Moderator: 3ne2nr Mods
HACK ATTACK
SHUT DOWN: Online hackers have brought operations at Tatil Life Insurance, whose head office is on Maraval Road, to a screeching halt. - SUREASH CHOLAI
THE CARIBBEAN’S biggest conglomerate, Ansa McAl, is the victim of ransomware hackers holding some of the company’s IT systems hostage.
Newsday understands that work at Tatil, the country’s biggest insurer, has been effectively stalled for about two weeks as the IT department works to find and expel the ransomware from the company’s servers. If not, the company may have to pay the hackers’ ransom in order to free its data. In a statement late Tuesday evening, Ansa McAl said businesses were once again operational following a “security incident.”
It is unclear exactly what data and systems were compromised, but Newsday was told whatever was attacked is “very important (mission-critical) data that is crucial to Ansa’s operations.” Clients’ personal data was not compromised, Newsday was told.
In a tweet last Thursday, American cybersecurity specialist and ransomware recovery and prevention expert Eric Taylor (@ITSimplife) first noted the Ansa McAl attack. REvil, a criminal cybergang, has claimed responsibility.
The group says it has “numerous financial documentation, agreements, invoices, reports.” A screenshot of the hacked haul reveals a count of 17,000 documents. The group threatened, in the post that confirmed the hack, to release the confidential documents to a public server.
Newsday spoke with multiple sources in the Ansa McAl group, including Tatil, and was told that Japanese tech giant Hitachi has been retained to help with restoring the system.
Hitachi is scanning the system, Newsday was told, and staff have been advised not to do anything on the system until Hitachi gives the all-clear. Staff have been telling customers coming in with queries about claims that their server is down. Staff are unable to access any applications linked to the server and have been restricted basically to checking e-mail. “We are only now beginning to realise how serious it is,” said one person who did not work in the IT department.
BARBADOS ORIGINS
The attack apparently began at Ansa’s operations in Barbados, specifically, the automotive sector. Berger Barbados was also affected. Newsday was told a ransom was paid in some of the Barbados instances, but was not told how much.
In a release on Saturday, Ansa McAl Barbados said it can confirm that some of its IT systems in Barbados “were down due to a security incident.
“As a precautionary measure, some of our services to customers and clients are unavailable. As we carefully work through the restoration process, we are taking prudent and measured steps to ensure the integrity of our systems. Our teams continue to work on this incident and towards returning services to our clients as our highest priority,” the statement said.
Newsday contacted Ansa McAl’s group corporate communications office in Trinidad for a response specifically to the local incident. In a statement e-mailed Tuesday evening, the company acknowledged there was a “security incident” relating to its IT systems.
“We would like to inform that some of our companies’ IT systems in Barbados were recently affected by a security incident. This issue also impacted Tatil and Tatil Life in Trinidad. Since then, our local IT teams, with the support of international resources have taken prudent and measured steps to ensure the integrity of our systems.
“Although there has been some moderate disruption in service, customers continue to be served at Tatil’s head office (in Port of Spain) and all branch locations. We expect the situation to be normalised over the next few days. We take the security of our IT systems extremely seriously and regret any inconvenience to our stakeholders.”
COPS: THREAT NOT SERIOUS
Newsday also spoke with police sources to find out if the cyberattack had been reported to the Cybercrime Unit. One police contact in the Fraud Squad said when he asked about it, he was told a report had been made, but it was not considered “serious.”
“(Senior police) said they heard something along those lines of a cyberattack, but Cybercrime and Special Branch were handling it. They don’t know if it was a true threat, meaning that sometimes (if) a questionable software or occurrence happens in (a financial institution), (the institution) informs the police. A lot of the times, it doesn’t turn out to be a credible threat, it’s just something strange and it’s dealt with.”
The police officer said in terms of its being a cyberattack, he also didn’t think it was serious, because those are usually forwarded to his unit (Fraud Squad), but this one wasn’t.
“If there was an attack, it must have been very minimal, and more so the fact that we didn’t hear about it means it wasn’t anything substantial.”
RANSOMWARE
Ransomware, according to cybersecurity software company McAfee, is a type of malware (malicious software) that uses encryption to hold an individual or organisation’s information at ransom.
