maniacmusic (OP)
Jr. Member
Offline
Activity: 80
Merit: 2
|
|
August 03, 2020, 09:11:08 AM |
|
A recent hack of a major travel management firm has reportedly left attackers with USD 4.6m worth of bitcoin (BTC), after the company on July 28 was forced to pay to restore access to internal files, Reuters reported, citing a record of the ransom negotiations. The attack targeted up to 30,0000 computers belonging to the US-based travel management firm CWT with a type of ransomware known as “Ragnar Locker” that encrypts all files on a computer, rendering them useless until a ransom is paid, the report said. And although the travel firm did shell out BTC 414, currently worth about USD 4.6 million, the original demand from the hackers was reportedly far higher at USD 10 million. “It’s probably much cheaper than lawsuits expenses, reputation loss caused by leakage,” a message sent from the hackers to a CWT representative said, according to Reuters. The company representative, who said he communicated with the hackers on behalf of the chief financial officer, then managed to negotiate the ransom down to USD 4.5 million, the report further said. https://cryptonews.com/news/hack-forces-travel-company-to-pay-usd-4-6m-in-bitcoin-ransom-7304.htm
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
August 05, 2020, 08:31:26 AM |
|
Step 1. Someone anonymous does something outrageously egregious to cause harm to you (or someone you) know/love Step 2. Anonymous Someone asks you to give them something worth $10 million in return for undoing the bad thing
Q. Is step 3:
3a) Give them the $10 million. Why wouldn't you trust them? 3b) Give them nothing and take the hit. They've already proved they're total assholes
|
Vires in numeris
|
|
|
stompix
Legendary
Offline
Activity: 3066
Merit: 6631
Leading Crypto Sports Betting & Casino Platform
|
|
August 05, 2020, 08:43:41 AM |
|
Q. Is step 3:
3a) Give them the $10 million. Why wouldn't you trust them? 3b) Give them nothing and take the hit. They've already proved they're total assholes
Step 3 is assessing the damage and worst-case scenario 3a) If the problem can't be solved without paying the ransom, how much is the company going to lose? 3b) If the sum is exceeding the ransom by an order of 100 does it really matter if you're going to pay 4 million extra for nothing on top of the other 400? With a revenue of 1.5 billion, 4 million start looking like beer money. Oh, and I do hope they have already made the plans for step number 0, get rid of the idiot who caused this.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
August 05, 2020, 08:51:29 AM |
|
Step 3 is assessing the damage and worst-case scenario 3a) If the problem can't be solved without paying the ransom, how much is the company going to lose? 3b) If the sum is exceeding the ransom by an order of 100 does it really matter if you're going to pay 4 million extra for nothing on top of the other 400?
then step 4) Anonymous Someone takes the money, then reneges the deal, asking for more do they go back to 3a) and 3b) after that happens?
|
Vires in numeris
|
|
|
stompix
Legendary
Offline
Activity: 3066
Merit: 6631
Leading Crypto Sports Betting & Casino Platform
|
|
August 05, 2020, 09:10:15 AM Merited by malevolent (2) |
|
~
then step 4) Anonymous Someone takes the money, then reneges the deal, asking for more do they go back to 3a) and 3b) after that happens? In they do this, yes, there is no point paying again a ransom as the chances of actually getting the keys are pretty slim and the costs will start taking a serious bite, but at first, I would also vote for payment, I doubt hackers that are in this business would want to ruin their "reputation", as one case of a victim paying a ransom and not getting back their files would hurt their "business" far worse compared to what they could gain from extorting twice the same victim. But I think they they are using the same logic as I did when they ask for the ransom, they are putting the price at a level where the people running that business will say, "What the hell, let's give it a try", at this point, it's already as worse as possible!
