The CDK Global cyberattack that impacted about half of the dealers in the United States was not so much a cyberattack as it was a ransomware attack as many had speculated. The case might be worthy of study in the future as the PR response from CDK Global has been quite bad. Of course, many other types of cases (of the legal variety) may follow.
Monday, Monday, you can’t trust that day!
Speaking of trust, GM has admitted its Cruise unit needs to earn some back after a terrible incident last year and an also-terrible response, which will result in the maximum fine being paid out, which will likely settle that matter.
Ford is also in hot water this morning, with about $57 million awarded by a jury to a woman in Colorado after she claims a Ford Expedition ran over her leg. That matter is less settled.
And, finally, China and the EU are going to talk about tariffs as the EV-dominant country tries to reverse them.
CDK Global Hackers Want Millions, CDK Global Likely To Pay
As more and more operations go online, ransomware has become a larger threat to businesses. A recent article in Cybercrime Magazine suggests that ransomware costs could rise to $265 billion by 2031:
Cyberattackers will just as quickly strike a hospital as a Fortune 500 organization. The only things that matter are finding an initial access point, encrypting networks, and — when possible — extracting sensitive data to exert pressure on victims for extortion purposes.
As a global threat, the risk of prosecution, in many cases, is low, allowing rogue operators to organize themselves with staff, structures, and processes comparable to modern-day businesses.
Unless you work for a dealer, you probably didn’t know what CDK Global was, but the firm’s software is used by approximately half the car and truck dealers in the United States to do everything from tracking sales and paperwork to writing service tickets. The company advertises its services as an integrated Dealer Management System (DMS) that can do everything a dealer needs.
The obvious downside of this is that, in the absence of CDK’s services, dealers suddenly can’t do as much. We found out last week that CDK Global brought down its services on June 19th for what it called a “cyberattack.” We learned on Friday that the effects of the attack were likely to last for days, right as most dealerships were planning their big start-of-summer sales.
Robert Serrano, general manager of New Country Toyota of Westport in Connecticut, said the mood at his store was still strong as staff was working deals and the service department had 20 appointments.
The store’s owner is New Country Motor Car Group, of Saratoga Springs, N.Y. The group owns more than 30 dealerships there, in Connecticut, Florida and Maryland.
“I’m hoping, and maybe this is just wishful thinking, that it comes on today because it’s the second-to-last Saturday of the month, and I’d love to bill out some cars, but right now, [it] doesn’t look that way,” Serrano told Automotive News.
Serrano said that most customers were unaware of the issue, but inside he was “agonizing” over the hack.
As a journalist, the response from CDK Global has been disappointing and many people were speculating in the comments here that it was ransomware as nothing else made sense, but the company was slow to acknowledge anything.
Credit goes to Craig Trudell at Bloomberg who was the first to report that it was, indeed, ransomware and that CDK was going to pay:
CDK is planning to make the payment, said the person, who asked not to be identified because the information is private. The hacking group behind the attack is believed to be based in eastern Europe, the person said. In the early days of any ransomware attack, discussions are fluid, and the situation could change.
CDK didn’t respond to multiple requests for comment on Friday.
CDK Global has told customers it’ll start restoring services as soon as it can, but it’ll probably still take “several days” for all outages to be ended. This weekend is the last weekend of the month, which is a big deal for dealers.
How much money was lost here is a big question. How many sales did dealers end up losing? How much did CDK Global end up having to pay? Many large dealership groups use this software and, even if there’s not a lawsuit, the possibility of CDK Global having to compensate dealers is real.
Finally, how many sales were lost? Are we going to see a downturn in car sales for June just as momentum is building?
The industry learned from the pandemic that the world was indeed not flat and that having the same few suppliers for critical needs wasn’t a great idea. Perhaps dealers need to learn the same lessons.
Ford Ordered To Pay $57 Million Over Expedition Accident
It’s not often that you see a car company sued over a vehicle that’s over 25 years old, but Lorelle Thompson of Colorado has been awarded one of the largest personal injury payouts after she claimed her leg was crushed when her 1998 Ford Expedition allegedly “self-shifted into powered reverse.”
