Read on Twitter
I don’t think people appreciate how effectively Darkside has been ramping up operations mostly under the radar for the last year. This was a very big “oops”. They were doing a really good job of decimating businesses, including infrastructure - and everyone has been really quiet.
I mean like read between the lines https://twitter.com/hacks4pancakes/status/1389749096941035523
A lot of firms are going to be out there shilling magic boxes to fix “everything” in the coming weeks, but while the malware and anti-forensics in these cases are often quite sophisticated, we see the same lack of security hygiene and basic defense in depth exploited repeatedly.
Like, lack of basic monitoring or logging capability. No MFA where it counts. Forgetting to check system exposure with assessments or at least Shodan. No IR plan or retainer.
People don’t talk about being ransomed for the same reasons they don’t talk about being the victims of other crimes: they don’t want to look weak or irresponsible, they don’t want to be held liable, they’re ashamed, they’re afraid to lose friends or customers, they want to forget
But it’s happening like, all the time - IR firms can’t hire analysts fast enough. That also means there are a lot of predatory and unqualified IR firms at the top of Google searches right now.
If I could humbly suggest you to do something, it’s assume that your personal PCs, corporate IT, and corporate OT will be ransomed, and be prepared for that inevitability with something better than an insurance policy, which is wildly inadequate. Then do the basics as deterrence.