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
August 05, 2020, 10:14:28 AM Last edit: August 05, 2020, 10:25:01 AM by Carlton Banks |
|
Major travel management firm, but they don't bother make various backup (e.g. online and offline backup) regularly. If they do it, i'm sure the damage would be less to the point they don't bother paid the ransom.
right there are a huge number of circumstances under which any company can lose access to it's data or to their computer system, internet attackers is only one such possibility. Regular data backups insure you against all types of data loss problems. If your company has no usable backups when whatever catastrophe hits you, you are responsible for that. This company sound like they're begging to go out of business; what sort of going concern can afford a 400 BTC ransom, but not a few hundred dollars/year for data backup? Sounds like a potential scam in fact, maybe they're intending to use some kind of insurance policy or bankruptcy/asset stripping scam to defraud someone. It's interesting that this is a travel company, an industry for which there is no immediate future. Getting out while minimizing losses by any means necessary may seem attractive to owners of travel/tour operators right now.
|
Vires in numeris
|
|
|
slaman29
Legendary
Offline
Activity: 2828
Merit: 1289
Livecasino, 20% cashback, no fuss payouts.
|
|
August 05, 2020, 11:10:23 AM |
|
It's like the American uni a few months ago, also managed to negotiate with the hackers and in fact the hackers went back and forth quite a few times and eventually settled with just over 1 million dollars.
They say it's cheaper than lawsuits. Hope companies now realize good security is cheaper than paying ransoms!
|
|
|
|
amishmanish
Legendary
Offline
Activity: 1904
Merit: 1159
|
|
August 06, 2020, 05:04:43 AM |
|
In the hinterlands of developing countries of Asia and Africa, if you were a successful business-owner, contractor, well-paid lawyer/ doctor, there was a possibility that goons will always be looking to abduct your kin, especially children for ransom. Such people used to hire private bodyguards and fleets of vehicles to safeguard their family and avoid paying millions in ransom.
Yet, if someone was ransomed, you paid if you could pay and didn't go to the authorities. Its no surprise that the company negotiated and paid the hackers what they could. A company build from scratch is your proverbial child. Hope they learn their lesson and hire some "muscle" to safeguard them from the bandits of Information era.
|
|
|
|
Karartma1
Legendary
Offline
Activity: 2310
Merit: 1422
|
|
August 06, 2020, 09:04:56 AM |
|
Major travel management firm, but they don't bother make various backup (e.g. online and offline backup) regularly. If they do it, i'm sure the damage would be less to the point they don't bother paid the ransom.
right there are a huge number of circumstances under which any company can lose access to it's data or to their computer system, internet attackers is only one such possibility. Regular data backups insure you against all types of data loss problems. If your company has no usable backups when whatever catastrophe hits you, you are responsible for that. This company sound like they're begging to go out of business; what sort of going concern can afford a 400 BTC ransom, but not a few hundred dollars/year for data backup? Sounds like a potential scam in fact, maybe they're intending to use some kind of insurance policy or bankruptcy/asset stripping scam to defraud someone. It's interesting that this is a travel company, an industry for which there is no immediate future. Getting out while minimizing losses by any means necessary may seem attractive to owners of travel/tour operators right now. I agree the most with what I've just highlighted from your comment. It's either the CIO or some IT manager that need to repay big or as you said there's something more than meets the eye.
|
|
|
|
Harlot
|
|
August 07, 2020, 10:36:17 PM |
|
The news indicated that even if CWT had paid the ransom the hackers have managed to stole 2 TB worth of information from the compromised computers containing employee information to security documents. This just shows us when it comes to ransomwares its really not good to give in the demands of the hackers as there is no guarantee that your files are untouched or will be clean after you pay. I'm wondering why these big companies don't have some kind of back up for data when something like this happen with their system since in this case they won't be pushed in a core like this one.
|
|
|
|
bbc.reporter
Legendary
Offline
Activity: 3108
Merit: 1491
|
|
August 08, 2020, 03:05:20 AM |
|
Step 1. Someone anonymous does something outrageously egregious to cause harm to you (or someone you) know/love Step 2. Anonymous Someone asks you to give them something worth $10 million in return for undoing the bad thing
Q. Is step 3:
3a) Give them the $10 million. Why wouldn't you trust them? 3b) Give them nothing and take the hit. They've already proved they're total assholes
Step 1. Travel company should insist that payment should be in bitcoin. Step 2. Use Coinbase to send the payment for hackers. Step 3. Inform Coinbase what had occured and request for blockchain analysis.
