Pri zadnjem primeru kriptiranih podatkov naše stranke smo na koncu dobili še “prijazen” odgovor hekerja z obrazložitvijo kako so vdrli v sistem in z nasveti kako se zaščititi.

Informacije delimo naprej, da bo podobnih incidentov čim manj.

Odgovor hekerja (X zakriti podatki):

How we get inside.

We attack by two ways:
1. Phishing letters with trojan horses
2. Weak RDP passwords

In your case you have a weak AD user password which lead us to succesufull hack.
the weak user was:
XX.XXX.XXX.XX    3389 XXXXX XXXXX empty password

To avoid same attack in future you need:

  • Educate responsible employees
  • Implement monitoring script which will check your domain for bad passwords like Password1 Pa$$w0rd and so on.
  • Stop use RDP unless you really need. Use vpn instead.
  • Block malisious networks like TOR, Russian and china IP addresses. It signifintly reduce hacking attempts. You can do it by implementing free firewall software.
  • Implement offsite backup system.
  • We recommend Tape backups. Its most usefull against us.
  • Of cource tapes cost more than external hard drive but it will guarantee that your company have at least two week o ld backup. Rotation period depending from your company owner. If he can pay for daily tape rotations you will have a fresh daily backup.
  • Create a disaster recovery plan and test him at least once per year.

We attacked more than 5000 companies from smallest to largest. And only 500 from 5000 recovered data from backups. Thats all you need to stay safe nowadays. Thank you for supporting our team. Your donation allow us to feed hundreds hungry kids in our poor country.
So your donation its a kind of charity.
Have a nice day and stay safe.

Anonymous.

Primer bitcoin denarnice

kamor se nakazujejo odkupnine za odklepanje podatkov;
V omenjenem primeru je bilo plačanih 3 btc, kar je 3150 €.

 

Varnostna priporočila – preventiva pred kripto virusi

  1. Uporabljajte močna gesla
  2. Redno spreminjajte gesla
  3. Prenehajte z uporabe RDP, ki je dostopno z vseh IP naslovov
  4. Uporabljajte VPN za varnejši dostop (naprave za zagotavljanje VPN povezav so dostopne že od 50 € naprej)
  5. Blokirajte povezave do Tor omrežja / protokola ter GeoIP filter z blokado ruskih, kitajskih IP naslovov
  6. Redno varnostno kopirajte vaše podatke, po možnosti na napravo NAS ali na drugo lokacijo
  7. Najpomembneje – imejte nameščen Panda Adaptive defense 360, ki kot prva rešitev na svetu uspešno blokira ransomware okužbe.