We have seen CryptoWall hit a number of systems too over the last month or two
for different organizations around the city. Has anybody on the list been able
to determine the attack or infection vector for it? We'd really like to figure
out how it's getting into the networks and systems to begin with.
Just figured I'd throw the question out there.
David J. Veer
david.v...@me.com
On Nov 14, 2014, at 10:50 AM, John Quigley <quigs...@gmail.com> wrote:
Thanks, all, for the comments and advice. I have given your recommendations and
comments to my friend.
I was particularly struck by Mr. Guarino's story about receiving support from
Cryptowall's operators after he paid the ransom. That's a great story, even if
it portends badness for our time.
Just to add a couple data points that I became aware of after I posted...
* This is Cryptowall, so no easy key recovery like has been reported with
CryptoDefense or others.
* The malware arrived through a fake fax attachment in Outlook that a receptionist opened.
* He did have backups, as many have asked about, but they must have been
through a connected drive because they were encrypted as well. His IT was
outsourced to a local firm.
In talking with someone at a local cloud company yesterday, I learned that a
number of large organizations in our town, including banks, have been hit with
Cryptowall in the past few weeks. On the news this morning was a report of a
sheriff's office in TN paying the $500 ransom after working with FBI.
Crazy stuff. Thanks again.
On Thu, Nov 13, 2014 at 6:32 PM, David Lang <da...@lang.hm> wrote:
You also don't know if the records were tampered with. The fact that they
were able to encrypt them shows that they had the capability to tamper with
them.
It's not a likely attack (too much money to be made with the simple
approach), but it's possible.
David Lang
On Thu, 13 Nov 2014, Morgan Blackthorne wrote:
My thought would be that if something got into the setup enough to
encrypt
the files, it could have also transmitted them.
On Nov 13, 2014 1:56 PM, "Bill Bogstad" <bogs...@pobox.com> wrote:
On Thu, Nov 13, 2014 at 7:42 PM, Tracy Reed <tr...@ultraviolet.org>
wrote:
On Thu, Nov 13, 2014 at 10:11:28AM PST, Morgan Blackthorne
spake thusly:
I'd be wondering if HIPPA requires him to disclose the
breach to his
clients since it is medical information.
Yes.
http://www.hhs.gov/ocr/ privacy/hipaa/administrative/
breachnotificationrule/
But if he didn't even have separate backups I doubt he will be
overly
concerned
about this. For better or worse, odds are DHHS will never know
about it
unless
one of his patients reports him so likely nothing will come of
it.
I'm not so sure. If the data was encrypted in place (never left
his
systems) then
it was never disclosed to inappropriate parties and my reading of
that
link is that this would not be considered a breach. Not that this
would make me happy as a patient...
Bill Bogstad
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
