Garmin paid off the ransomware? It remains to reliably figure out the size of the ransom, but we are probably talking about millions of dollars. Those who voted for the amendments to the Constitution enriched the hackers. However, as well as those who voted against the amendments. Modern phishing: speed and professionalism on both sides, both scammers and those who fight them.

How much is Garmin today?

The Garmin case illustrates how powerful and effective various Ransomwear (ransomware) and other forms of blackmail can be, threatening to “kill” the IT infrastructure and / or put the victim’s databases up for sale. It’s just that Garmin took hostage not only its own infrastructure, but also the devices manufactured for sale, as well as, most likely, the personal data of millions of customers. The scale of the disaster is hard to imagine, read Eldar’s detailed analysis in his latest Spillikins here.

It is easy for experts to argue that paying hackers the required ransom should not be, as this encourages fraudsters to continue and expand their “business” in this direction. It is far from easy for already affected companies to make a choice; I understand their leadership very well. Refusing to pay and rebuilding the entire infrastructure is expensive. According to the note on the Anti-Matware resource here, Garmin received a complete set of hacker software needed to deactivate the encryption ransomware. There are no statements about whether or how much the ransom was paid, but initially $ 10 million was demanded from Garmin. There have already been reports that the company paid $ 10 million, but journalists are always rushing to conclusions. Yes, they wanted 10 million, but how much they got in the end, only those who are unlikely to share their knowledge with the general public know. One way or another, it is important for you and me that the decision has been made (I hope) and the problems for existing and potential customers should end there, the issue is closed.

Do you think that $ 10 million is a lot? No, this is still not so-so earnings from a well-made ransomware-ransomware. In the team of hackers there are smart people who probably take the ransom figures not from the ceiling, but after a rough assessment of the “client’s” solvency. Read the fresh materials about the ransomware NetWalker (formerly Mailto), a small note here. If the English language does not bother you, then it is better to read the detailed material on Gizmodo here. MacAfee estimates that this NetWalker “earned” about $ 25 million for its owners in just five months. With such profitability, NetWalker got into the top five of the most successful ransomware, that is, the total profitability of this entire business can be roughly estimated at about $ 400 million per year.

In general, an interesting animal. The highest level of automation of payment processing of victims, the payment is registered, the victim is entered into the database of those who paid, and the decryptor is automatically sent to the sender of the payment. They write that before its full-scale launch in the victim’s system, the ransomware collects valuable information from computers and sends it to its owner, which then becomes an additional weighty argument in favor of payment. Naturally, those who want to use this extortionist are selling it, but also beautifully, not as property, but for rent, along with all the accompanying infrastructure. The buyer is directed to a special network resource, where he is given the opportunity to collect his personal customized version of the ransomware.

Continuation of the banquet, now Canon?

Read the news on Mobile-Review here, everything is very similar to NetWalker. Only the ransomware operator team is different, and the ransomware itself is different, now it’s Maze. However, the horseradish radish is not sweeter, and the effect is about the same: give the dengY urgently, otherwise we will not remove the block and publish a bunch of information that has been drained from you! More details and screenshots can be read here (English language). It seems a little less disastrous than with Garmin, the performance of the devices does not critically depend on the viability of the corporation’s Internet resources. But it was still not fun, and they probably asked for a lot of money, they write about the same 10 million.

I put a question mark in the title for a reason. Canon issued a notice that following the July 30, 2020 attack, they were forced to disable access to the client’s photo storage and stop mobile applications. An audit revealed that a number of images were missing, which Canon reported to affected users. As one of the users of the Canon service correctly noted, it is very likely that Canon refused to pay the ransom and restored the contents of its databases from backups. Naturally, with the loss of some user data

Have voted, however!

If you voted online for / against the amendments to the Constitution, then your civic responsibility has enriched the hackers a little. If your fresh and confirmed passport data is interesting to competitors (for example), then everyone who bought a line with your data paid the hacker 60-100 rubles for it. We are talking about the safely “leaked” database of passport data of participants in the electronic voting on amendments to the Constitution, which took place from June 25 to July 1. They write about the “merged” database of 1.1 million records, look how conscious and responsible we are! No, personally, I will not vote remotely anymore. With such a disregard for officials in the future, only go with their feet, throw a piece of paper into the box and sign in the granary book. Also, if desired, data can be stolen, however, a significantly greater labor intensity will at least reduce the likelihood of such an event. Read the article in Kommersant here. What can you do, we have such officials and other state workers. Anything that can be stolen relatively easily and sold for a modest fee will still be stolen and sold, this is an axiom. Guess, without reading an article in Kommersant, how the State Duma proposes to fight this phenomenon? You would never guess. They propose to introduce criminal liability for the buyer of personal data, how! Like, they all at once will be scared together and will stop buying stolen data, demand will drop sharply, and they will stop stealing.

