I remember Steve Gibson saying some years back that the only reason USA doesn't (cyber-)'attack' Russia's train infra is the inability to 'hide the traces' of the attack, and it would be 'easily' attributed/mapped back to the USA causing (political) issues. Well, Ukraine doesn't have 'that' challenge.
On the other hand (and I'm not defending a drone company), anyone that has a business should know by now that ransomware (with our without deletion) is a real thing, and it's not an 'if' question, it's a 'when' question.
I have never worked with/for a Russian company, so it would be interesting to hear/read from someone who has, how 'well organized' are they? GRC-wise. Assuming that someone would run the COBIT framework on them (Russian companies), would the 'average' be 'ok' or it's a big mess (kinda like working for an EU company in early 00's)?
> I remember Steve Gibson saying some years back that the only reason USA doesn't (cyber-)'attack' Russia's train infra is the inability to 'hide the traces' of the attack
This is not a real reason. This explanation hides the real reason: Russia is a valuable geopolitical partner for USA. Regarless who are in power in USA - all presidents tried to make deals/contacts with Russia.
There is no value for USA in getting Russia loose this war, have internal instability or split in 20-ish national states.
USA wins more from russia being as it is today with all it blood, suffering and hundreds of thousands of deaths caused by the regime thrive for survival.
Actually USA are afraid to push too much to cause internal issues in Russia. And russian ruling class knows that.
I guess another reason is that there isn't too much IT infrastructure that Russian trains depend on.
There are ticket sales systems for people being transported, but much is freight trains, and if there was an easy way to disrupt that, you can be sure that Ukraine would've done it by now, because the Russian military heavily depends on rail-based supplies.
I did work for a Russian financial multinational just before COVID-19, as a native Russian speaker, and it was a free-for-all mess interally. The IT side had a load-bearing, old-school sysadmin type with a personality for heroics.
On the other hand (and I'm not defending a drone company), anyone that has a business should know by now that ransomware (with our without deletion) is a real thing, and it's not an 'if' question, it's a 'when' question.
I have never worked with/for a Russian company, so it would be interesting to hear/read from someone who has, how 'well organized' are they? GRC-wise. Assuming that someone would run the COBIT framework on them (Russian companies), would the 'average' be 'ok' or it's a big mess (kinda like working for an EU company in early 00's)?