Ansa McAl Hack Attack

[4kin4kar]

If financial companies always looking for new ways to cut costs you think they willing to dash out the huge chunks of money needed for a secure IT system with qualified individuals? Doubt it. They probably was using the bare minimum standards using contracted (not in house) IT experts for more serious matters. It was always a matter of time till these big hacking groups realice that the Caribbean financial companies there for the taking.

if we had data protection laws where they can get sued for tens or hundreds of millions like in the US then im sure they would rather shell out the money to secure their systems and hire professionals.

very true but which government going and put in a law that can cost the 1 per cent, sorry their financiers millions of dollars? NONE

They are the government, only the PNM supporters can't see it. Two words, blood diamond

[elec2020]

^ cause UNC set up so much laws to restrict or hold accountable the 1 per cent. Laws like section 34 right. Just shut up pls

[Hwells]

so will there be a class action lawsuit to sue tatil by its policyholders here?

[elec2020]

^ you need to prove damages. If there are no damages. Then there is no case

[Hwells]

step1, get the story popular on the media.

step2, bribe a employee for evidence of wrong doing,

step3, profit?

le we be real here, we cant prove no damages cause we dont have access to the information of the hacks, and what happened, we only have the 'word' that no personnal data was affected. this sheit could only happen in 3rd world countries.

[elec2020]

i think in civil cases you have to provide the judge with evidence of how this event damaged you in order to gain monetary compensation. For instance did the leak jeopardize your marriage (example life insurance had the outside woman named as the beneficiary), social status (example the life insurance had my HIV status as positive), etc. When that is proven you can sue for those damages. If those are not proven then you have no real recourse. Maybe you can push for the regulator to fine the institution or force them to have more secure databases. But yh they get hacked but the hack did not affect me financially, privately or emotionally as no details have been released as yet. To my knowledge thats how it works. Its just like how you can't sue someone for bad talking you. Unless that person's disruptive contributions led to you losing your job, becoming ostracized, having to go to a psychiatrist or the dissolution of your marriage. In all civil suits its all about what damages the plaintiff occurred because of the defense.

[elec2020]

I found it here "A plaintiff in a civil lawsuit for damages must prove by only apreponderance of the evidence that the defendant committed a tort and that the plaintiff suffered some loss for which she can be compensated."

[Hwells]

' In all civil suits its all about what damages the plaintiff occurred because of the defense."

So the damages that 'may occur' as a result of my information being open in the public or the breaking of trust confidence and confidentiality has no say or recourse for compensation?

[redmanjp]

if the hackers publish the info, can they now be sued?

[maj. tom]

Hackers done sell that data. They don't have to publish anything. Even if the ransom was paid, that's what they do.
It has been sold, mined and will be sold again. Google and Amazon buying it after it has been laundered and washed clean. And the ads and motivation to purchase products will soon be in your minds, subconsciously influencing your daily decisions.

[elec2020]

' In all civil suits its all about what damages the plaintiff occurred because of the defense."

So the damages that 'may occur' as a result of my information being open in the public or the breaking of trust confidence and confidentiality has no say or recourse for compensation?

You have to prove your information is out in the public. We think it is. But we have no evidence it is. That goes the same with breaking of trust/confidence. Ansa Mcal said no personal information was leaked. You have to prove that personal information was leaked to break trust/confidence. In civil cases you have to show how the negligence of the defendant negatively impacted you. So far no one knows what information was stolen from Ansa Mcal so it is very unwise to sue them. For example, you sue for loss of confidence due to your private information being hacked and during the case Ansa Mcal proves that the hackers only got information on the market prices of their fixed assets. Now they can counter sue you for slander/libel because you jump the gun, call them out and slander their good name when they already said that no private/clientele data was leaked. Now instead of you winning a handsome sum from Ansa Mcal you hadda catch your nen nen to pay Ansa Mcal, their lawyers, your own lawyers and maybe the court for wasting their time on a loose case.

[elec2020]

if the hackers publish the info, can they now be sued?

Without a doubt. More than likely it would be a class action lawsuit. But if you can prove personal damages you can do a civil suit on your own and get some good money from them. Keep in mind I am not a lawyer I just like to read up on things in this area.

[Hwells]

so is a wait and see game

[triniangie]

https://twitter.com/ITSimplifie/status/ ... 8621366277

[elec2020]

I seeing some company names and some individuals. Those entities/individuals could sue Ansa Mcal for breach in service. That or Ansa Mcal will try to settle the matter privately/below the table

[maj. tom]

There are a lot more sample pictures (Consolidated Finance, ScotiaBank, Citi, etc.) with personal and financial data stating customers private details. Not going to post that here. Ansa will pay in court. The data wasn't even encrypted at their end!

DO NOT DOWNLOAD THE DATA hosted on mega.nz!!!
You would be complicit of the crime and your equipment can be seized by investigating authorities. Mods can remove this post if it's bad for Trinituner.

[redmanjp]

https://ttcsirt.gov.tt/ransomware-alert-2020/

Increase in ransomware attacks targeting public and private entities in Trinidad and Tobago

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has observed a significant increase in ransomware attacks targeting local organizations. Ransomware is a type of malware that prevents users from accessing their system or files and demands a ransom payment in order to regain access. Threat actors have also threaten to publish or sell the victim’s sensitive data if they refuse to pay however paying the ransom does not guarantee that an organization will regain access to their data.

