Tuesday, September 20, 2016

Baking in security

There's a long-standing synicism around development not taking security into account and security picking up the pieces. In fact it's lead to memes like this:

Author Unknown

For many this cynicism may be hard to take seriously but in light of recent research below it takes on a different real-world perspective. Security is serious business and has serious real-world implications in safety, identity, finance and other areas. It pays to think through what and how you are doing day-to-day life and business. Invest early and enjoy the rewards of that investment for a long time to come!

Thursday, September 15, 2016

FBI Asking for Ransomware Reports

In an FBI Public Service Announcement published today the Bureau is requesting that vicitims of ransomware report what hit them, the rootcause and even what they paid out in ransom.

NOTE: Please be advised that the FBI is not duty bound to protect your information and you should consider the effects to your company should the FBI choose to make that info public.

From the FBI PSA:

What to Report to Law Enforcement

The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following ransomware infection details (as applicable):
  1. Date of Infection
  2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
  3. Victim Company Information (industry type, business size, etc.)
  4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
  5. Requested Ransom Amount
  6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
  7. Ransom Amount Paid (if any)
  8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
  9. Victim Impact Statement

This is a lot of data considering the massive amount of data already available from the Cyber Threat Alliance's study and subsequent analysis report of CryptoWall v3 less than a year ago and their live dashboard.