Companies infected with ransomware

Sicard

Several food companies and department stores have had their systems hacked by a collection of several black hackers called Scattered Spider completely disrupting their businesses.

I'm no IT tech but on my pc I do regular coned back-ups. Can't these companies do the same?

caprikid1

If I can hack your PC chances are I can get to your backups and delete / encrypt them.

ButterCheese

Sicard said:

Several food companies and department stores have had their systems hacked by a collection of several black hackers called Scattered Spider completely disrupting their businesses.

I'm no IT tech but on my pc I do regular coned back-ups. Can't these companies do the same?

I suspect that these companies have up to date spyware/malware/ransomware protection but the hackers are always one step ahead.  Unless it is proven that they were neglegent (i.e. they didn't update their systems regularly) I suppose there's not much they can do.  They will also presumably have in-house IT experts who write in-house protection protocols; they are not just using off-the-shelf Antivirus.

RumRat

Now they are attacking national food supplies they should be considered terrorists and as such hounded out of existence and handed long custodial sentences.

Vitor

- Can't these companies do the same? - 

First they need to make sure that the hackers don't have continued access to their systems from covert software they installed, then every machine needs to be rebuilt from the bare hardware to ensure the operating systems etc. are clean of malware, then the business apps can be re-installed and the last known good data restored to databases etc. All staff and supplier passwords will be changed, in fact they'll probably use this as an opportunity to install better security controls.

tacpot12

You would hope that large organisations were backing up their data very regularly, e.g. every few minutes or so, or in real-time. Well designed backup systems only allow well-defined business data to flow to them, not executable code, so that ransomware can't infect the backups.

Backing up executable code from servers and PCs needs a different approach because the ransomware can be indistinguishable from valid code. There are a range of techniques that can be adopted to protect the executable codebase on machines. 

Ergates

Sicard said:

Several food companies and department stores have had their systems hacked by a collection of several black hackers called Scattered Spider completely disrupting their businesses.

I'm no IT tech but on my pc I do regular coned back-ups. Can't these companies do the same?

The IT systems of these companies will be many orders of magnitude more complex than your home PC, so that's not really a meaningful comparison.

Or to put it into techy speak:   It doesn't really work like that.

onomatopoeia99

Sicard said:

I'm no IT tech but on my pc I do regular coned back-ups. Can't these companies do the same?

No.

They almost certainly will already have had a variety of automated backup routines running depending on the nature of the things being backed up, but backups are only as good as the disaster recovery planning for getting the compromised services up and running again.  If it turns out it's going to take weeks to get everything restored even with the data backed up, more thought is needed.

Where I work (tiny company) we have daily automatic backups stored locally, with offsite, offline backups of the most critical data rotated weekly so we would never lose more than seven days' worth following a catastophic failure.  The time needed to get our services back running after a critical failure is a different matter, and one I was thinking about a lot even before M&S happened.

bat999

Sicard said:

.. I do regular coned back-ups. Can't these companies do the same?

M&S say "cyber criminals had accessed its systems through so-called social engineering tactics via a third-party supplier, after they were unable to breach the company’s own defences"

* third-party supplier *

FT story is here --> https://www.ft.com/content/19dcd993-877e-43c5-aab4-c727e574e3f2

Archived here --> https://archive.ph/b0D84

DullGreyGuy

bat999 said:

Sicard said:

.. I do regular coned back-ups. Can't these companies do the same?

M&S say "cyber criminals had accessed its systems through so-called social engineering tactics via a third-party supplier, after they were unable to breach the company’s own defences"

* third-party supplier *

FT story is here --> https://www.ft.com/content/19dcd993-877e-43c5-aab4-c727e574e3f2

Archived here --> https://archive.ph/b0D84

Thats an unusually poorly written piece from the FT...

It is a simple, old-fashioned con: criminals fraudulently claim to be an employee to trick IT staff into changing passwords and resetting authentication processes, thus gaining access to a company’s systems. 

Sits between a quote from the M&S CEO and another quote from some random Info Sec company but isnt clearly attributed to either.  The CEO simply said they got in via a supplier which could be something like the above but can be other things too like getting someone at the suppliers to open an infected file/website/email etc.

Sicard

Thanks guys. I've leaned a lot.