> Sometime in early May 2024, ARRL’s systems network was compromised by threat actors (TAs) using information they had purchased on the dark web. The TAs accessed headquarters on-site systems and most cloud-based systems
So someone was using the same password for the work and personal stuff and no one has ever bothered prioritizing 2FA got it.
Their insurance covered ransom. Why on the earth does insurance cover ransom? Doesn't it encourage such attacks? Ideally paying ransom should be illegal as it just funds further attacks.
Would it stop ransomware attacks, or is it another one of those situations where the cost of launching an attack is so low that you only need an insignificant number of desperate victims to pay in order to profit?
I am also left to wonder if paying helps the investigation.
I'm sure it would reduce ransomware attacks by an order of magnitude. These are not simple attacks and the cost to launch them isn't that low. It requires large effort from groups of smart people to penetrate these corporate networks and it's time-consuming for attackers. The opportunity cost for these smart people is high, most of them can get a high paying job. The reason these attacks persist is because it's so lucrative. These's definitely a break even point for attackers. If 80% of ransom payments are stopped the attacks will stop because it will no longer be profitable for attackers.
Why wouldn’t an insurance company want to keep 20% of premiums covering ransom payments ?
They stand to loose future premiums if paying ransoms is NOT broadly seen as a viable option.
Sure, in the short term, they hate customers that make a lot of claims. But those claims, in aggregate, are the fuel for their 20% skimming…
If nobody paid ransom, why would they want insurance coverage? And if no insurance covered it, they wouldn’t be able to skim off the corresponding premiums…
You are touching on my thoughts exactly. It seems everyone would come out better if the insurance company just paid for them to rebuild. I suspect that'd come out cheaper and it would maybe deter the attacks by making them worth less..
Insurance companies will see if it was a novel targeted hack that really couldn’t have been stopped vs laziness and poor security hygiene in which case they will cover less.
That's also my question. In general, can someone explain why offsite, offline, multi-timescale backups don't help in these cases?
Yes I get that insurance paid the extortion, but besides just capitulating, why doesn't restoring from backup work, assuming you can spot the vulnerability that caused the ransomware attack?
amateur radio lives in a different IT world. A significant amount of popular software is shared as archived source files with ambiguous licensing, hosted on personal homepages, and served via unencrypted HTTP.
probably some kids in a basement. most security admins I've met are total frauds. sophisticated for $1m? no
they're just trying to keep their jobs after being revealed as totally incompetent.
Also, paying ransomware demands should have civil and criminal penalties because all it does is cause more of it. Ransomware insurance should also be illegal.
So someone was using the same password for the work and personal stuff and no one has ever bothered prioritizing 2FA got it.