TT-CSIRT is urging all entities (public and private) to adopt a heighten state of awareness and be guided by the following:

Attack Vectors

Ransomware attacks can be initiated through multiple attack vectors. The most prominent ones that TT-CSIRT has seen used against local entities are:

Exploiting system vulnerabilities (particularly outdated firewall devices and exposed remote desktop protocol)
Phishing emails with infected attachments or links
Compromising user credentials
When ransomware is deployed and installed by the threat actors, it will then seek to encrypt documents and files within the computer and other connected systems on the network. Once the ransomware has completed file encryption, it creates and displays a ransom note containing instructions on how the victim can pay the ransom. Again, payment of the ransom does not guarantee that an organization will regain access to their data.

Countermeasures

Keep systems and applications up-to-date; especially firewall appliances and anti-virus software
Perform regular backups. Store these backups offline (i.e. on a device that cannot be accessed from the network)
Enable strong spam filtering and scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users
Authenticate inbound emails (with SPF, DMARC and DKIM) to prevent email spoofing.
Conduct security awareness training with employees
Implement network segmentation and data categorization to minimize exposure of mission-critical and sensitive data
Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
Use the “application allow” feature to allow only approved applications/programs to run on a network
Securing system administrations tools that attackers could abuse
Disabling third-party or outdated components that could be used as entry points
Disable the loading of macros in your Office programs
Disable Remote Desktop whenever possible and never expose it directly to the internet
Implement multi-factor authentication wherever possible
Block web sites that are known for being malware breeding grounds (illegal download sites, porn sites, etc.)
Develop an incident response plan and a business continuity plan in the event that a ransomware attack takes place
If you become infected, isolate the affected system(s) immediately by removing the infected system from all networks, and disable all potential networking capabilities. Ensure all shared and networked drives are disconnected whether wired or wireless. Infected systems will have to be analyzed by your security team or your security provider to determine whether the encrypted data is recoverable.

Should your institution fall victim to a ransomware attack or any other type of cyber-attack, please contact TT-CSIRT immediately for assistance.

[maj. tom]

Adblockers are an important part of internet security in the workplace.
It easily stops idiots from clicking on dey fadda ass from all over the internet and downloading a set of malware on the system. The first line of defense even above anti-virus software.

[redmanjp]

i'd be worried if this threat was wormable- i.e. spreads automatically through a network WITHOUT user interaction, because then u can infect hundreds of machines, including servers!

anyone know the name of the ransomware?

[pugboy]

that’s exactly what they do
once’s drives accessible on network

i'd be worried if this threat was wormable- i.e. spreads automatically through a network WITHOUT user interaction, because then u can infect hundreds of machines, including servers!

anyone know the name of the ransomware?

[elec2020]

i'd be worried if this threat was wormable- i.e. spreads automatically through a network WITHOUT user interaction, because then u can infect hundreds of machines, including servers!

anyone know the name of the ransomware?

There are different kinds of ransomware. A few years ago a really popular one locked you out of all your documents and if you did not pay a certain amount of bitcoin to this wallet address the ransomware would delete all those locked files. Its difficult to say if Ansa Mcal was hit with a ransomware. The best thing to do is just keep your antivirus up to date and (while inconvenient) don't store any passwords onto your pc (in other words don't tick remember me). Do this especially for your online banking, paypal, etc (basically things of this nature)

[maj. tom]

Unless if you have a master password set.

[Hwells]

I seeing some company names and some individuals. Those entities/individuals could sue Ansa Mcal for breach in service. That or Ansa Mcal will try to settle the matter privately/below the table

Private out of court settlement is a win-win for both sides

[elec2020]

I just got a text message. From Ansa McAL. Stating the following: "Text 19273 to contribute TTD10.00 to #OneyardCaribbean or donate via trnd.ly/OneYardCaribbean". Off course i not responding to said message or even clicking on the hyperlink. But I find it odd that I suddenly got such a message from Ansa Mcal. Is this associated with the hack or is this some new charity drive by Ansa Mcal? Idk if anyone else has gotten this message.

[elec2020]

Also please do not use the hyperlink i included there I don't know where it will take you and if it will take you to a safe website

[redmanjp]

that’s exactly what they do
once’s drives accessible on network

i'd be worried if this threat was wormable- i.e. spreads automatically through a network WITHOUT user interaction, because then u can infect hundreds of machines, including servers!

anyone know the name of the ransomware?

o lord fadda- ah done already have to deal with a biological virus- so me and d IT team might have to deal with a digital one soon if what the TTCSIRT is saying is true.

[pugboy]

at least weekly backups should be done and stored physically detached from the network

[redmanjp]

at least weekly backups should be done and stored physically detached from the network

that's one of the problems we have is not nearly enough space for it even on a server and afaik no offline storage devices

[pugboy]

install a next server to hold the backups
and have it physically detached after each backup or something like that

at least weekly backups should be done and stored physically detached from the network

that's one of the problems we have is not nearly enough space for it even on a server and afaik no offline storage devices

[redmanjp]

install a next server to hold the backups
and have it physically detached after each backup or something like that

at least weekly backups should be done and stored physically detached from the network

that's one of the problems we have is not nearly enough space for it even on a server and afaik no offline storage devices

i'm saying we doh have any server with the space right now