SaysWho? Posted June 7, 2021 Share Posted June 7, 2021 U.S. recovers millions from pipeline ransom because of hackers' mistake WWW.NBCNEWS.COM A Russian ransomware gang hacked into Colonial in April as part of a monthslong crime spree, leading the company to shut down operations. Quote The announcement details a rare disruption of the cryptocurrency payment systems favored by hackers, that have enabled ransomware efforts around the world. The FBI was able to seize control of DarkSide's proceeds by gaining access to a central bitcoin account holding about 63.7 bitcoin, worth around $2.3 million, FBI Deputy Director Paul Abbate said. The court document said the FBI was able to access the "private key," or password, for one of the gang's bitcoin wallets. It was unclear how that key was compromised. DarkSide hacked into Colonial in April as part of a monthslong crime spree, leading the company to shut down operations. The group demanded a $4.4 million ransom, which the company quickly paid. Quote Link to comment Share on other sites More sharing options...
CitizenVectron Posted June 7, 2021 Share Posted June 7, 2021 They'll just do it again. There is no end to the clueless HR middle-people in large corporations who will click on every single link sent to them on the promise of free gift cards, even if the email has giant red headers saying "THIS ADDRESS IS EXTERNAL TO THE ORGANIZATION" and the sender is AnatolyHRSupervisor87@mail.ru. 1 Quote Link to comment Share on other sites More sharing options...
Anathema- Posted June 7, 2021 Share Posted June 7, 2021 1 minute ago, CitizenVectron said: They'll just do it again. There is no end to the clueless HR middle-men in large corporations who will click on every single link sent to them, even if the email has giant red headers saying "THIS ADDRESS IS EXTERNAL TO THE ORGANIZATION" and the sender is AnatolyHRSupervisor87@mail.ru. That's why the future is CRM, not raw email. Quote Link to comment Share on other sites More sharing options...
b_m_b_m_b_m Posted June 7, 2021 Share Posted June 7, 2021 1 hour ago, CitizenVectron said: They'll just do it again. There is no end to the clueless HR middle-people in large corporations who will click on every single link sent to them on the promise of free gift cards, even if the email has giant red headers saying "THIS ADDRESS IS EXTERNAL TO THE ORGANIZATION" and the sender is AnatolyHRSupervisor87@mail.ru. My very large company has a two strikes and you're fired policy for clicking on malware links, or clicking on the phishing test emails. Tough, but fair. Quote Link to comment Share on other sites More sharing options...
Anathema- Posted June 8, 2021 Share Posted June 8, 2021 My agency sends phishing tests out to our users and even though it's just a test the security operations center makes them get their computer wiped. Quote Link to comment Share on other sites More sharing options...
Spawn_of_Apathy Posted June 8, 2021 Share Posted June 8, 2021 Last job I worked at I noticed a “report email to IT” in Outlook. I saw an email come in supposedly from UPS that said my package had been delayed and provided a hyperlink for more details. Not having ordered anything through work and nothing that would have shipped via UPS and needed to notify my work email I clicked the “report email to IT” button IT sent me a thank you email letting me know I “passed”. Apparently it was a company wide test they sent out to see who has good security practices with their email. Nearly everyone in the company failed. The next day an email from IT Security went out company wide educating and reminding everyone some of the signs of phishing and scam emails that could cause a security breach. Quote Link to comment Share on other sites More sharing options...
CitizenVectron Posted June 8, 2021 Share Posted June 8, 2021 1 hour ago, Spawn_of_Apathy said: Last job I worked at I noticed a “report email to IT” in Outlook. I saw an email come in supposedly from UPS that said my package had been delayed and provided a hyperlink for more details. Not having ordered anything through work and nothing that would have shipped via UPS and needed to notify my work email I clicked the “report email to IT” button IT sent me a thank you email letting me know I “passed”. Apparently it was a company wide test they sent out to see who has good security practices with their email. Nearly everyone in the company failed. The next day an email from IT Security went out company wide educating and reminding everyone some of the signs of phishing and scam emails that could cause a security breach. We want to do a test like this, but our senior admin isn't keen on the idea. Probably because 80% of the teachers and staff will click the link. Quote Link to comment Share on other sites More sharing options...
b_m_b_m_b_m Posted June 8, 2021 Share Posted June 8, 2021 1 minute ago, CitizenVectron said: We want to do a test like this, but our senior admin isn't keen on the idea. Probably because 80% of the teachers and staff will click the link. Gotta do training beforehand, to tell people what to look for. I know teachers interact with parents and others from outside the school network all the time, so it is worth doing (and having a message saying that this email is not from within the network won't work for this reason) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.