Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 808
Reply with quote  #1 
Reposted from the Veeam newsletter

Also from the Veeam blog
https://www.veeam.com/blog/ransomware-as-a-service-threat.html

Quote:

THE WORD FROM GOSTEV
I have heard about the "Ransomware as a Service" concept before and it was a big eye opener to me in regards to the real level of threat we're all going to face soon – and last week I found this blog post with a sane explanation how it works. Take a time to read it, as I think RaaS will change IT as we know it.

With ransomware now so easy to create, there's no doubt we will see escalation of insider threats by an order of magnitude. Previously, if malware was something only skilled hackers could create, now anyone's babushka can create a custom ransomware dropper – because all it takes is a few clicks on the web site! "Effortless" is a good word here. After that, everything that hypothetical evil babushka needs to do is run the dropper on any computer – and wait for the ransom to start dripping! Do you start seeing the issue?

Some of you may say how this is not a new threat, and talk how principle of least privilege and physical server access restrictions simply becoming more important than ever... and they would be wrong. This IS in fact a dramatically new threat, because there is now money involved – and potentially huge money.

Of course, the whole concept is not new. To some extent, it is no different from deploying the letter bomb virus (thumbs up if you are as old as me) onto a computer class in your university – quite a common prank at times when I was a student. All of us grew up, many got a job in the exploding IT market, some got upset with their employer and that's were businesses started to realize a potential threat coming from insiders. So many people did bad things just because they were upset with their bosses – this alone was enough for them to justify all the hassle and risk, money was not even in the picture. In fact, we had this happened at my previous employer, resulting in major irreversible data loss of customer's data - the company lost millions and the person went to jail, all because he was upset he got fired (he would not make a penny regardless).

But now, having money in the picture will change everything. Thanks to the potential ransom, all of a sudden there is the real reason to take that risk. And what's worse, using their intimate knowledge of company's business processes, insiders can purposely target systems containing data that is most precious to the business, to ensure the company has no choice but to pay out some 7-figure ransom – because in the end, it is still going to be the cheapest way out. 

So, what does it mean? For one – CIOs can no longer trust anyone. We all know a saying "everything has its price", which is unfortunately true – even people with the highest morale standards sometimes cannot resist committing a crime when the reward is potentially so high, or so badly needed (because their child is dying and needs that expensive treatment). So, no business can now risk having "trust" as a part of their IT strategy, and they must always be prepared for the worst things potentially carried out by their own employees for a very simple reason.

Just ask yourself – what is your plan if a colleague who has just left for a vacation logs on remotely into your network from some country in the Middle East, deletes all online backups (both primary and their copies), and sticks the dropper on the production servers? This is certainly thousands times easier to pull in YOUR environment than robbing a bank, would you agree? Think about it. And sadly enough, you can't really prevent this without making it impossible for your IT staff to perform their job duties.

So, how businesses can protect against this much elevated insider threat? Three words: air gapped backups – "offline" backups that cannot be manipulated or deleted remotely. No, tight permissions won't help, as the right credentials can be obtained with a keylogger or through social engineering. Yet, something as simple as external hard drives or tapes in the executive's safe solves the issue completely! What if you have lots of data and hate tape? There are storage system with "read-only-ness" implemented in firmware, but you do need to ensure its physical security too. Or, you could simply go with the service provider who will keep a copy of your backups in the way that makes them not manageable remotely – for example, on the private network with no Internet connection or on tapes – and this will ensure no one from your company can possibly delete those!

I will talk more about the importance of air gapped backups in my breakout sessions at VeeamON 2017. But you really should act now and implement them today, because tomorrow it might be too late!



__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
donoli

Senior Member
Registered:
Posts: 505
Reply with quote  #2 
Quote:
Just ask yourself – what is your plan if a colleague who has just left for a vacation logs on remotely into your network from some country in the Middle East,


I wonder what made him pick the Mid East?
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 808
Reply with quote  #3 
As far as I know he is Russian or from eastern Europe and they oddly enough holiday in the middle east so they can guarantee some sUn and no snow.
__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
donoli

Senior Member
Registered:
Posts: 505
Reply with quote  #4 
Yes, it seems that he is from Russia but the pics/links to Trump & Reince Priebus on his Fakebook page made me think that there might be another reason.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.