 · Score: 0
  
  Sure they would. Nothing makes people pay a ransom like knowing you'll get screwed for even more money and/or end up in prison.
21. Re:The one "good" thing about the hijackers by Anonymous Coward · 2016-12-15 05:25 · Score: 0
  
  Some of them actually have shockingly good customer service. They will be very patent and courteous, and one ransomware application even included a tech support ticketing system...
22. Re:The one "good" thing about the hijackers by Agripa · 2016-12-17 08:19 · Score: 1
  
  Paying ransom should be a felony.
  You want to put people in prison for being the victim of a serious crime? Sounds a little harsh.
  And stupid.
  Why? The DoJ does it to suspects all the time.
23. Re:The one "good" thing about the hijackers by Agripa · 2016-12-17 08:21 · Score: 1
  
  Maybe not so fantastical. Recently, the Prime Minister of Canada had to stand up and explain the government's stance on paying ransom. Two or three Canadians had been held for ransom and just been executed by terrorists in Indonesia (I think) because he didn't pay the ransom and wouldn't help the families pay it either. He said that paying ransom would just be putting a target on all Canadians overseas. He is against any country paying ransom but, of course, he only makes the rules for one.
  I would have been more impressed if he instead paid the ransom amount as a bounty for the kidnapper's heads.
24. Re:The one "good" thing about the hijackers by Agripa · 2016-12-17 08:21 · Score: 1
  
  Paying ransom should be a felony.
  That would just force it underground by disincentivizing victims from reporting the crime, and make it even harder for law enforcement to catch the crooks. Not every problem is a nail that needs to be hammered.
  It is touching that you believe law enforcement has any interest in catching the ransomers.
25. Re:The one "good" thing about the hijackers by Agripa · 2016-12-17 08:23 · Score: 1
  
  Some of them actually have shockingly good customer service. They will be very patent and courteous, and one ransomware application even included a tech support ticketing system...
  It makes sense. Unlike a government charted corporation, they have to rely on their reputation for repeat customers. They cannot rely on rent seeking enforced by the government.
I paid the money by Anonymous Coward · 2016-12-14 12:15 · Score: 4, Funny

But then I realized that I could have just downloaded the same porn again for free. I asked for my money back and the ransomers said no.
1. Re:I paid the money by Tablizer · 2016-12-14 13:42 · Score: 1
  
  But the models get uglier every day unless you pay. (Hmmm, a marriage simulator?)
  
  --
  Table-ized A.I.
2. Re:I paid the money by Anonymous Coward · 2016-12-14 22:40 · Score: 0
  
  But the models get uglier every day unless you pay. (Hmmm, a marriage simulator?)
  Keep your jokes funny, and get out more.
3. Re:I paid the money by Anonymous Coward · 2016-12-14 23:04 · Score: 0
  
  That reminds me. How is your wife?
Headline on eWeek article is wrong by Anonymous Coward · 2016-12-14 12:18 · Score: 0

The survey clearly says that only 46 percent of the businesses surveyed had experienced ransomware and _of_this_ 70 percent had paid to get their files back. That means about 32.2 percent of the total sample had paid to get their files back.
1. Re:Headline on eWeek article is wrong by Anonymous Coward · 2016-12-14 12:27 · Score: 0
  
  You went to the article?
2. Re: Headline on eWeek article is wrong by Jesus+H+Rolle · 2016-12-14 19:32 · Score: 1
  
  There's an article?
It by Shepanator · 2016-12-14 12:32 · Score: 3, Interesting

I have a close friend who works for a large law firm, they were hit with ransomware for a few million dollars. From a business sense, they had no choice but to pay it. The ransomers were threatening to release all of their clients' data, so the executives all got together and paid it amongst themselves, hushing up the whole thing in the process. If they didn't pay, their business would have been over, even if they didn't face litigation from (ex) clients they would have all left in droves. The next month the company's IT budget had quadrupled, so there's a happy ending.
1. Re:It by donaldm · 2016-12-14 13:29 · Score: 1
  
  The ransomers were threatening to release all of their clients' data, so the executives all got together and paid it amongst themselves, hushing up the whole thing in the process.
  So here we have lawyers getting together and contributing out of their own pocket to pay the ransomers rather than taking the money out of company funds. In the eyes of the average person this could be considered commendable however in lawyer speak this is Collusion and is a criminal offence.
  
  The next month the company's IT budget had quadrupled, so there's a happy ending.
  So in this case, two wrongs made a right although you do have to ask if the IT department was doing its job properly in the first place since one of the first things any competent IT manager should do (besides finding out where the coffee machine is) is look at the companies "disaster recovery plan", make comments and recommendations if appropriate and if it had been tested and signed off on.
  
  --
  There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
2. Re:It by Anonymous Coward · 2016-12-14 14:49 · Score: 1
  
  One could suppose that the ransoming was carried out by the IT department with the end goal of having their budget increased. Where money exploitations are concerned though, conspiracy theories abound.
3. Re: It by BlytheBowman · 2016-12-15 03:12 · Score: 1
  
  The problem is if they didn't engage in "Collusion", the real world damage world damage have been far worse. This is why I really despise the so called justice system. A bunch of DORKS who sit in their ivory towers dreaming up more and more laws and fuck who they hurt or what kind of situations can arise which can unfairy entrap an otherwise law abiding citizen into either commiting a felony or have something far worse happen to them. (I am not saying that the lawyers did the right thing, but they had a choice of being fucked or superfucked)
4. Re:It by Agripa · 2016-12-17 08:35 · Score: 1
  