An eight-member jury in the trial overseen by U.S. Colorado District Court Judge Maritza Dominguez Braswell determined Ford was liable for and negligent with a design defect in the vehicle. It awarded Thompson $56.575 million, including $45 million in punitive damages.
“While our sympathies go out to Ms. Thompson and we respect the jury’s decision, we do not believe the verdict is supported by the evidence,” according to a statement sent by spokesperson Richard Binhammer. “We have filed post-verdict motions that are currently pending before the court.”
The lawsuit alleged the Expedition’s shifter was defective and that Ford knew there was a problem dating to the 1980s. Ford denied the claims.
This will be an interesting one to watch on appeal.
GM To Pay $112,500 For Withholding Crash Info
Sometimes, it’s both the crime and the coverup that gets you. Last year, GM’s robotaxi unit Cruise was informed that one of its vehicles was near an accident that involved a Nissan striking a pedestrian. The Cruise vehicle didn’t understand it struck that pedestrian and, ultimately, dragged the victim about 20 feet as the autonomous Chevy Bolt pulled over to the side of the road.
This led to the company shutting down its services temporarily and a leadership crisis that saw most of its C-Suite gutted. Why? The company was terrified of the media and of regulators, convincing itself that it wasn’t that big of a deal and withholding some footage from California authorities.
Once regulators wised up to what happened all hell broke loose.
Cruise will have to pay $112,500 to the California Public Utilities Commission which oversees driverless cars. While it’s not a huge amount of money, it’s the maximum fine the CPUC can charge. From the San Francisco Examiner:
Over The City’s objection, CPUC Administrative Law Judge Robert Mason III approved Cruise’s settlement offer. The only change is that the company will pay more than the $75,000 it previously offered. The amount Cruise will have to pay is the maximum allowed by state law and what the company’s president verbally agreed to at a February hearing, he said.
Mason rejected the call by the San Francisco Municipal Transportation Agency that CPUC conduct its own investigation into the accident, rather than relying on a report about it from San Francisco law firm Quinn Emanuel Urquhart & Sullivan that was commissioned by the company.
Going down that route would likely drag out the case for no good reason, Mason said in his ruling approving the settlement. Cruise has already admitted that it didn’t immediately give a full accounting of the accident in the immediate aftermath of the incident and has committed to more transparency in the future, he said.
Cruise robotaxis are starting to go back out on the streets in certain markets.
What’s The EU Going To Do About China?
We’ve previously chatted about all the ways that China might react to EU tariffs on its EVs, as it has a lot of leverage over the 27 nations that make up the European Union.
China, unsurprisingly, has asked the EU to cancel its tariffs (which range from 17-38%), but that isn’t going to happen anytime soon.
“Nobody will dare to do this now. Not before the elections in France,” said Alicia Garcia Herrero, senior fellow at Bruegel, an influential EU affairs think tank, on whether the planned curbs could be dropped.
“The Commission can’t change a decision it has been pondering for months on months on months,” she added. “Yes, China is putting pressure on the member states, but they would need to vote with a qualified majority against the Commission.”
That sounds right, although the ongoing talks between the EU and China demonstrate to me that, while China has a lot of leverage, it also clearly wants access to the EU market, which means the EU also has leverage.
Overall, talks are good, or as the head of Germany’s biggest industry association BDI put it:
“You know the old saying: as long as there are talks you’re not shooting at each other.”
What I’m Listening To While Writing TMD
I’ve been enjoying Sabrina Carpenter lately and I couldn’t quite put my finger on why, then I realized that she sounds like Nina Persson from The Cardigans doing Ariana Grande songs. Anyway, here’s Tom Jones and The Cardigans doing a Talking Heads cover in a super trippy video from the aughts.
The Big Question
Was the internet a mistake?
The internet has resulted in a higher rate of societal change by at least an order of magnitude. That has been a double-edged sword. Early on Twitter liked to crow about how people were using it to organize during natural disasters and such, but unfortunately that ability to organize also extends to neo-Nazis. The internet has made it possible to connect with people you never would have otherwise. It has also made it so easy for scammers to contact you that if they get a .001% hit rate on their scams, they still make boatloads of money.
