That's accurate, from the standpoint of being able to recover data. It is equally important to have infrastructure for restoring compromised systems to a functional state. Ransomware is also often designed just to halt a company's operations, so they pay to restore service, not necessarily pay to gain access to data they had no backup of. A hospital system is a good example; if they can't easily get 1000's of desktop computers back into service, they're losing massive amounts of revenue per day, even though those computers had no useful data.

Hi David, thanks for the info. I wasn't aware of this other type of ransomware. I would think that this type of attack can be prevented by standard security measures such as running anti-virus software and using strong passwords. So again, it's kind of a sad commentary about the number of companies that aren't taking these standard precautions. Or am I mistaken about that?

Yep, for corporate and government networks, disabling mass amounts of systems is usually the goal; holding data hostage tends to work better on consumer computers where there are no backups. It's unfortunately not entirely uncommon for weird equipment to require some proprietary setup where it may not necessarily be easy to quickly deploy OS updates, have quality and up-to-date antivirus software, etc. Examples would be healthcare equipment, especially if it's FDA certified where they may even be forbidden from updating the attached computer, industrial controls, hardware with drivers that aren't kept up to date, so on and so forth. Of course keeping those types of systems on an isolated network is almost mandatory for keeping them from getting hacked. These scenarios are not particularly unusual in hospitals, factories, what I'd wager is probably pipelines where custom automated control systems are in place, while on the government side, those are typically just mismanaged and nightmarishly out of date.

Then there's the fact that lots of infrastructure is OLD, and there aren't patches, and there is no inherent security in the system. And retrofitting new tech into some of these areas is problematic as whole systems would need to be pulled out and redone.

Finally there are many business/organizations that can't or haven't put much budget into their IT and are thusly ripe for being caught without recent and easily restore-able backups.

We use a reputable online service to backup all of our computers, it works great! We also use a professional business class VLAN router/firewall, had it professionally configured and of course anti-virus software.

But nothing is a 100% secure. Take the Chinese Communist Party, they have stolen many of our country's national defense technology via the internet.

Somewhat related, I have a client getting bombarded with "ethical hacking" email warnings about "clickjacking" from someone that is concerned. "We found a vulnerability..." Pay me a bounty when you've verified the vulnerability.

I suggested the client ignore the email or flag it as spam.

Anyone here experienced "clickjacking?"

Scott

ids I've not experienced it myself, but depending on what sort of client side libraries the site is running, there might be a vulnerability there. I've seen the results of it though, and it's wild.

Do Tell.

Scott

Imagine that every link you click opens a new window with warning text, and then the new window begins to open popups. Popups with out close buttons. Hidden confirmation windows. A completely un-useable mess. This is kinda the worst case scenario.

Some, are more subtle, they just slip a banner in where it wasn't at first. But then the element is z-indexed above all the content, so any click is registered by the new element first, and the previous mayhem ensues.

Or the click activates some malicious code that exploits a browser vulnerability that installs the ransom ware on the computer.

In any case having any one other than your ISP between you and the site is bad news.

And come to think of it, there's more than a few ISPs I don't want in there either.

Thanks. This is an interesting rabbit hole.

My client's store is Colossus. Uses default clientside. But my quick research basically points to malware. So, the malware in essence will act on sites the user is loading in the vulnerable browser? I have not seen anything you can do from an HTML coding standpoint. So, that is the question. Malware? Coding? Prevention? My first logical guess is people browsing need to use antivirus or malware protection systems?

Scott

For a lot of these issues the best defense is a well protected browser. It sounds like your user's browser/computer is the part that has the malware.

I need to confirm this, but I believe that all of the Miva written JS is already following industry best practices when it comes to clean and sane code. This is the "server side" aspects that can be used to help mitigate the malware.

Thanks.

BTW: it was the client getting phishing emails from an "ethical hacker" expecting a bounty for discovering the "vulnerable in the site. The store was wondering what had to be done.

Scott

Ohhhh! That is fishy!

There are ethical hackers out there, but demanding payment upfront about a supposed flaw, reeks of scam. If they're after more than money (aka believe in securing the internet to make it safer for all of us) and if they have found a real vulnerability, AND they're ethical, they'll show you the exploit or a proof of concept that shows that there is a real vulnerability.

Then, if there isn't a preexisting bounty program negotiations should go into how payment and a patch and disclosure will work.

At least that's what I understand about the process from listening to a number of Info Sec podcasts, aka I'm no expert, but I have heard some things.