|
| | . .Duelbits│SPORTS. | | | ▄▄▄███████▄▄▄ ▄▄█████████████████▄▄ ▄███████████████████████▄ ███████████████████████████ █████████████████████████████ ███████████████████████████████ ███████████████████████████████ ███████████████████████████████ █████████████████████████████ ███████████████████████████ ▀████████████████████████ ▀▀███████████████████ ██████████████████████████████ | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | ███▄██▄███▄█▄▄▄▄██▄▄▄██ ███▄██▀▄█▄▀███▄██████▄█ █▀███▀██▀████▀████▀▀▀██ ██▀ ▀██████████████████ ███▄███████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ▀█████████████████████▀ ▀▀███████████████▀▀ ▀▀▀▀█▀▀▀▀ | | OFFICIAL EUROPEAN BETTING PARTNER OF ASTON VILLA FC | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | 10% CASHBACK 100% MULTICHARGER | │ | | │ |
|
|
|
Harlot
|
|
August 08, 2020, 09:28:49 PM |
|
~snip~
Step 1. Travel company should insist that payment should be in bitcoin. Step 2. Use Coinbase to send the payment for hackers. Step 3. Inform Coinbase what had occured and request for blockchain analysis. Not a really good idea especially when it comes to the face of the customers/users of Coinbase knowing that they can backtrack your transaction using them as a wallet payment. This will just look like Coinbase is a more centralized service rather than giving the users the freedom and some kind of privacy for their payments. Yeah it will give you the end result you are looking for but the only thing this will work is similar to those times where Coinbase will receive some kind of court order or subpoena ordering them to do so. But requesting the company directly from a person or company it may make them look bad on their service for the users overall.
|
|
|
|
bbc.reporter
Legendary
Offline
Activity: 3108
Merit: 1491
|
|
August 09, 2020, 01:19:46 AM |
|
@Harlot. It was a sarcastic comment hehehe. Clearly the hackers should demand payment in Monero, however, why not use Coinbase blockchain analytics for what it was created for hehe.
|
| | . .Duelbits│SPORTS. | | | ▄▄▄███████▄▄▄ ▄▄█████████████████▄▄ ▄███████████████████████▄ ███████████████████████████ █████████████████████████████ ███████████████████████████████ ███████████████████████████████ ███████████████████████████████ █████████████████████████████ ███████████████████████████ ▀████████████████████████ ▀▀███████████████████ ██████████████████████████████ | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | ███▄██▄███▄█▄▄▄▄██▄▄▄██ ███▄██▀▄█▄▀███▄██████▄█ █▀███▀██▀████▀████▀▀▀██ ██▀ ▀██████████████████ ███▄███████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ▀█████████████████████▀ ▀▀███████████████▀▀ ▀▀▀▀█▀▀▀▀ | | OFFICIAL EUROPEAN BETTING PARTNER OF ASTON VILLA FC | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | 10% CASHBACK 100% MULTICHARGER | │ | | │ |
|
|
|
pixie85
|
|
August 09, 2020, 04:43:33 PM |
|
I guess the cost of rebuilding their database would be greater than 4 million. I wonder how they got infected in the first place. The average employee doesn't have server access just his workstation and malware installed on a workstation should not infect the main server. It had to be done by someone higher in the corpo chain They're not the first and not the last company to pay. Garmin paid more than 4 million.
