Ransomware back in the news

Page may contain affiliate links. Please see terms for details.
classic33

classic33

Leg End Member
New attack being reported at present. More sophisticated than WannaCry, the last one.

Unknown if it's the same people behind the WannaCry attack.
 
Nigel-YZ1

Nigel-YZ1

Guru
Location
Somewhere else... maybe soon.
I'm amazed how fast it dropped off the BBC news page. Lots of people in the IT community crowing about others not updating, even when all the info wasn't in.
Seems this one can be prevented from running by putting a read only file called 'perfc.' In c:\windows.

So it's time to blame some victims and move on without rethinking email, bitcoin, or how all this can apparently be done with ease.
 
Drago

Drago

Legendary Member
Location
Suburban Poshshire
I see the alarmists are complaining that the HMS Queen Elizabeth is running XP, and is therefore vulnerable to cyber attack. That these computers aren't connected to the web, and don't have disc drives or USB ports etc, seems to have been lost in them.
 
M

Markymark

Guest
Drago said:
I see the alarmists are complaining that the HMS Queen Elizabeth is running XP, and is therefore vulnerable to cyber attack. That these computers aren't connected to the web, and don't have disc drives or USB ports etc, seems to have been lost in them.
Click to expand...
No internet or USB connection is a help but does not prevent attack. US demonstrated that with stuxnet attacking irans nuclear centrifuges by identifying and infecting its suppliers.
 
Tin Pot

Tin Pot

Guru
Drago said:
I see the alarmists are complaining that the HMS Queen Elizabeth is running XP, and is therefore vulnerable to cyber attack. That these computers aren't connected to the web, and don't have disc drives or USB ports etc, seems to have been lost in them.
Click to expand...

Windows for Warships TM, ha ha. That takes me back.
 
Drago

Drago

Legendary Member
Location
Suburban Poshshire
Markymark said:
No internet or USB connection is a help but does not prevent attack. US demonstrated that with stuxnet attacking irans nuclear centrifuges by identifying and infecting its suppliers.
Click to expand...

Except that has not happened. Or if it has, the attempt was unsuccessful. They're on the ship, they're working, they're isolated physically and electronically from the rest of the world.
 
mybike

mybike

Grumblin at Garmin on the Granny Gear
Location
Not 'emel 'empstead
Of course if governmental organisations spend lots of money finding these exploits, keeping them secret so they can use them and then losing control of them, they are at least partially culpable.

Drago said:
Except that has not happened. Or if it has, the attempt was unsuccessful. They're on the ship, they're working, they're isolated physically and electronically from the rest of the world.
Click to expand...

There are ways of attacking air gapped systems. The only safe solution is to build in security.
 
Tin Pot

Tin Pot

Guru
Let's not go into threat vectors? Infosec threat modelling for a warship is going to be pretty boring, imho. Although the suppliers of the systems, BAE, Babcock or Thales could theoretically be compromised and supply compromised systems, the fact they're running one OS or another is actually irrelevant - then there's the checks carried out on the systems before they're used, and the whole detect/prevent/protect/respond/recover stack after that. (Or whatever RMADS calms it).

A wanna cry style infection won't happen to operational systems. Some fools irrelevant laptop, maybe.

Stuxnet was an attack on industrial systems, a *very* different world than warships. And in the peanut end of the world.
 
M

Markymark

Guest
Drago said:
Except that has not happened. Or if it has, the attempt was unsuccessful. They're on the ship, they're working, they're isolated physically and electronically from the rest of the world.
Click to expand...
Correct. But creating an air gap does not mean invulnerable. The ships computers do not work in isolation and there will be updates.
 
Tin Pot

Tin Pot

Guru
mybike said:
There are ways of attacking air gapped systems. The only safe solution is to build in security.
Click to expand...

And other than seeing a boot screen or desktop image, what leads you to believe HMS Queen Elizabeth does not have security built in?
 
Drago

Drago

Legendary Member
Location
Suburban Poshshire
Or that the procedures for introducing updates involve cross checking, testing of the updates in isolation for years (yes, years) on a test set up that replicates the ship system, by vetted personnel who are watched like hawks by other vetted personnel? Never say never as human ingenuity knows no bounds, but its many orders of magnitude more difficult than the armchair experts understand it to be.
 
Tin Pot

Tin Pot

Guru
Nigel-YZ1 said:
I'm amazed how fast it dropped off the BBC news page. Lots of people in the IT community crowing about others not updating, even when all the info wasn't in.
Seems this one can be prevented from running by putting a read only file called 'perfc.' In c:\windows.

So it's time to blame some victims and move on without rethinking email, bitcoin, or how all this can apparently be done with ease.
Click to expand...

Possibly. I wouldn't be confident until the whole thing is unravelled and analysed with confidence. Rumours of trojans also contained within it, for example.

Signatures are out for AV and NIPS, and of course the patch has been around for ages, so if you get hit now your CIO needs to be answering the tough questions.

Some more info:
https://www.symantec.com/connect/blogs/petya-ransomware-outbreak-here-s-what-you-need-know?om_ext_cid=biz_social_NAM_twitter_Asset Type - Blog,Petya
 
mybike

mybike

Grumblin at Garmin on the Granny Gear
Location
Not 'emel 'empstead
Tin Pot said:
And other than seeing a boot screen or desktop image, what leads you to believe HMS Queen Elizabeth does not have security built in?
Click to expand...

No doubt there is, but is it adequate?

Drago said:
Or that the procedures for introducing updates involve cross checking, testing of the updates in isolation for years (yes, years) on a test set up that replicates the ship system, by vetted personnel who are watched like hawks by other vetted personnel? Never say never as human ingenuity knows no bounds, but its many orders of magnitude more difficult than the armchair experts understand it to be.
Click to expand...

For a warship, a lot of work could go into seeking to compromise its systems.
 
Nigel-YZ1

Nigel-YZ1

Guru
Location
Somewhere else... maybe soon.
jefmcg said:
I assume you are equally exercised by the police emphasis on securely locking your bike?
Click to expand...

I lock my bike and am happy I've done something to secure it. I'll question if the lock or chain are still strong enough periodically, and check them for signs of tampering. There seems to be no forward progress in making the lamp post to which I've chained it more resilient to being sawn through.
 
You must log in or register to reply here.

Similar threads

ianrauk
BBC News Quiz 26/04/24
Replies
30
BrumJim
BBC News Quiz 19/04/24
Replies
41
BrumJim
BBC News Quiz 12/04/24
Replies
47
ianrauk
BBC News Quiz 16/02
Replies
51
Top Bottom