Critical data is encrypted so the victim cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers, and can thus quickly paralyse an entire organisation, McAfee said.
It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organisations.
Ransomware can be spread though phishing (scammer) e-mails and social media networks, including instant message applications, which can contain malicious attachments that infiltrate computer systems when they are downloaded and installed without the user being any wiser. It is difficult to purge. Systems, in most cases, may need to be wiped and rebuilt and data restored from a known, clean copy. REvil, also called Sodinokibi, the ransomware group, has been operating since June 2020.
– With reporting by Shane Superville and Mark Lyndersay
https://newsday.co.tt/2020/10/21/hack-attack-2/
ANSA McAl reports Barbados “Security Incident”
In a press release issued on October 17, Rachel Pilgrim, Group Marketing Manager Barbados reported that some of the companies’ IT systems on that island were compromised.
ANSA McAl Trinidad and Tobago declined to answer questions about the nature of the cybersecurity incident or whether any TT companies or services had been affected.
The press release said…
We can confirm that some of our companies’ IT systems in Barbados are down due to a security incident.
As a precautionary measure, some of our services to customers and clients are unavailable.
As we carefully work through the restoration process, we are taking prudent and measured steps to ensure the integrity of our systems. Our teams continue to work on this incident and towards returning services to our clients as our highest priority.
Rest assured we have and will continue to keep our customers informed and appraised on this situation. We take the security of our IT systems extremely seriously and regret any inconvenience.
The company stated that any further information on the matter would be communicated via official press release.
UPDATED: October 20, 2020, with additional information and specifics on the hack.
In a press release dated October 20, 2020, ANSA McAl acknowledged that the “security incident” had impacted the operations of TATIL and TATIL Life, the company’s insurance companies.
maj. tom wrote:I assume a big company like this does daily backups, either to a secure cloud service or to tapes.
The security solution is to never give in to ransomware, wipe the system, implement better security and restore the backups. If they pay, they will pay more and more which never ends, and then if they get back the system it will still be infected.
*Keep operating systems, software, and applications current and up to date.
*Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
*Back up data regularly and double-check that those backups were completed.
*Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
*Create a continuity plan in case your business or organization is the victim of a ransomware attack.
The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
As ransomware attacks continue to cripple networks, most recently forcing medical centres to shut down their systems and turn away patients, the FBI has issued some unambiguous advice for organisations on how they should handle ransom demands:
Don’t pay.
The FBI does not advocate paying a ransom, in part because it does not guarantee an organization will regain access to its data. In some cases, victims who paid a ransom were never provided with decryption keys. In addition, due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key.
In other words, the FBI says that paying up is no guarantee that hackers will unlock the encrypted data on your computer.
And that’s true. There is no guarantee. And you would have to be in a pretty desperate position to place your trust in anonymous cybercriminals who have already proven themselves to have no qualms about breaking the law and exploiting a situation for their financial advantage.
But then, companies and organisations who find themselves in the middle of a hard-hitting ransomware infection are often desperate. This can especially be true if firms did not have a secure backup system in place from which they can restore their precious data or if they determine that recovering from a backup might take a lot longer (and cost them more money) than paying their extortionist.
However, as the FBI points out, there are other major reasons why they advise against paying ransomware demands: you are encouraging criminals to launch more attacks.
https://www.tripwire.com/state-of-security/featured/fbi-dont-pay-ransomware/
I recently saw guardian life offering cybersecurity insurance. Didnt even know that was offered locally16 cycles wrote:do they offer insurance for events like this?
16 cycles wrote:do they offer insurance for events like this?
shake d livin wake d dead wrote:They had an opportunity to hire people to prevent such actions. They did not want to pay. I know this because my bro was up for grabs in the cyber sec field
16 cycles wrote:do they offer insurance for events like this?
elec2020 wrote:If financial companies always looking for new ways to cut costs you think they willing to dash out the huge chunks of money needed for a secure IT system with qualified individuals? Doubt it. They probably was using the bare minimum standards using contracted (not in house) IT experts for more serious matters. It was always a matter of time till these big hacking groups realice that the Caribbean financial companies there for the taking.
