Anyone hear about this?
Welcome UCF Fans! › Forums › Misc › Anyone hear about this?
- This topic has 8 replies, 6 voices, and was last updated 4 years, 3 months ago by PhiladelphiaUte.
-
AuthorPosts
-
-
EagleMountainUteParticipant
“All what organizations are paying for in this scenario is a pinky promise from a bad faith actor that the stolen data will be destroyed. Whether the groups do ever destroy data is something only they know, but I suspect they do not. Why would they? They may be able to monetize the information at a later data or use it for spear phishing or identity theft.”
-
dystopiamembraneBlocked
Comedy of errors
-
DuhwayneParticipant
FWIW paying is pretty much what even the “consultants” do.
https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
-
Tony (admin)Keymaster
They paid the criminals not to release the data? SO the criminal has a half a million and can still release the data. Makes sense.
-
EagleMountainUteParticipant
I just saw the exact amount:
$457,059.24
-
-
DuhwayneParticipant
Oddly it’s like random kidnapping schemes. If you kill the victims no one will pay. I’m sure some do both.
-
AlohaUteParticipant
So I’m a cybersec professional with primary focus on Cyber Intelligence – where I track some of these groups. It is a strange move that the U paid the ransom to not release data because others are right that they have to trust the criminals. However, you’d be surprised how business like some of these groups are. What we see researching these more organized groups is they asses business risk like any company does and it is not in their own best interest to release the data to the public because if they do, the word gets out and it makes other victims less inclined to pay to the ransom.
However, I’m also confident that there is no way the hackers actually deleted the data they stole and they can monetize it without releasing it publicly. They do that by using the data for other attacks. Whether to attack individuals directly, develop intelligence on them and track their careers to see if in the future they get a job somewhere they want to target, or send phishing emails and compromising their email and using that person’s email to send phishing emails to others who would be more likely to open an attachment or click a link from someone they know. So the hackers can still make a lot more money while still adhereing to their agreement to not release the data publicly.
-
EagleMountainUteParticipant
I assume the odd amount was Sales tax on internet purchase.
It really is alarming the amount of data people store on people. Giving as little information to the least amount of people is best practice. I almost feel like a data base consolidation at a federal level should take place. Like you can unlock that data to allow access to an inquiring company through various permissions. Obviously the government isn’t immune from attacks.
Word of advice to all: LOCK UP your credit. There is no longer a fee so you can lock those up when you are not using credit.
-
PhiladelphiaUteParticipant
The $457K payable was the University of Utah’s portion of the entire ransom. Their insurance company picked up the other portion.
Plus, they had a coupon.
-
-
-
-
AuthorPosts
- You must be logged in to reply to this topic.