|
|
|
|
stomachgrowls
|
|
August 11, 2020, 10:04:24 PM |
|
Step 1. Someone anonymous does something outrageously egregious to cause harm to you (or someone you) know/love Step 2. Anonymous Someone asks you to give them something worth $10 million in return for undoing the bad thing
Q. Is step 3:
3a) Give them the $10 million. Why wouldn't you trust them? 3b) Give them nothing and take the hit. They've already proved they're total assholes
Step 1. Travel company should insist that payment should be in bitcoin. Step 2. Use Coinbase to send the payment for hackers. Step 3. Inform Coinbase what had occured and request for blockchain analysis. Do you really believe that those hackers would took off the bait and would follow on what you had insisted? In most cases they are the ones who would demand on what would be the payment terms on said ransom.They arent just dumb to make use of Coinbase to let themselves being traced but rather they would give out a specific own address and wouldnt mind on how they do convert it to cash. since the company is on the side which would need to follow on whats being instructed then they wont have any choice but to follow if they are really that serious on getting those keys because they do know that whats on stake if they dont agree with the terms.They wont just have a minimal financial damage if they do just skip and let it go this is why they are really willing to pay up the ransom..Just always have the doubt if those hackers will really be that honest with the deal or would simply ask out again for money even though they had already given the 4M usd. I guess the cost of rebuilding their database would be greater than 4 million. I wonder how they got infected in the first place. The average employee doesn't have server access just his workstation and malware installed on a workstation should not infect the main server. It had to be done by someone higher in the corpo chain They're not the first and not the last company to pay. Garmin paid more than 4 million. We dont know but one things for sure that neither it would be an inside job or totally being hacked since nothing on this world that cant really be bypassed.
|
| | . .Duelbits. | │ | ..........UNLEASH.......... THE ULTIMATE GAMING EXPERIENCE | │ | DUELBITS FANTASY SPORTS | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ████████████████▀▀▀ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | . ▬▬ VS ▬▬ | ████▄▄▄█████▄▄▄ ░▄████████████████▄ ▐██████████████████▄ ████████████████████ ████████████████████▌ █████████████████████ ███████████████████ ███████████████▌ ███████████████▌ ████████████████ ████████████████ ████████████████ ████▀▀███████▀▀ | /// PLAY FOR FREE /// WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
bbc.reporter
Legendary
Offline
Activity: 3108
Merit: 1491
|
|
August 13, 2020, 02:46:59 AM |
|
Step 1. Someone anonymous does something outrageously egregious to cause harm to you (or someone you) know/love Step 2. Anonymous Someone asks you to give them something worth $10 million in return for undoing the bad thing
Q. Is step 3:
3a) Give them the $10 million. Why wouldn't you trust them? 3b) Give them nothing and take the hit. They've already proved they're total assholes
Step 1. Travel company should insist that payment should be in bitcoin. Step 2. Use Coinbase to send the payment for hackers. Step 3. Inform Coinbase what had occured and request for blockchain analysis. Do you really believe that those hackers would took off the bait and would follow on what you had insisted? In most cases they are the ones who would demand on what would be the payment terms on said ransom.They arent just dumb to make use of Coinbase to let themselves being traced but rather they would give out a specific own address and wouldnt mind on how they do convert it to cash. since the company is on the side which would need to follow on whats being instructed then they wont have any choice but to follow if they are really that serious on getting those keys because they do know that whats on stake if they dont agree with the terms.They wont just have a minimal financial damage if they do just skip and let it go this is why they are really willing to pay up the ransom..Just always have the doubt if those hackers will really be that honest with the deal or would simply ask out again for money even though they had already given the 4M usd. I did not say ask the hackers to use Coinbase. That would be stupid hehe. The travel company should use Coinbase and request their blockchain analytics company for an analysis of the transactions on the hacker's wallet. Are you aware that Coinbase has become similar to a government contractor but for blockchain intelligence?
|
| | . .Duelbits│SPORTS. | | | ▄▄▄███████▄▄▄ ▄▄█████████████████▄▄ ▄███████████████████████▄ ███████████████████████████ █████████████████████████████ ███████████████████████████████ ███████████████████████████████ ███████████████████████████████ █████████████████████████████ ███████████████████████████ ▀████████████████████████ ▀▀███████████████████ ██████████████████████████████ | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | ███▄██▄███▄█▄▄▄▄██▄▄▄██ ███▄██▀▄█▄▀███▄██████▄█ █▀███▀██▀████▀████▀▀▀██ ██▀ ▀██████████████████ ███▄███████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ███████████████████████ ▀█████████████████████▀ ▀▀███████████████▀▀ ▀▀▀▀█▀▀▀▀ | | OFFICIAL EUROPEAN BETTING PARTNER OF ASTON VILLA FC | | | | ██ ██ ██ ██
██ ██ ██ ██
██ ██ ██ | | | | 10% CASHBACK 100% MULTICHARGER | │ | | │ |
|
|
|
|