The passport data in the database was encrypted, but together with the database, the decryption program was carefully stolen, so everything is fair here, they do not take money from customers “by air”. By itself, no one really needs passport data, they are available in the public domain for free, but the seller advertises the freshness and relevance of the database being sold and offers a “comprehensive service”: to supplement the fresh passport data of the customers needed by the buyer with SNILS and other personal information.

In general, every year in the face of tough competition (there are many thieves, but few databases), sellers improve the quality of customer service by offering them combined and package solutions. Including they even offer regular free updates of the sold databases. Yes, our marketers still grow and grow to the level of service of our own hackers!

About phishing: not just fast, but very fast

It seems that I do not hesitate to read publications about fraud and other unpleasant things, but I am regularly surprised at how quickly this whole thing is developing. And, accordingly, the knowledge of how this all happens is hopelessly outdated.

Read the material here, a couple of quotes:

“A team of cybersecurity researchers, including employees from Google, PayPal and Samsung, spent a year analyzing phishing attacks and studying how users interact with fake pages.

The joint project of several giant companies turned out to be large-scale without exaggeration. The specialists analyzed 22 visits to 553 phishing pages. “We found that a standard phishing attack lasts 707 hours from the first to the last victim. And detection of such campaigns by anti-phishing tools occurs on average nine hours after the visit of the first victim, ”the experts cite statistical data. After detection, it should take about seven more hours before the user’s browser warns him about a threat when he visits a phishing page.

7,42% of victims, according to researchers’ statistics, entered their credentials, transferring them into the hands of attackers. And the latter, within five days after receiving the login and password, tried to hack the account with their help. “

The magic of big and small numbers. It seems that 7.42% of victims are very few, but the total number of potential victims is millions. As the saying goes, “and five old women – already a ruble!”. I was a little shocked by the pace of what was happening, literally a few hours after the start of the attack. Then browsers start to issue warnings when visiting a page, and phishing sites actually stop working. New pages are created, a new attack is launched, and so on in a circle. For some reason, I thought that phishing pages were relatively long-lived, and that warnings in browsers began to appear after a certain number of user complaints accumulated.

And further. There is a widespread belief that the person who got hacked after visiting a phishing site was largely to blame. Say, how could you not see a fake? How could you not see it. Unfortunately, today a specialist cannot distinguish a fake from the original. Fake pages are made by professionals, carefully copying all the details of the original and receiving substantial royalties for their product. Gone are the days of pages stuck together on the knee. So there is no need to rely on one’s own attentiveness for a long time. The only thing that helps out is the text in the address bar of the browser, it cannot be faked. And even here there are some nuances, the scammers include in the name something that looks believable and corresponding to the theme of the original site.

Instead of a summary

Have you noticed how quickly things changed? Until recently, effective protection against everything was reduced to using antivirus and some elementary care. Now I don’t know anymore … You read about all these hacker delights and you realize that even a single mistake by inattention (for example, accidentally poking at a link sent by another) can lead to a chain of major losses and troubles. If you have passed all this, then you are most likely of little interest as a target. There is no universal recipe for protection, there is no ideal protection and there never will be. Whining is useless, howling at the moon is not constructive. Make backups at least once a month. I was once fabulously lucky: all of a sudden a disk crashed, and I backed up my mail and all working files just a few days ago. It was a long time ago and only once, but the lesson learned was reliably learned.

As for all these databases, which are regularly stolen and leaked, I would not advise you to worry so much about your invaluable personal data. In most cases, all this will only be used for targeted marketing and spam, and if for social engineering fraud, then such attempts are still difficult to avoid. Not in one, so in another merged database you will still light up, and then how lucky you are. Undoubtedly, some people are purposefully “grazed”, but such people are well aware of this and hardly need banal advice.

Related Links

Share: 

we are in social networks:

Anything to add ?! Write … eldar@mobile-review.com