Tesla

Tesla shares dive below $200 after analyst cites distractions from Elon Musk’s ‘sci-fi projects’

Wedbush cut its price target on Tesla shares to $230 from $275 on Monday, citing “major concerns” about the growth plan of Elon Musk’s electric vehicle company, as well as U.S. demand for the key Model 3. “With a code red situation at Tesla, Musk & Co. are expanding
/
GDPR – One Year On

GDPR – One Year On

May 25 marks the first anniversary since the European Union’s General Data Protection Regulation (GDPR) came into force. After a two-year preparation process, the regulation came into effect a year ago tomorrow, harmonizing data security, data protection, data retention and data usage laws across the
/

Cyber Criminals Caught

It’s that time when we look back on the past year. In 2018, Atlanta was a victim of a cyber attack. It fought back rather than pay ransom and spent millions. The FBI has identified the malevolent actors but they are outside our reach. What lessons do we take from it?

A quick recap: In March the City of Atlanta noticed that many of its IT systems were malfunctioning. On March 22, it admitted that the city was under siege in a ransomware attack. I wrote about it in early April. The cyber criminals demanded $51,000 in Bitcoin to release the affected systems.

Ironically, the website to which the ransom was to be sent was inadvertently published and was soon flooded with traffic from all sorts of users and the public. The criminals panicked and shut the site down. So city officials were effectively trapped into fighting the attack whether they wanted to or not. (Of course, the City Administration has said it was always going to fight and not pay – yeah right!).

An army of consultants descended on the city and slowly things got better although some records were permanently lost. As Wikipedia reports: “Though the city declared that there was little to no evidence that personal data had been compromised, later studies show that the breach was worse than originally estimated. In June 2018, it was estimated that a third of the software programs used by the city remained offline or partially disabled. In addition, many legal documents and police dashcam video files were permanently deleted, though the police department was able to restore access to all its investigation files. For a while, residents were forced to pay their bills and forms by paper.”

The defense proved costly. At first the city stated that it had paid $2.7 Million to correct the problem. By August, news reports were documenting total expenditures of $17 Million – ouch! And what about the perpetrators? In late November a federal grand jury charged two Iranian men for computer hacking and extortion cyberattack that targeted the City of Atlanta and other metro Atlanta governmental departments.

The indictment charged 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri, both acting from inside Iran, of creating a malware known as “SamSam Ransomware” that was able to do the act of “forcibly encrypting data on the computers of victims.” The two men would access the computers of victims through vulnerabilities in security, install their program and then demand a ransom to decrypt the data.

FBI investigators say that Atlanta was just one of the cities targeted by the two men. In all, officials estimate more than 200 victims, including Newark, New Jersey, the Port of San Diego, and multiple medical centers, were targeted. Apparently, they collected about $6 Million overall.

What have we learned? Was it worth it? Should the city just have paid the ransom? Payoff seldom results in a good outcome. A recent survey by SentinelOne shows that almost half the victims, 45%, paid the hackers off but of those only 26% got their files unlocked. And, of those that paid the ransom, 73% got hacked and locked out again – not good.

Will the perpetrators ever see justice? Realistically, probably not – We do not have the warmest of relations with Iran and Savandi and Mansouri are believed to still be in Iran. It’s unlikely they will face justice in a U.S. court unless they travel to a country that permits extradition – Anybody willing to give odds on that happening?

Is this the new normal? Yep! In fact it will probably get worse. A number of studies point to an increasing number of cyber criminals shifting their attention to ransomware. The targets will be bigger and more critical along with the ransom demands because it is easy money. Ransomware works because it depends on users’ negligent security practices. Given that a large percentage of Internet users do not follow best practices – ipso facto!

What do you do? Things look pretty grim but you can clean up your IT security hygiene: implement patches, train to avoid phishing attacks, close open ports, etc. Get serious about cyber. If you are an enterprise or institution consider the new (and better) approach to security called Zero Trust. Here’s to a safe and secure New Year.

By John Pientka

John Pientka

John is currently the principal of Pientka and Associates which specializes in IT and Cloud Computing.

Over the years John has been vice president at CGI Federal, where he lead their cloud computing division. He founded and served as CEO of GigEpath, which provided communication solutions to major corporations. He has also served as president of British Telecom’s outsourcing arm Syncordia, vice president and general manager of a division at Motorola.

John has earned his M.B.A. from Harvard University as well as a bachelor’s degree from the State University in Buffalo, New York.

View Website
Why should SMEs embrace Cloud ERP solutions?

Why should SMEs embrace Cloud ERP solutions?

SMEs & ERP Solutions Remaining competitive in the market is the primary goal of every business. For SMEs, moving to ...
The Current Wave of Smart Home Technology

The Current Wave of Smart Home Technology

The Future of Smart Home Technology Some say the vision of smart homes kicked off with the invention of household ...
Apcela

Direct Connect To Cloud: Solving For Performance, But At What Cost?

Direct Cloud Connect Executives embarking on the journey to becoming a digital enterprise are essentially asking IT to enable the ...
Rainmaking From The Cloud - CIOs Struggle To Keep Pace With IT Demands

Rainmaking From The Cloud – CIOs Struggle To Keep Pace With IT Demands

CIOs Struggle With IT Demands In the digital era, where customers can select virtually anything with a click of a ...