Tag Archive for: Editor’s

Editor’s Question: The best way to respond to a ransomware attack

/in


We asked three industry experts: Should organizations focus greater attention on putting systems in place that enable quick data recovery rather than pay a ransom in the event of a ransomware attack? Here are their responses:

Mark Lukie, Sales Engineer Manager – APJ, Barracuda

If your organization falls victim to a ransomware attack, the very last thing you should do is pay the cybercriminal’s demands.

Buckling under the threat and making payment, usually in Bitcoin or another cryptocurrency, may seem like the easiest way out of a dark corner, but it does nothing to help stem the rising tide of attacks occurring around the world. It also doesn’t guarantee you’ll actually regain access to your data.

Mark Lukie, Sales Engineer Manager – APJ, Barracuda

A further risk arises when cybercriminals copy sensitive data before they encrypt it. Even if the ransom is paid, they still have the option of selling this data to another party or simply releasing it in the hope of causing reputational damage to the victim.

The recent surge in ransomware attacks has been aided by the large number of people who have been forced to work remotely during the COVID-19 pandemic. No longer protected by perimeter security as they are in the office, they’re more open to threats and attacks.

Ransomware is also proving very lucrative for criminals as a result of surging cryptocurrency prices. The digital currencies are the perfect payment mechanism as they are unregulated and difficult to trace.

Attacks are also increasing in number because of the relative ease with which they can be conducted. It’s even possible to make use of so-called ‘ransomware- As-a-Service’ which removes the need for any technical knowledge at all.

It should also be noted that paying a ransomware demand can also put an organization at a greater risk of further attacks. It is a winning situation for an hacker when they receive payment, so they are likely to target the same organization multiple times. As long as the opportunity for payout remains, the attacks will continue.

Preparation is better than payment

To avoid falling victim to an attack, and ensure systems can be recovered…

Source…

If you haven’t patched Vim or NeoVim text editors, you really, really should

/in
If you haven’t patched Vim or NeoVim text editors, you really, really should

Enlarge (credit: unknown)

A recently patched vulnerability in text editors preinstalled in a variety of Linux distributions allows hackers to take control of computers when users open a malicious text file. The latest version of Apple’s macOS is continuing to use a vulnerable version, although attacks only work when users have changed a default setting that enables a feature called modelines.

Vim and its forked derivative, NeoVim, contained a flaw that resided in modelines. This feature lets users specify window dimensions and other custom options near the start or end of a text file. While modelines restricts the commands available and runs them inside a sandbox that’s cordoned off from the operating system, researcher Armin Razmjou noticed the source command (including the bang on the end) bypassed that protection.

“It reads and executes commands from a given file as if typed manually, running them after the sandbox has been left,” the researcher wrote in a post earlier this month.

Read 5 remaining paragraphs | Comments

Biz & IT – Ars Technica