Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
US Mayors Commit to Just Saying No to Ransomware
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
7/17/2019 | 8:59:40 AM
Re: Correct response
Let us see if these same people commit to hiring QUALIFIED IT PROFESSIONALS and maintain a tested disaster recovery and backup plan??   Betcha a bunch won't do that and claim cost as an issue.
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/17/2019 | 7:58:25 AM
Re: Correct response

I agree, but the problem with Georgia or Florida agencies (government) is they did not have the resources in place to address the problem (ransom payments 10K, 600K and 450K). It would have taken them months to recover (time-sensitive, case and healthcare situations). In the instance of one agency, they spent 1.2 million to recover, put in mitigating procedures but the ransom was only 50K (they lost in countless areas; did they really address the problem?).


 

In certain instances, you have to weigh the cost, there was an instance where the captors provided a way to recover part of their data (proof). So it is hard to determine if they are telling the truth or not, in this instance, they obtained proof. But in the case of the FBI (https://www.fbi.gov/investigate/cyber), they say not to pay them but when the mayor or governor is asking for pertinent court or hospital information that could affect the lives of others, I don't think it is so cut and dry, you have to weigh your options (in this case the Mayor stood by his beliefs).

RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
7/16/2019 | 2:20:20 PM
Correct response
This is always the correct response. You operate under two assumptions if you don't. You expect your non-ethical attackers to act ethically and return your data after payment. Secondly, that they won't try to sell that data even after its provided to you. They could also maintain their foothold and just compromise your data all over again. Rinse and repeat. Always smartest to cut your losses and look to mitigate their present entry and proactively ensure that you do not end up in this situation again.


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13552
PUBLISHED: 2019-09-18
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE-2019-15301
PUBLISHED: 2019-09-18
A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.Const() in Terrasoft Bpm'online CRM-System SDK 7.13 allows attackers to execute arbitrary SQL commands via the value parameter.
CVE-2019-5042
PUBLISHED: 2019-09-18
An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.
CVE-2019-5066
PUBLISHED: 2019-09-18
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs ...
CVE-2019-5067
PUBLISHED: 2019-09-18
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerabi...