1. OCAU Merchandise is available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion in this thread.
    Dismiss Notice

Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. connico

    connico Member

    Joined:
    Jan 30, 2004
    Messages:
    5,027
    Location:
    Sydney
    lol, sometimes it's the only way to get your data back. At Least they got their shit back...

    Still, you would think a large corporate would have more... umm nefarious means... It's not like the Evil Corp guys are hiding lol
     
  2. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    46,644
    Location:
    Brisbane
    You can't be that blind to the obvious conclusion here, right? This paints a huge target on their back from countless groups with similar tools.

    Quoting for posterity when the second Garmin attack is announced.

    Yeah, right... because flying to Russia mid pandemic to beat up some kids (who likely pay off numerous Russian authorities/criminals to the tune of millions for protection) is entirely doable.
     
  3. connico

    connico Member

    Joined:
    Jan 30, 2004
    Messages:
    5,027
    Location:
    Sydney
    You'd think they would learn and hire competent staff...

    Who says flying to russia... just pay the guys "protecting" these kids...
     
  4. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    10,467
    Location:
    Briz Vegas
    Seriously... you are just a 1 time transaction the hackers a continuous income stream, if not close to indentured workers and will continue to generate income, especially from you when they do it a second and third time since you are now a repeat paying customer!
     
  5. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    46,644
    Location:
    Brisbane
    /thread

    These kids are worth a lot of money.

    https://www.vice.com/en_au/article/...s-of-russian-hackers-whose-lives-look-awesome

    $50K for the decryption keys is probably 1/10th of what you'd need to pay someone off who is protecting them. Honestly, the scale of how much money these kids are raking in is quite extraordinary (even if it is sadly predictable).
     
  6. connico

    connico Member

    Joined:
    Jan 30, 2004
    Messages:
    5,027
    Location:
    Sydney
    You reckon they only paid 50k for the key??? I don't know mate... reckon they paid a lot more for it...
     
  7. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    16,161
    Location:
    Canberra
    you could sell that as an XaaS cloud service.
     
  8. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    46,644
    Location:
    Brisbane
    Previous articles claimed between $5 and $50 K are the going rates for this particular attack, which is why I picked that number.

    I have no idea what they paid in this instance. I hope we get to find out.
     
  9. wintermute000

    wintermute000 Member

    Joined:
    Jan 23, 2011
    Messages:
    2,565
    mate they were asked for 10 million.
    Sounds cheap, until you consider what others have already stated (they will get in again, others will come knocking)
     
  10. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    16,161
    Location:
    Canberra
    10m buys a lot of competent IT folks.

    just saying.
     
    BurningFeetMan likes this.
  11. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    12,334
    Location:
    Melbourne
    probably less that the $10m ask, but a good compromise leaves everyone unhappy.

    quite likely worth paying a certain degree of ransom if the cost is lower than putting your shit back online yourself (factoring in lost revenue while you're down), maybe the extended downtime is to harden systems to prevent round 2?

    [edit] working off one financial statement I found, $10m is under 4 days profit for Garmin.
     
    Last edited: Jul 28, 2020
  12. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    46,644
    Location:
    Brisbane
    Well bugger me.

    Yeah but you have to keep paying them. Pay ransom, and it only happens once. Right? Guys? Right?
     
    cvidler likes this.
  13. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    $10 Million might be a lot of money.
    But Garmin made 2.2 Billion Gross profit last year.

    A Million and Billion sound close. but they are WORLDS apart.
    1 Million seconds is 11.5 Days
    1 Billion seconds is 31.5 Years



    So.. Garmin make ~$70/second

    $10 Million dollars is ~40 hours.

    If, by paying, you are making your $70/second, 40 hours sooner. you pay.

    Paying the Ransom, and fixing the problem aren't mutually exclusive, Paying the ransom obviously makes sense to them from a Business Continuity point of view.
     
  14. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    46,644
    Location:
    Brisbane
    Which is why it's the adopted standard to always negotiate with terrorists, right?
     
  15. connico

    connico Member

    Joined:
    Jan 30, 2004
    Messages:
    5,027
    Location:
    Sydney
    10 million buys a lot of busted knee caps...
     
    BurningFeetMan likes this.
  16. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,678
    Its the US stance. (how did that workout for them).

    Other regions negotiated with terrorists, for a mutually beneficial outcome.
    https://en.wikipedia.org/wiki/Sinn_Féin

    But its very much apples and oranges, at least, until someone declares APT Crews (or even script kiddies) terrorists, and starts dropping bombs on them.
     
  17. connico

    connico Member

    Joined:
    Jan 30, 2004
    Messages:
    5,027
    Location:
    Sydney
    There is a $5m bounty for one of the evil corps leaders lol... Apparently not temping enough for organised criminals ahaha
     
  18. BurningFeetMan

    BurningFeetMan Member

    Joined:
    Apr 22, 2003
    Messages:
    9,810
    Location:
    A Place of Tubers
    We're also forgetting a very important aspect - in that me, the paying customer, won't be buying Garmin again anytime soon. Is my fitness data safe with them? It doesn't seem so.
     
  19. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    10,467
    Location:
    Briz Vegas
    We negotiated a free trade agreement with the US, so yeah that seems right.
     
    Aetherone, 2SHY and elvis like this.
  20. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    16,161
    Location:
    Canberra
    I'm betting there's an IT guy at Garmin, who like requested $x for some upgrade/or wanting to run a pentest, and was denied. it would've been a rounding error against 2.2 billion, and certainly still less than 10m.

    capitalism profit at all costs - winnar!
     

Share This Page

Advertisement: