THE TIBERIUM BLOG - recent events, threats, and all things cyber

Mine’s a Double, Trouble

The Ragnar Locker outfit has been right at it over the last few weeks. We have heard of companies large and small being taken out by their devious and despicable activities in which they obviously encrypt as much of the victim’s shizzle that they can get their filthy little paws on and then use a number of tactics to extract payment.

The usual first contact will be an email. Who knows, perhaps some of you have had the misfortune to receive one of these poorly worded missives that when read carefully, do not actually promise to decrypt the data on receipt of the monies, but do promise to publish or sell the data stole to third parties, on The Dark Web (mwahaha).

It would seem that the Ragnarnauts have a new Marketing supremo, perhaps someone who used to work at Google, Facebook or any other online advertiser selling false promises and golden dreams.

In what could only be described as an eye-opening turn up for the books, the Ragnar gang have ridden into town, hacked numerous Facebook accounts and used them to take out online advertisements to shame the original target into paying by making them look stupid. Pretty devious stuff.

This has been the experience of none other than the Campari Group and was initially reported by the esteemed Brian Krebs and has now been more widely reported.

The word on the street is that their tactics are about to become more widespread as one lot of Russians criminals copy the other and so on. So, what to do about it?

If you are a very well respected maker of the mightily loved game series of yore ‘Street Fighter’, Capcom, the answer would appear to do what many security professionals advise, be transparent about the breach, be transparent about all data lost and inform all affected third parties, do not pay, and then —recover from your very up to date backups. Which, of course, is where many of the issues begin

Obviously, with wailing and the gnashing of rotten teeth, The Ragnorites pressed ahead and started publishing some Capcom data, which has been largely well-received by the community with some users saying how much they are looking forward to forthcoming releases!

Of course, there are some problems. Some of the Capcom data is Personal information of customers and staff members, and so Capcom will be looking at some kind of fine. One can only hope that its attitude and transparency will result in a level of leniency. Fingers crossed. As they used to say on Street Fighter back in the day “Whether we win or lose, all of our battles make us stronger!”.

The advice to try and prevent Ransomware and other attacks is the same as it ever has been:

  • Educate your staff about phishing attacks
  • Understand exactly what you have facing the Internet and ensure it is patched, always]
  • Be aware of the patching state of your entire estate and have a patching programme.
  • Segment your network to prevent connectivity between devices that do not need it
  • Implement-anti Phishing on your mail systems as tightly and possible
  • Have a specialist company on speed dial

In dealing with a Ransomware attack recently, the Client utilised the services of a specialist ‘decryption’ company which were based in London. If we were to put a bet on how this decryption occurs, we might suggest that these people are nothing more than brokers for the criminals and are also best avoided if possible. What do you think?

Tiberium’s Hybrid SOC platform and incident response expertise can help you effectively minimise the risk of a Ransomware attack and should the worst happen, overcome it quickly and effectively. We would very much like the opportunity to show you our warez. Please contact us here.

Share on: