Someone explain to me how a major computer hardware company allows itself to fall prey to a ransomware attack in this day and age? The best part about it though that makes me last is the group behind it, REvil, was offering Acer a 20% discount off the $50 million demand had they paid by the 17th. Somehow I feel like this is going to be interesting. I am curious to see if they plan to sell customer information or proprietary information about their hardware and vulnerabilities.
Our company just went through this about 3-4 months ago. In our case we are pretty sure they got in through our HP Indigo Digital Presses. For whatever reason no one thought to make sure the actual presses were covered.
In medium to large size companies, especially in industries where software isn’t the product, there’s unbelievably huge amounts of old (often convoluted, sometimes mismanaged) tech being used by employees with technical aptitude levels that are all over the place.
Between the tangled spaghetti of internal software and employees who don’t necessarily abide by corporate machine usage rules and aren’t up to speed with social engineering tricks, there’s plenty of holes for a crafty group or individual to work their way in.
Even at tech-savvy companies like silicon valley startups have high rates of misuse that make ransomware a possibility. If I had a dime for every time I saw an employee using a company laptop for personal things…
Yea it’s pretty common lately for ransonware attacks as the company I work for got hit. So after they did a few tests with the employees and the failure rate was high.
You know that is a fair point. I know one of the largest hospital systems in the country last year was hit by a ransomware attack and it caused tons of issues. One of my friends who was in the hospital at the time suffered major delays having medicine dispensed to them and procedures done because all of the computers were down and they were having to do everything by chart via paper and dictation, something that hasn’t been done in close to thirty years.
Yeah and pretty much everything is tied into a network these days. My Gallus S430 is tied into it, has a inventory/production PC tied into it, and then there is an defect detection system that is also tied into it. Now multiply it by 6 and you haven’t even touched things like the art department, ink making, plate making, customer service, sales, HR and we are one plant out of 14 that are all tied in.
Heck we even have computers tied into other networks ( spectro color matching ) that isn’t even our own which just makes it worse.
Sheer stupidity… same thing happened to Sony a few years back… a security company offered something like 500K to do an extensive security check… Sony said no, too expensive…
Few months later fate intervened and they were hit by ransomware… But it cost Sony millions… but they didn’t publicly give a specific number.
Companies are stupid. They hide behind their wallet and think things will go away… we got this attitude. IT should ALL be fired. There is ZERO excuse with all the software that is out there to prevent this… but companies do NOT want to pay up $$$ … I wish I was on board of directors… for some of these companies… I can promise you it will NOT happen again…
CEO on down to IT ALL of you can go… NEXT!
It’s insane this still goes on… just utterly stupid.
Yeah because people don’t understand risks… managers that are put in these positions have ZERO reason to be there… they hire personality instead of knowledge… that’s the real problem… they want managers that can deal with people… in IT WE deal with REAL WORLD stuff we need managers that understand things that cost $$$$… you want to make this a better place give us the TOOLS to do our job…
Yeah because a REAL CIO would understand what they need to prevent ransomware.
Zero day Anti-virus not the consumer crap they usually use… and a GOOD email monitoring that prevents ransomware ads…
Believe it or not they are not circumventing security… it’s pretty straight forward…
People are STILL opening emails that have virus in them because they don’t understand how to hit delete or mark as spam… training is part of the issue… but take the problem out of employee hands…
Personal laptops also not a threat… they get email from corporate email way more spam gets sent via than personal email… because of the online sending of data… so I don’t blame employees for using their laptops for personal use… personally I think it’s ok. I mean if it’s properly protected who cares?
I work for a company that makes software and one of them is a hack prevention program users can’t copy sensitive data to a usb drive or send email to themselves… and certain personal sites are blocked… Yeah they can do stuff offline and send later but if companies would USE software that deals with ransomware in the first place NONE of this will happen… EVER.
We sell to banks… our profit margin was through roof last year because banks wanted protection from the software we provide. We also monitor other things… but suffice to say none of our customers ever get hacked… that’s why we can sell software year after year…
Yes it is expensive but what’s the tradeoff… sell your company for 10K to the nearest ransomware hack or pay a million and you are GUARANTEED from being hacked… companies lose so much business when they get hacked it’s crazy… some go under as a result… Acer might recover but I bet they end up laying off half of their staff in the process.
