ION brings clients back online after ransomware attack

phenomlab

In the news is that ION (the financial trading services group hit by a ransomware attack last week) is beginning to bring their systems online again after paying an undisclosed amount to hacking group “lockbit”

https://www.reuters.com/technology/hackers-say-ransom-paid-case-derivatives-data-firm-ion-company-declines-comment-2023-02-03/

https://www.reuters.com/technology/ion-starts-bring-clients-back-online-after-ransomware-attack-source-2023-02-07/

That’s all well and good that they got their data back, but paying a criminal organisation to get access back to your own data? That’s just MADNESS. Did this company never have any data retention or backup policies in place that would allow them to recover these systems? Whoever made this decision? All this does is pave the way for further attacks, and for that organisation to be placed onto a sucker’s list for further extortion attempts.

There is no way on this planet I’d ever pay to get access back to my data - It just wouldn’t happen. This is the entire purpose of decent and tested backups, plus the ability to restore.

I wrote about this previously, and it’s still as important today as it was when I originally posted it
https://sudonix.org/topic/167/how-often-do-you-test-your-backups?_=1685451731338

DownPW

What bullshit of having paid
But its large groups do not have a PRA (disaster recovery plan), outsourced offline backup, etc.

That’s crazy news !

phenomlab

@DownPW Yes, I know. It’s literally insane in my view. Talk about making yourself an easy target for future campaigns.

phenomlab

And for anyone wanting to know more about how “suckers lists” work, this is a good read

https://www.thisismoney.co.uk/money/guides/article-6323857/As-thousands-report-victims-vile-ransomware-computer-attacks-heres-stay-safe.html

crazycells

@phenomlab yeap, it is important not to let them know you have a suspicion about the situation… once you click, you will be targeted more, just like robocalls…

this is what I got 3 days ago:

Hello

I know your password!

I infected you with a malware (RAT)/(Remote Administration Tool), some time ago and since then, I have been observing your actions. The malware gave me full access and control over your system, meaning, I can see everything on your screen, turn on your camera or microphone and you won’t even notice about it, yes such things exist, you can Google it!
I have also access to all your contacts, I collected everything private from you, pictures, videos, everything!

And I MADE A VIDEO SHOWING BOTH YOU (through your webcam) AND THE VIDEO YOU WERE WATCHING (on the screen) WHILE SATISFYING YOURSELF!

I can send this video to all your contacts (email, social network) and publish all your private stuff everywhere!

You can prevent me from doing this!
To stop me, transfer exactly: 900$ with the current bitcoin (BTC) price to my bitcoin address.

If you don’t know how to get bitcoin, Google - “How to buy Bitcoin”, it’s very simple for example with credit card. The wallet you can create here: https://www.blockchain.com

My bitcoin address is: 14fwd64XGE3HgHCknbLVuqWBkL1Lfa1KCw

Copy and paste my address - it’s (CASE-sensitive).

You know this all isn’t a joke, you got the proof above!
I think it’s a very good price compared to the damage and hell it can bring into your life!

After receiving the payment, I will delete everything from you and you can life your live in peace like before. I give you 3 days to get the bitcoins!
Don’t share this email with anyone, this should stay our little secret!

so, to the lame hackers… at least put some specific information about me to fool me, you claim you have everything and you cannot even put my name there and I have a blocker on my camera, so there is no way you captured me let’s say you did, who cares if you do not believe me, go ahead and upload it and you will see no one will care and watch the video… ahahah… and sorry to break it to you… unless you are Jesus Christ, your mom did satisfy herself too… this is quite natural in the world… the reason for our existence

crazycells

this is what I got 3 days ago, but of course, I keep getting this kind of email every week… good that Gmail usually catches them, but Outlook does not do a good job distinguishing bad emails from good emails.

phenomlab

@crazycells usually, these Bitcoin wallets are empty although this one seems to have had recent transactions

https://bitref.com/14fwd64XGE3HgHCknbLVuqWBkL1Lfa1KCw

phenomlab

@crazycells Yes, Outlook is pretty much useless for blocking emails like this - very much like office 365 itself which is why we have to lean on products like Darktrace.

crazycells

@phenomlab wow I did not know we can see this.

Clearly, some people in the world were doing stuff that they felt ashamed of doing.

phenomlab

@crazycells rather they simply paid up because they were freaked out and scared that someone may be watching them.

Fortunately, this specific email has been doing the rounds for some time.

crazycells

@phenomlab I would typically think this will not convince anyone except they are teens (you know, they believe the world revolves around them) but I see $900 there, so clearly some adults are being fooled too…

phenomlab

@crazycells said in ION brings clients back online after ransomware attack:

you know, they believe the world revolves around them

Haha, yes. And they invented s*x.