room keys don’t work for 48k rooms nationwide, the reservation system is down, slot machines are down, ATMs are down https://twitter.com/lasvegaslocally/status/1701311580611506459?s=46&t=OV2cGZ5b-TL_uDtZUzVmWg
Imagine all of the furious seniors on the slots right now. Can't fathom the level of cruelty and hate they must be spewing
How does one going about requesting a ransom from a company of that size? Email the CEO? Blast email the board? "Hey we got your whole shit, send Bitcoin to here."
That's fair. idk what made that part pop in my head, just curious. Maybe a text tot he CEO or head of IT? I need details on how it plays out.
In our case, the file contained detailed instructions on how to make payment, no contact requested. We didn't pay because it was some simple shit, apparently. We did have an IT guy fired for it. Bad file he downloaded
may company was part of the notpetnya attacks in 2017. The computers had this contact note on them, but they ended up realizing it wasn’t a ransomware attack was one of the wildest mornings of my life walking in and seeing that on all the computers and then going upstairs to IT and it just being a war zone “unplug that? No don’t unplug anything!” While on with the server people who were on with the FBI
Yeah in my company, I'm sure there's been other attacks. The only reason I know the details of this exact case is because I was the one that stumbled onto it. I start work around 6am most days, even rolling into the office pre-COVID at that time. Our old phone system stored .wavs for our IVR in a network drive and I went to update one and it was locked. Then I noticed the entire folder was locked. Then I noticed every file in every folder in that network drive was locked. Then I noticed every file's last change was from the same user. Then I found a .txt file. Then I called our CIO.
I think they said they traces ours back to someone over in Germany or something who fell for a phishing attack. We were legitimately shit down for 2 weeks. Windows, the fbi, and some people from overseas all came in to try and fix. They had to rebuild essentially everything they’ve sent those really obvious test emails like 1-2 times a month since then. The first one after the attack, the IT group had like a a 1-3 fail rate and the CIO lost his shit
not the screen, at least in this case the slot machines and hotel screens are all just showing the same image right now:
We sent out a really fucking crafty one a few months ago that had about the same fail rate, including some in both IT and Operations senior leadership. Was right before summer and the subject was "Summer Flex PTO"...just impeccable timing.
I think there was a lot of pushback and insurance companies tried to say the one that hit us was an act of war by the Russians so it wasn’t covered. Here’s an article about it https://therecord.media/mondelez-and-zurich-reach-settlement-in-notpetya-cyberattack-insurance-suit
And the amount was meaningless. It wasn’t a ransomware attack. It was just built off an older ransomware attack. It was to shut down Ukrainian government
how big is the company, may still be a deal Spoiler I really don't care, do you? I'm just shit posting while waiting on dinner
Company IT got me with one of those. Coming out of COVID and they sent one out that looked legit enough talking about how it's been a tough year and they're giving everyone a free holiday ham, Click here to claim it. Of fucking course I clicked to claim a free ham, dammit!
oh yeah that one was a big deal, Zurich didn’t have a strong enough exclusion for cyber attacks, tried act of war because it was the best they had. ultimately they’re right that the property policy shouldn’t cover cyber attacks per se, but their form wasn’t clear and the tie always goes to the insured
I finally fell for one of the test phishing emails our IT team sent out. Insanely deceiving. Now I simply don’t look at anything within an email. They’ll never get my response on a company survey or charity drive.
“how am I supposed to gamble my monthly SS, UAW pension, 401K, Coventry Direct Life Insurance buyout, and reverse mortgage?” - Arthur and Bertha yolo’ing in Vegas knowing they’ll be long dead before any of those systems collapse.
Either opening a locked file, or the ransomware will auto display a message on the screen with contact information. Situation like this you call in Incident Response firms/FBI to negotiate. They are highly specialized and work to determine if they can recover through backups, find the decryption keys if it’s a a known ransomware (doubtful considering the scale of this) or they pay. Problem with paying is you A) don’t know if they’ll actually unlock anything B) If they also stole data you have to trust they don’t dump that information on the web after payment. Cyber insurance exists but it covers more than just the ransomware payment - those incident response firms, PR, legal, certain business losses, hardware if things get bricked after this, etc.
All this. Have good backups and this isn’t really an issue. As long as the backups don’t also get encrypted. Otherwise it is usually impossible to recover the files. Companies usually end up paying bc they don’t backup enough or segregate it well enough and would lose too much critical data. Companies sometimes pay and still don’t get the data unencrypted. It’s a real shit situation.