In the news

Anyone have a good understanding of the Royal Mail ransomware story? https://archive.ph/hjeDC I'm a bit shocked by it. More detail here https://www.itpro.co.uk/security/ransomware/370067/lockbit-releases-negotiation-history-royal-mail-ransom-65-million

husband

They swingers then? Or is she a secret lesbian?

Not that either of those things are bad

.

What’s your question?

Wow - wonder what dirt someone has dug up

She knew all about touchy feely Alex Salmond, and by doing nothing was arguably culpable.

Among people close to the matter it's been a matter of some speculation about when she would resign before it all comes out, so I reckon it's that.

Edit: Realised that sounded serious, it wasn't. I think she's realised it's all downhill from here and has done the sensible thing.

I have a premonition that there will be a strong smell of lavender in the gutter press sooner rather than later

What’s the real dirt? All responses accepted, PM or in thread

was she mentioned in the epstein island list ?

I don't really know! There are so many stories that have swirled for years in Scotland about the first couple, both private and professional.
Her departure seems somewhat in a hurry.

I'm just a bit shocked. Such a lot of money. And it's affected one of of our basic services. And somehow it just seems to be the new normal.

Do you remember WannaCry in 2017? NHS was totally fucked? As were lots of other orgs globally. Here’s a reminder if not: https://www.acronis.com/en-gb/blog/posts/nhs-cyber-attack/

Unfortunately it’s nothing new when we’re talking about high profile targets that are poorly protected/running old systems.

Another high profile attack: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

https://www.bbc.co.uk/programmes/m000xs0h is an interesting listen.

You will never hear about most of them as organisations will often pay and/or keep quiet in other ways.

Where I work we spend quite a lot of time trying to prevent something like that from happening but even so have a plan B for if it does.

What a weird outcome
https://news.sky.com/story/taxpayers-bulb-bailout-cost-plunges-after-octopus-supply-deal-with-government-12812525

Total costs for ransomware run at around half that of BEC* - but nobody admits to that if they’re not legally obliged to/it goes to court somehow/someone leaks it.

Ransomware is also a fantastic way of covering your tracks with the added bonus of maybe making some money.

//* Business Email Compromise, where the attacker poses as someone trusted by the victim/s and gets them to (typically) transfer funds to an account under the attackers control

Particularly when an organisation does not encourage phoning the boss.

As in 'actually we'd quite like our data wiped, thanks' ?

Ransomware is also a fantastic way of covering your tracks with the added bonus of maybe making some money.

Huh? Wipe bad stuff then claim on some sort of ransom ware insurance?

Ransome ware attack at cchq coming up....

If you want to cover your tracks, getting the SOC team to completely wipe all the machines you've been meddling with is an excellent way of doing it.

If they paid you a ransom hoping that you'd unlock their data - well, that's a bonus.

Particularly when an organisation does not encourage phoning the boss.

More sophisticated threat actors will play on this - they run contact centres to provide a boss on the phone on demand.

Blaming the victim for being stupid is rooted in a "Nigerian General" view of the threat landscape - it's moved on.

https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

Relatedly this is an amazing long read. particularly this bit

*After a frantic search that entailed calling hundreds of IT admins in data centers around the world, Maersk’s desperate administrators finally found one lone surviving domain controller in a remote office—in Ghana. At some point before NotPetya struck, a blackout had knocked the Ghanaian machine offline, and the computer remained disconnected from the network. It thus contained the singular known copy of the company’s domain controller data left untouched by the malware—all thanks to a power outage. “There were a lot of joyous whoops in the office when we found it,” a Maersk administrator says.

So the Maidenhead operation arranged for a kind of relay race: One staffer from the Ghana office flew to Nigeria to meet another Maersk employee in the airport to hand off the very precious hard drive. That staffer then boarded the six-and-a-half-hour flight to Heathrow, carrying the keystone of Maersk’s entire recovery process.*

We're tracking numerous Initial Access Brokers (IAB's) these days who compromise a users account (generally but not always starting with some sort of credential phishing attack) then package the account up and sell it to the TA who wants to exploit the organisation.

That does give you a window - if you can detect the compromise then you can lock out the account/s that have been used, and if you've taken steps to arrest lateral movement before you get compromised, segmented your network, identified and removed un-needed privileges etc etc, then your ability to withstand ransomware is significantly increased.

But - anyone who thinks that they've made their organisation ransomware proof is a dangerous fantasist who is actively endangering said organisation.

Sounds like a job for Fatima.

The NCSC is a funny bunch, some very clever people, some amazing data, in some cases not a great deal of actual experience though.

Someone's currently trying to get in to my works system. We've had some pretty sophisticated phishing emails addressed to people that don't have anywhere online saying they work here. One of our partners must have been compromised and not told us.