Mr Steve Gibson Steve, Leeann, Microsoft discussed on Security Now
Do the University of UTAH? ? Jack. . Daniels. Whiskey. . . And Carnival cruise lines all have in common. . Well Friday last last Friday. . The University of Utah revealed that it had paid a ransomware gang four, hundred , and fifty seven dollars. . And fifty nine cents. . Four, , hundred, , Fifty, , seven, , thousand. . Yes I got that would have been. . Four hundred and fifty, seven, , , thousand dollars and fifty, , nine, , hundred, , and fifty thousand. . Fifty nine dollars. . which sort of begs the question or they get that number? ? Now that I finally got it out correctly, , it's probably bitcoin. . Nine dollars like half a million bucks. . It's like the Bitcoin version thing they probably would. . Yes somewhere. . BITCOIN that turned out to be that. . And what's interesting is that was not to obtain the decryption key for their files. . They didn't need it because it turns out that very few of their files were encrypted but rather her and Leo I know this goes to you know the thing that were you just kind of like. . Grit your teeth to purchase the promise. . From the extortionists. . That the student information that had been exfiltrated beforehand while. . Yeah that's not be publicly released your Seymour. . One this is big. . Yeah. . Yeah. . They're they're they're just they're hoping that the there is honor among thieves and that <hes> these guys will keep their word in senators. . Word is that if if you want others to pay you yes. . That's it. . Exactly. . If, , of course, , ransomware gangs or not all the same but and didn't we hear no, , it wasn't <hes>. . It was cannon that had some information leaked last week that we reported on and so so <hes>. . Lawrence over at bleeping computer has said that you know they assumed since the jetsons cannon got themselves back up relatively quickly that they had paid the ransom. . But now since the extortionists in that instance were leaking the information, , maybe cannon had restored from backups and said, , Nah, , we're not paying your stinking ransom and the bad guy said. . Here comes your <hes>. . You know your your private corporate <hes> next decade plans for the future. . How do you? ? How do you want that? ? How how do you feel about that being leaked? ? Anyway. So . the in this case University of Utah explained. . That it had dodged a major ransomware incident and that the attackers managed to encrypt only zero point zero, , two percent. . Of the data stored on their servers. . And the university staff was easily able to restore that from backups. . However, , the ransomware group then threatened to release student related data see they had obtained and exfiltrated. . So, , the university said after careful consideration, , the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. . This was done as a proactive and preventative steps to ensure information was not released on the Internet and again to the extent that such. . Can Be ensured. . The Cyber Insurance policy pay part of the ransom, , and the university covered the remainder no tuition grant donation state or tax payer funds were used to pay the ransom thought that was an interesting explicit statement that they made. . They said, , the university disclosed that the attack took place a little over a month ago on July nineteenth twenty twenty and the network belonging to the Collar College of social and behavioral science was the victim. . So Apparently A. . A you know as a sub set of the. . Entire Larger University. . was where the break in occurred and there must have been some isolation there. . So anyway, , that is one of the three and presumably they were able to negotiate a cheaper payment in order to you know because they hit the bad guys hadn't managed to get. . The bulk of the of the university stuff. . But you know they did pay for they promised to not share student data, , and as you said Leo, , the reason that would be honored as well as you know, , nearly half a million dollars. . And they want to do. . Yeah exactly. . You got to build your credibility. . Exactly And two other large and notable recent ransomware victims were Brown forman famous for their distillation of Jack Daniel's Tennessee whiskey. . And Carnival cruises. . The Jack Daniels folks said are quick actions upon discovering the attack prevented our systems from being encrypted. . Unfortunately again, , we believe some information including employee data was impacted. . We are working closely with law enforcement as well as world class third party data security experts to mitigate and resolve this situation. . As soon as possible, , there are no active negotiations so. . In that. So . that says it sorta sounds like. . <hes>. . Oh, , in fact, , a that statement from Brown forman came after Bloomberg News reported that it had received an anonymous tip of the ransomware attack a site on the dark web claiming to be run by members of the reveal strain. . A ransomware says that it had obtained a terabyte of data from the Louisville Kentucky based. . Brown. . Foreman the site said that stolen data included contracts financial. . Statements Credit Histories and internal correspondence of employees also included were screen shots of file structures documents purportedly taken during the heist. . So does look like the pattern we're seeing now is because you know major companies that have the deep pockets who also have the pocket depth to now proactively backup their servers well. . So it's possible for the for if if the only thing done was encryption. . A golden opportunity to extract a ransom could be thwarted if the if the good guys have backups at. . So now what's being done is That data pre encryption is being exfiltrated and stored somewhere. . Then the data is encrypted and so we have you know we're we're we're increasingly seeing this two part attack exfiltration that the company desperately does not want to be made public. . In case they have backups in which case, , they would not otherwise need to pay the extortion. . So you know it's not really ransomware as much as it is. . Okay. . We got copies of all your stuff. . Shall we share it with the world? ? PLANO blackmail. .