[AusNOG] Ransomware...

Karl Kloppenborg karl at hyperconnect.com.au
Fri Sep 23 13:09:37 EST 2016


I personally think that anything like a breach or ransom situation should
be reported and not covered up.

It's up to the board of the company to decide whether to negotiate or not,
you can always weigh in with a recommendation though.

Also on top of that, if you do engage as a none director (assuming IT
sysadmin role) you're now liable I believe?

At the end of the day though, it's probably likely that paying will result
in more ransoms.

--Karl
On Fri, 23 Sep 2016 at 12:49, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> Obviously it would be deplorable for anyone in a position of authority
> (eg. company directors) to countenance making payments to extortionists.
> Cyber extortion is a business, and if through the company's and the
> directors incompetence they have become exposed, they should suck it up.
> I'm appalled anyone would actually consider allowing their company's
> reputation to be drawn within the gravity of a criminal business model. And
> we won't advise our customers of the breach, no, we'll just quietly keep
> our heads down and not admit we've exposed customer data to criminal
> enterprise.
>
> Kind regards
>
> Paul Wilkins
>
> On 23 September 2016 at 10:18, James Warne <jwarne at vigilant.it> wrote:
>
>> I used this service called Dr Web to remove the decryption from a
>> Friend’s parents computer.
>>
>>
>>
>> Ended up being about $200 AUD and got everything back…
>>
>>
>>
>> https://support.drweb.com/new/free_unlocker/for_decode/?lng=en
>>
>>
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Matt
>> Richards
>> *Sent:* Friday, 23 September 2016 6:28 AM
>> *To:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] Ransomware...
>>
>>
>>
>>
>> What's wrong?
>>
>>
>> http://www.networkworld.com/article/3073495/security/kansas-heart-hospital-hit-with-ransomware-paid-but-attackers-demanded-2nd-ransom.html
>>
>> "Yes, the hospital paid the ransom. No, the hackers didn’t decrypt the
>> files—at least it was described as not returning “full access to the
>> files.” Instead, the attackers asked for another ransom."
>>
>> That's what's wrong.
>>
>> Matt.
>>
>>
>> On 23/09/2016 5:03 AM, Skeeve Stevens wrote:
>>
>> What's wrong with negotiating? I've had a couple of customers talk down
>> Ransomware attacks to about half the price.
>>
>>
>>
>> If you need the data (no backup, can't restore), what's the harm in
>> asking?
>>
>>
>>
>> ...Skeeve
>>
>>
>>
>> *Skeeve Stevens - Founder & The Architect* - eintellego Networks Pty Ltd
>>
>> Email: skeeve at eintellegonetworks.com ; Web: eintellegonetworks.com
>>
>> Cell +61 (0)414 753 383 ; Skype: skeeve ; LinkedIn: /in/skeeve
>> <http://linkedin.com/in/skeeve> ; Expert360: Profile
>> <https://expert360.com/profile/d54a9> ; Keybase:
>> https://keybase.io/skeeve
>>
>>
>>
>> On Thu, Sep 22, 2016 at 10:58 PM, Kristoffer Sheather @ CloudCentral <
>> kristoffer.sheather at cloudcentral.com.au> wrote:
>>
>> Rule #1 - never negotiate with terrorists.
>>
>>
>> ------------------------------
>>
>> *From*: "James Hodgkinson" <yaleman at ricetek.net>
>> *Sent*: Thursday, September 22, 2016 10:56 PM
>> *To*: "Michael Bullut" <main at kipsang.com>, "Australian Network Operators
>> Mailing List" <ausnog at lists.ausnog.net>
>> *Subject*: Re: [AusNOG] Ransomware...
>>
>>
>>
>> Nuke the machine, restore from backup.
>>
>>
>>
>> Pub?
>>
>> James
>>
>>
>>
>>
>>
>> On Thu, 22 Sep 2016, at 22:45, Michael Bullut wrote:
>>
>> Greetings Team,
>>
>>
>>
>> Anyone that has succeeded in eradication without sending a ransom?
>>
>>
>>
>> Warm regards,
>>
>>
>>
>> Michael Bullut.
>>
>>
>>
>> ---
>>
>>
>>
>> *Cell:* *+254 723 393 114.*
>> *Skype Name:* *Michael Bullut.*
>>
>> *Twitter: **@Kipsang <http://twitter.com/Kipsang/>*
>>
>> *Blog: **http://www.kipsang.com/ <http://www.kipsang.com/>*
>>
>> *E-mail:* *main at kipsang.com <main at kipsang.com>*
>>
>>
>>
>> *---*
>>
>> *_______________________________________________*
>>
>> AusNOG mailing list
>>
>> AusNOG at lists.ausnog.net
>>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>>
>>
>> Message protected by MailGuard: e-mail anti-virus, anti-spam and content
>> filtering.
>> http://www.mailguard.com.au/mg
>>
>>
>> Report this message as spam
>> <https://console.mailguard.com.au/ras/1PiQVdD2wb/EO2vpAoqT19a9Dnr06wpm/0.212>
>>
>>
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> AusNOG mailing list
>>
>> AusNOG at lists.ausnog.net
>>
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160923/d46de5f4/attachment.html>


More information about the AusNOG mailing list