There’s a piece in The Sunday Times today about the DragonForce ransomware incident at Marks and Spencer which caught my eye. It’s a great piece, e.g. it looks at M&S containing the threat to eradicate it.
For example, the incident started at midnight, went straight to the CEO, and caused meetings every 3 hours all through the night. They made the decision to contain their systems to try to stop the threat actor causing more damage:
“By shutting down parts of the IT estate, Higham’s team had worked to prevent the attack from spreading, but had also stopped parts of its digital operations from functioning. This was considered a worthy trade-off.”
This is smart. There’s a bit more flavour here:
And the piece here:
Inside the M&S meltdown: 3am meetings and £40m a week in losses
There’s one thing in the piece that caught my eye, saying experts say that because the disruption at M&S is continuing, it means they haven’t paid the ransom.
This is wrong.
I’ve been in the trenches dealing with ransomware and destructive attack incidents for over a decade now — in fact, this very blog of mine is the first major documentation of Locky enterprise automated ransomware spreading (“You, your endpoints and the Locky virus” and “The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t near reached peak impact.” — for people who’ve been around for a long time), and I’ve spent that decade calling on both businesses and governments to take this problem seriously. Which is kind of like pissing in the wind, it turns out, as people can’t see a problem until it directly impacts them — see also, climate change.
Paying the ransom is remarkably common. When I covered the Travelex ransomware attack years ago, they quietly paid early on — a fact only uncovered later on by the Wall Street Journal, which received no coverage because everybody had moved on from the story by then. Travelex tried saying the ransomware incident was a “technical issue” at first. It still took them months to recover, and the attack proved so costly they ended up having to restructure their business into Old Travelex and New Travelex.
Travelex aren’t alone. When I covered th
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: