Reuters news

EU court says Germany has to notify EU of copyright law targeting Google

BRUSSELS (Reuters) - Google won a victory on Thursday after Europe’s top court said Germany has to notify the European Commission of a rule allowing publishers to demand a copyright fee from the U.S. tech giant for using news snippets. The case underlines the battle
/
IBM News

IBM Expands Cloud Pak for Data with New DataOps Enhancements to Help Clients Get their Data Ready for AI

NEW YORK, Sept. 10, 2019 /PRNewswire/ -- IBM (NYSE: IBM) today announced enhancements to Cloud Pak for Data that leverage the DataOps methodology to help clients get their data 'business-ready' for AI. As corporate data continues to grow in both volume and complexity – often of mixed structures and types and
/
John Pientka

Cyber Criminals Caught! Ah No, More Like Just Identified. Sigh!

Cyber Criminals Caught

It’s that time when we look back on the past year. In 2018, Atlanta was a victim of a cyber attack. It fought back rather than pay ransom and spent millions. The FBI has identified the malevolent actors but they are outside our reach. What lessons do we take from it?

A quick recap: In March the City of Atlanta noticed that many of its IT systems were malfunctioning. On March 22, it admitted that the city was under siege in a ransomware attack. I wrote about it in early April. The cyber criminals demanded $51,000 in Bitcoin to release the affected systems.

Ironically, the website to which the ransom was to be sent was inadvertently published and was soon flooded with traffic from all sorts of users and the public. The criminals panicked and shut the site down. So city officials were effectively trapped into fighting the attack whether they wanted to or not. (Of course, the City Administration has said it was always going to fight and not pay – yeah right!).

An army of consultants descended on the city and slowly things got better although some records were permanently lost. As Wikipedia reports: “Though the city declared that there was little to no evidence that personal data had been compromised, later studies show that the breach was worse than originally estimated. In June 2018, it was estimated that a third of the software programs used by the city remained offline or partially disabled. In addition, many legal documents and police dashcam video files were permanently deleted, though the police department was able to restore access to all its investigation files. For a while, residents were forced to pay their bills and forms by paper.”

The defense proved costly. At first the city stated that it had paid $2.7 Million to correct the problem. By August, news reports were documenting total expenditures of $17 Million – ouch! And what about the perpetrators? In late November a federal grand jury charged two Iranian men for computer hacking and extortion cyberattack that targeted the City of Atlanta and other metro Atlanta governmental departments.

The indictment charged 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri, both acting from inside Iran, of creating a malware known as “SamSam Ransomware” that was able to do the act of “forcibly encrypting data on the computers of victims.” The two men would access the computers of victims through vulnerabilities in security, install their program and then demand a ransom to decrypt the data.

FBI investigators say that Atlanta was just one of the cities targeted by the two men. In all, officials estimate more than 200 victims, including Newark, New Jersey, the Port of San Diego, and multiple medical centers, were targeted. Apparently, they collected about $6 Million overall.

What have we learned? Was it worth it? Should the city just have paid the ransom? Payoff seldom results in a good outcome. A recent survey by SentinelOne shows that almost half the victims, 45%, paid the hackers off but of those only 26% got their files unlocked. And, of those that paid the ransom, 73% got hacked and locked out again – not good.

Will the perpetrators ever see justice? Realistically, probably not – We do not have the warmest of relations with Iran and Savandi and Mansouri are believed to still be in Iran. It’s unlikely they will face justice in a U.S. court unless they travel to a country that permits extradition – Anybody willing to give odds on that happening?

Is this the new normal? Yep! In fact it will probably get worse. A number of studies point to an increasing number of cyber criminals shifting their attention to ransomware. The targets will be bigger and more critical along with the ransom demands because it is easy money. Ransomware works because it depends on users’ negligent security practices. Given that a large percentage of Internet users do not follow best practices – ipso facto!

What do you do? Things look pretty grim but you can clean up your IT security hygiene: implement patches, train to avoid phishing attacks, close open ports, etc. Get serious about cyber. If you are an enterprise or institution consider the new (and better) approach to security called Zero Trust. Here’s to a safe and secure New Year.

By John Pientka

  • Articles
John Pientka Contributor
Principal of Pientka and Associates
John is currently the principal of Pientka and Associates which specializes in IT and Cloud Computing. Over the years John has been vice president at CGI Federal, where he lead their cloud computing division. He founded and served as CEO of GigEpath, which provided communication solutions to major corporations. He has also served as president of British Telecom’s outsourcing arm Syncordia, vice president and general manager of a division at Motorola. John has earned his M.B.A. from Harvard University as well as a bachelor’s degree from the State University in Buffalo, New York.
CA Technologies

CLOUD PARTNERS | SPONSOR SERVICES

Sean Peterson

Cloud’s Mighty Role – Why Custom Development is the Next Big Thing (Again)

Custom Development is the Next Big Thing Today, software is playing a very important role in performing basic business processes and serving customers. Leading software ...
The Cloudification of Healthcare: Benefits and Risks

The Cloudification of Healthcare: Benefits and Risks

Cloud Healthcare: Benefits and Risks Many organizations are moving most of their business-critical applications and workloads to the cloud. The healthcare industry is no exception ...
As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use cases and applications. Hence, it’s ...
How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove ...
Reuters news

EU court says Germany has to notify EU of copyright law targeting Google

/
BRUSSELS (Reuters) - Google won a victory on Thursday after Europe’s top court said Germany has to notify the European Commission of a rule allowing publishers to demand a copyright ...
Scale your Windows Azure application

Satellite connectivity expands reach of Azure ExpressRoute across the globe

/
Staying connected to access and ingest data in today's highly distributed application environments is paramount for any enterprise. Many businesses need to operate in and across highly unpredictable and challenging ...
Intel Technology Propels Olympic Games Tokyo 2020 into the Future

Intel Technology Propels Olympic Games Tokyo 2020 into the Future

/
TOKYO, Sept. 11, 2019 — Today, Intel announced that it is partnering with the International Olympic Committee (IOC), the Tokyo Organizing Committee of the Olympic Games (Tokyo 2020) and a ...

TRENDING | TECH NEWS