elec2020 wrote:shake d livin wake d dead wrote:They had an opportunity to hire people to prevent such actions. They did not want to pay. I know this because my bro was up for grabs in the cyber sec field
No surprise. Anyone working in the financial sector can tell you that all management care about is profits, keeping costs down and working there staff to the bone. Horrible industry. But high job stability (as when your financial companies closing down thats when u know your country not coming back anytime soon)
Dais cause that bank have reslllll bobol customers. Cant risk a leak or their customers might 'retaliate'.shake d livin wake d dead wrote:elec2020 wrote:shake d livin wake d dead wrote:They had an opportunity to hire people to prevent such actions. They did not want to pay. I know this because my bro was up for grabs in the cyber sec field
No surprise. Anyone working in the financial sector can tell you that all management care about is profits, keeping costs down and working there staff to the bone. Horrible industry. But high job stability (as when your financial companies closing down thats when u know your country not coming back anytime soon)
Yuh see what happen with tatil? My bro providing his services for deutsche bank and them people real serious when it comes to their investors. From his estimation, this is what could have taken place with tatil " an oracle port was not secured so it was easy picking, the attack which was used is already known to many, all apps etc are to be checked and closed off to prevent it from happening again, something a basic IT team could do"
redmanjp wrote:elec2020 wrote:If financial companies always looking for new ways to cut costs you think they willing to dash out the huge chunks of money needed for a secure IT system with qualified individuals? Doubt it. They probably was using the bare minimum standards using contracted (not in house) IT experts for more serious matters. It was always a matter of time till these big hacking groups realice that the Caribbean financial companies there for the taking.
if we had data protection laws where they can get sued for tens or hundreds of millions like in the US then im sure they would rather shell out the money to secure their systems and hire professionals.
shake d livin wake d dead wrote:elec2020 wrote:shake d livin wake d dead wrote:They had an opportunity to hire people to prevent such actions. They did not want to pay. I know this because my bro was up for grabs in the cyber sec field
No surprise. Anyone working in the financial sector can tell you that all management care about is profits, keeping costs down and working there staff to the bone. Horrible industry. But high job stability (as when your financial companies closing down thats when u know your country not coming back anytime soon)
Yuh see what happen with tatil? My bro providing his services for deutsche bank and them people real serious when it comes to their investors. From his estimation, this is what could have taken place with tatil " an oracle port was not secured so it was easy picking, the attack which was used is already known to many, all apps etc are to be checked and closed off to prevent it from happening again, something a basic IT team could do"
maj. tom wrote:I assume a big company like this does daily backups, either to a secure cloud service or to tapes.
The security solution is to never give in to ransomware, wipe the system, implement better security and restore the backups. If they pay, they will pay more and more which never ends, and then if they get back the system it will still be infected.
shake d livin wake d dead wrote:They had an opportunity to hire people to prevent such actions. They did not want to pay. I know this because my bro was up for grabs in the cyber sec field
agent007 wrote:Maybe I should follow up on that CheckPoint quotation, thanks for the reminder.
elec2020 wrote:shake d livin wake d dead wrote:elec2020 wrote:shake d livin wake d dead wrote:They had an opportunity to hire people to prevent such actions. They did not want to pay. I know this because my bro was up for grabs in the cyber sec field
No surprise. Anyone working in the financial sector can tell you that all management care about is profits, keeping costs down and working there staff to the bone. Horrible industry. But high job stability (as when your financial companies closing down thats when u know your country not coming back anytime soon)
Yuh see what happen with tatil? My bro providing his services for deutsche bank and them people real serious when it comes to their investors. From his estimation, this is what could have taken place with tatil " an oracle port was not secured so it was easy picking, the attack which was used is already known to many, all apps etc are to be checked and closed off to prevent it from happening again, something a basic IT team could do"
Deutsche Bank? He inside. I hope he will not be impacted by their on-going job cuts. Even so, that is real good experience to put on a CV. I'm not an IT expert but having worked in the financial sector for almost 10 years almost all the organizations i have been in lax when it comes with IT security. It will come to bite them. Hackers will take note of the Tatil hack and realize the Caribbean is easy food (again i am no IT expert but from what you said that sounds like a very easy hack). Its all again because management to busy cutting costs in favor of profits. Which serious IT security specialist going to work in a company for under 10k? But that is what these managers want. So take your hacks.
Return to “Ole talk and more Ole talk”
Users browsing this forum: Dizzy28 and 279 guests