Most of this stuff can be dealt with and probably will at some point. The problem is it’s happening faster than governments, businesses, and the population as a whole can react since most of them are still built on the idea that major change happens over the course of a generation, not every year or two.
Was the internet a mistake? I don’t think we’ll know until we see how society either adapts to it or collapses. Current trends aren’t super promising though.
Well I’m not sure I can un-hear that now. I was enjoying her style of pop previously as it was, but now it’s going to be all strange in my head. I can’t disagree with your assessment, though.
Right?!?
Also, this reminds me that I haven’t listened to Gran Turismo in a while and it deserves at least an annual listen. Thanks!
“I’ve been enjoying Sabrina Carpenter lately”
I’m sure I would too,if given the chance.
“and the service department had 20 appointments”. When i was a tech and i came to work with them telling me that there was 20 appointments i would go home and do sidework. 20 appointments in a shop of 26 techs is covid era numbers.
The internet was not a mistake. Putting EVERYTHING online was. Everything shouldn’t need to be internet-connected. Internet-connected toothbrushes should not exist. And we shouldn’t feel like we need to post every thought, every trip, and our whole lives online.
That said, online inventory management makes sense if you’re trying to also ensure your website shows current inventory. Online financing applications expedite approvals and allow for quick verifications of appropriate interest rates. There’s an argument to be made that separate solutions for financing and inventory would have limited the effect of this attack, but I don’t think it would have made a lot of difference. The financing side would still be a prime target, and it would still really hurt the dealers and offer a lot of personally identifiable information.
the internet is not an entity it is just someone else’s computer. These attacks will continue to happen until corporations take cyber security more seriously. it’s a calculated risk they are taking not upgrading their infrastructure and hiring more it staff to keep things safe. The head of IT is probably fired regardless but i’m sure 5 years ago there was probably a long chain of emails of how their security is not up to par and cooperate not approving the cost to upgrade things.
It starts with architecture and design. Security has to be involved from the first steps and has to be all encompassing. Ive been involved with many systems that didn’t take it seriously and paid the price. I’ve also worked on systems that have been in prod for a decade or more without a single breach. It’s about commitment from management and a willingness to enforce oversight and listen to the professionals.
Usually a whole bunch of other people’s computers, but that’s not really the point. The point is that there are a lot of things we connect to those computers that don’t need to be. Local control is great for a lot of things and would reduce attack vectors.
They’ll continue long beyond that. No matter how seriously a company takes cyber security, there’s always a weakness. Some employee is going to do something dumb. Social engineering attempts will find that employee.
Companies need to do better, but cyber attackers are going to find a way to keep going regardless. We can reduce them, but I don’t think they’re ever going to go away, short of a worldwide EMP or human extinction event.
But, yeah. You need to harden the target in every way you can. Train employees and test them frequently. Segregate networks. Maintain tight access controls. Source secure programs. Don’t let things slide. You can absolutely make it as difficult as possible and also minimize the damage if someone in your company slips up.
A few years back our company got hit by a worm that went through pretty much every computer on the network. My desktop had failed a week or so prior so I had set up an older laptop and was using that. (Back then I had admin privileges and could do that.) The AV we were mandated to use by our parent corporation would not catch this particular worm but the AV program I used on the laptop did. For a while I had the only uninfected computer in the company. IT was told they had to guarantee that this would never happen again, but we could not change AV programs.
When can we all expect our free 1 year of credit monitoring? At this point I’m owed a free lifetime of credit monitoring. Can I at least stack them in succession. I have 3 of those letters already this year (2 medical networks and AT&T).
I worked for a large company. One year, someone called a person in HR claiming to be an executive and said he needed all the W2’s sent to him immediately.
She promptly sent out the 1500+ W2’s. We all got two free years of credit monitoring.
That HR person will be the first example in the company’s info sec training for all of eternity. My god.
