U.S. agencies warn of Phobos ransomware attacks on government entities and critical infrastructure since May 2019. The attacks exploit vulnerabilities and use advanced techniques for persistence and elevated privileges. Despite the high ransom costs, paying does not prevent new attacks, with 78% of victims being attacked again.

  • @potatopotato
    link
    English
    83 months ago

    Crazy opinion incoming: in the current climate ransomware is just pentesting equivalent of the “free” personal injury attorneys. If the pass the pentest, it’s free. If you fail, it’s crazy expensive. Either way it’s relatively benign security auditing that’s causing companies to be slightly less stupid about how they handle IT.

    It’s not the ideal way of doing this, but it’s strangely having a positive impact and mitigating belligerent states abilities to conduct offensive cyber operations if things were to heat up.

    • KidOPM
      link
      English
      13 months ago

      Makes sense

    • @[email protected]
      link
      fedilink
      13 months ago

      Honestly not what I have seen with some big companies. Even after getting hit with ransomware they just continue working as if it has never happened.

  • Ogmios
    link
    English
    53 months ago

    Maybe connecting literally everything to the Internet is a really fucking stupid idea…

    • @[email protected]
      link
      fedilink
      English
      13 months ago

      air gapping doesn’t really help when basically any interface is an attack vector.

      evil maid attacks still work.