Heard one of the best presentations ever today at the Tri State Telecom Conf in Sun Valley, Id. It was a real world story told by the CEO of Syringa Networks.
He said he would share his PPT. If he does I will post it there. It was striking how he described how professional the extortion guys were. They even offered references to assure them if they paid they would get their files back. They paid the ransom in bitcoin. The FBI was zero help. It was actually their insurance company that provided the most helpful guidance. The insurance company said “relax, we do this 5 times a month”. He would not say how much it cost them. He recommends you pay if you are dealing with an “ethical” extortion company. They have transitioned away from anything microsoft as much as possible. Giving everyone ipads or macs. Making everything cloud based. 2FA authentication using fobs (I think). Airgapped local backups. It was a two stage attack. First came from a worker taking a laptop home and getting infected with something that then was brought to work to spread. They stampped it out. Apparently that virus collected info that was sold to the ransomware company that used it to expertly infect their whole network. One take away is DO NOT REBOOT. If you do you are screwed. He said linux systems running on a VM running on a windows machine were fine, but the machine was frozen. They could not do anything with it.
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
