So... Now the attackers have more funds to launch more attacks and they also know Panera has insufficient disaster recovery plans/backups. Good job negotiating with terrorists!
this post was submitted on 18 Jun 2024
62 points (100.0% liked)
Data Breaches
1041 readers
80 users here now
Information about data breaches, data leaks, ransomware attacks, and other related stories.
Companion communities
- [email protected] - centered on the cybersecurity and information security profession.
founded 1 year ago
MODERATORS
That's not how it works. I'm in this industry directly and do Incident Response every day.
Paying the ransom only happens after an IR team comes in and remediatess, hardens, and attempts all other methods for getting the client out of the situation.
If Panera was found criminally negligent, i.e. bad practices and not an exploit, there may be a case held or the insurance carrier forces Panera to pay the ransom and the recovery bill.
What you're right about is that the TA gets money. However, every time they get paid, FBI and other agencies get another piece of the puzzle to take the TA down. It's happened a couple times this year.
You're not speaking from a place of experience.
I mean, there are also cases where the same company has been ransomed by multiple different TAs after paying ransoms, so it doesn't always go down the way you described either.
(also in the industry. not sure coming at this from the angle "I'm in the industry, your opinion is invalid" was the best choice.)
I actually dealt with that a couple of times. The last one had two TAs, Blacksuit and a second TA who gained access in tandem without coordination. They both executed their encryptions on the network and it spread. Some had the BH extension and some files had the other. Invariably, both sets of files were double encrypted, but it varied on which was the prominent extension.
I'm in this industry directly and do Incident Response every day.
I'm not claiming to speak from experience or expertise. But let's be honest, these incidents pay your salary, so you're not exactly unbiased either. In fact, one could even make the argument that you have an incentive for these attacks to never fully stop (I'm not saying that).
I understand that they may be forced to pay by government or insurance, and that it may be the cheapest option. But straight up: if no one paid these ransoms and had better mitigation strategies, they wouldn't continue to do them.
These incidents require remediation. I am here to stop and thwart these things. I am not here just because I set out to profit on bad behavior.
I can't tell you how many times I want to throttle my clients for poor practices or bad choices. That being said, I am doing this because it's necessary to improve overall practices across the industry.
And you're right, if nobody paid the ransom, it would stop... maybe. But on the same note, if nobody was a greedy asshole, there wouldn't be attacks. If nobody had bad practices, there wouldn't be vectors... If, if, if.
The fact is, all of this is a thing and I do this for a living not because I set out to, but because my skillset and experiences in this industry have caused me to be very good at extracting users from these scenarios.
Cheaper than hiring proper staff to do the job.
See my above comment. And you're wrong. Remediation costs millions.
There is another way to read that comment ;)
Will "leadership" be held accountable for this fuck up?
Asking for a friend
Sometimes, yeah. If leadership actively chooses to not pay for funding of security and the sysadmins have documentation proving this. I've seen a bunch of different complications.
I heard about a case for a company owned by the billionaire whose name rhymes with Bark Stoobin. Those fuckers should absolutely be prosecuted...