  The next month the company's IT budget had quadrupled, so there's a happy ending.
  Was the quadrupled IT budget used to pay back the executives? Wouldn't ransomwear expenses be part of the IT budget anyway?
5. Re:It by Anonymous Coward · 2016-12-20 04:23 · Score: 0
  
  IT can make all the comments and recommendations it wants but if the suits dont want to spend the money theirs not much they can do.
IBM providing security related playbooks is a joke by Anonymous Coward · 2016-12-14 13:06 · Score: 0

When IBM have failed multiple times to secure their own products/projects such as the recent Australia census, them providing security playbooks to others is a joke
https://yro.slashdot.org/story/16/11/25/1156258/ibm-to-pay-more-than-30-million-in-compensation-for-census-fail
May be they should first walk the talk and deliver secure products first before trying to advise others about security
*sigh* by sootman · 2016-12-14 13:12 · Score: 2

> In an effort to help organizations respond quickly to
> ransomware threats, IBM's Resilient Incident
> Response Platform (IRP) is being enhanced with a
> new Dynamic Playbook for ransomware.
Here's my playbook:
Step 1: Have backups.
Step 2: Set up backups so they don't blindly overwrite good old data with newly-encrypted data.

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
We got infected once. by Anonymous Coward · 2016-12-14 13:19 · Score: 1

We got infected once on a computer in the IT support department. So the user had had a bit more access that the regular user which ment that more files got encrypted.
People with full administrative access however, are not given that through their regular user account.
But we were running snapshots every hour on all drives so we decided to roll back to before the infection. The whole problem were resolved fairly quickly in a few hours.
We discovered the problem before finding the user so we put all shares offline for a little while and cloned them to see what was going on.
Finding the user was somewhat difficult because of the ownership and creator of the encrypted files still pointed to the original user of the file and not the infected user.
But the ransom instruction HTML files that it placed were with the infected users account.
1. Re:We got infected once. by Anonymous Coward · 2016-12-15 04:32 · Score: 0
  
  Sounds pretty similar to the two incidents we've had at my place of employment. We were able to track them down easily by the presence of encrypted files in their personal drive share.
  After the second case, I went ahead and implemented an automated response based on File Server Resource Manager. In the event a file with an extension matching a known ransomware pattern appears, a script is run that adds a deny permission to all the shares against that user, their SMB sessions are terminated, and an email alert is sent to IT. We also have dummy files scattered throughout the shares that, if they are ever modified, trigger the same action.
crime by Anonymous Coward · 2016-12-14 13:37 · Score: 0

Make it a criminal offence to pay extortion demands, with massive fines for the officers at the top in charge of firms that pay out..
It's the only thing they take notice of,it's not worth fineing the company,that comes out of share holders money,if seniour managment are made personally responsible for fines,they would be far more careful with others data and the security of their systems.
Once you pay the Dane-geld ... by Anonymous Coward · 2016-12-14 15:24 · Score: 1

... you never get rid of the Dane.
Rudyard Kipling, referring to the warrior/terrorist-Danes of a millennium or so ago, not the Danes of the early-20th century.
Oblg. by BlytheBowman · 2016-12-14 16:43 · Score: 1

"That's a real nice database you have there. It would be ashame if something were to happen to it......"
Yet again hidden cost of using Microsoft's 'Window by Anonymous Coward · 2016-12-14 21:32 · Score: 0

Yet again hidden cost of using Microsoft's 'Windows' toy for real work.
Re:Yet again hidden cost of using Microsoft's 'Win by Anonymous Coward · 2016-12-14 22:14 · Score: 0

Says the naive hater who has a compromised router and Android phone and doesn't even realise it.
Reroute them to Putin by Anonymous Coward · 2016-12-15 01:56 · Score: 0

Reroute the Hack to Putin's computer and they will never be heard from again.
Maybe send them to the Philippines with some pot and let Duarte handle them.
They are probably LGBTs living in Iran. Out them and let the Muslims show their tolerance.
Total Cost of Ownership by StormReaver · 2016-12-15 02:42 · Score: 1

I wonder if those companies factor that into their total cost of running Windows.
Business: "So, Windows licensing for our organization is $25,000 this year. Our Windows liability extortion costs due to Windows insecurity are $40,000 this year, and an extra $15,000 a year for security software that pretends to plug Windows' massive blunders."
Microsoft: "So, can we tell the press that your total cost of ownership for Windows is twenty dollars?"
Business: "WTF?!"
Microsoft: "Here's a cool twenty dollar bill if you let us lie."
Business: "Awesome! You've got a deal!"
So you get to be screwed or really screwed by BlytheBowman · 2016-12-15 03:14 · Score: 1

The problem is if they didn't engage in "Collusion", the real world damage would have been far worse. This is why I really despise the so called justice system. A bunch of DORKS who sit in their ivory towers dreaming up more and more laws and fuck who they hurt or what kind of situations can arise which can unfairy entrap an otherwise law abiding citizen into either commiting a felony or have something far worse happen to them. (I am not saying that the lawyers did the right thing, but they had a choice of being fucked or superfucked)
1. Re:So you get to be screwed or really screwed by Anonymous Coward · 2016-12-15 04:23 · Score: 0
  
  Bullshit. They had sensitive information that would destroy their business if it got leaked, and had completely inadequate protection against it being stolen. They deserve, at the very least, to go the fuck out of business.
Crypto's by Anonymous Coward · 2016-12-15 08:35 · Score: 0

Get good backups and rotate/dismount or have a one way vpn to a nas , we caught one here , flush , restore , move on ! The extra thing I did was breaking the code with hex workshop and blacklist infected download sites ...
Wat? by fluffernutter · 2016-12-15 08:50 · Score: 1

..in other news, Watson has been retasked to find the *best* places to deposit ransom ware.

--
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.