How many picoseconds did she stay on the payroll after this was discovered?
I don’t know. The name was never released. I guess HR can sometimes keep information from getting out.
Being a large company, they bought a lot of smaller companies (how I ended up there). They also had great reorganizing and rebranding ideas every 18 months or so. The end result was that there were so many different email domains that it was impossible to tell if an email address was an actual company email address.
As an example, I knew I wasn’t hanging around long after my company got purchased. So I basically worked from my own phone and laptop so I didn’t lose any information or contacts when I left. I bought a domain name that looked like a company domain and used an email address from that domain so I didn’t have to use their unremovable VPN or their even more invasive phone malware to access work email.
At one point I even figured out how to get around their VPN by compiling my entire company laptop into a virtual machine and running it on my personal laptop. I am not an IT guy or hacker. This stuff is all relatively easy to do with the help of google and an afternoon or two.
That way when it was time for my glorious liberation I just walked my already-cleaned work laptop down to Fedex and sent it away.
Big company buying a lot of small companies is a FANTASTIC way to create internal chaos. Glad you found a way to escape the fray. 🙂
I had just bought a house, still had the previous house and was paid well there. I would have jumped a lot sooner if they had offered a severance but it was a little too risky to jump ship without it.
I played GTAV from home until they finally offered since I was not going to move to Michigan and they didn’t know what to do with remote employees.
I had a US government job early in my career and my wife currently works for a US government agency. I’ve had my personal info exposed more times than I probably know through all of the various OMB data breaches. 6-7 years ago I caught an identity theft in progress using all of my personal info. Since that time, my wife and I have our credit files frozen at each agency. It was a major pain to set up and still can be annoying when you need to thaw before a credit check, but at least I know no one is racking up charges on our credit.
In my opinion, we need a new ID system that does not use ancient social security numbers for proof of identity and we need more oversight and responsibility put on the credit agencies in the name of protecting consumers and overall transparency. I check my credit report a few times a year to be safe and there’s always some erroneous crap on there that I have to dispute like phone numbers, prior addresses, aliases.
They shouldn’t be allowed to make the ransom payment as it will make this problem worse for everyone else. Deal with the consequences of lax security and don’t make the same mistake again.
The challenge is this: it’s cheaper to pay than rebuild the state in the databases, and the *sshats doing this know that. Most companies pay. Now if they’d been properly paranoid with their design strategy and had good roll back points, this would have been a mild annoyance. But everyone wants to do this on the cheap. *sigh*
That’s the real kicker. This shit is known by now. They should have had regular offline backups for this very scenario.
They have to. Unless they have local backups for all their required documentation, they need access to that information. Especially with signed contracts and such – it can’t just be recreated retroactively.
Does anyone else here think that it is a serious mistake for CDK to pay the ransom?
I just see it opening the flood gates for more of these Ransomware/ Cyber attacks ┐(´•_•`)┌
I’m not sure that it matters, one way or the other. Liam Neeson can’t vigilante everything.
Too bad Charles Bronson is no longer around… 😉
But he has a particular set of skills!
A very particular set of skills.
Skills acquired over a very long career.
I was thinking more Mel Gibson in Ransom, as in the hackers just named the fee on their hit contract. I don’t actually condone that sort of action – but there are days I wonder if knowing there’s now a price on the perpetrators’ heads wouldn’t be more effective in preventing future attacks.
“I don’t actually condone that sort of action”
Maybe when it happens to you you’ll change your mind.
Ransomware attacks and payouts have been happening for decades. To now mandate that no payouts be made would only add to the amount companies have to pay. First, pay the bad guys. Second, pay the penalty to the regulating authorities (likely the government (the slightly less bad guys)).
Looks like it pays well to be a hacker: UnitedHealth CEO tells lawmakers the company paid hackers a $22 million ransom:
https://www.cnbc.com/2024/05/01/unitedhealth-ceo-says-company-paid-hackers-22-million-ransom.html
Yes, but there are many people behind attacks on something big like a major corporation.
You gotta make sure the people handling the money transaction know what they are doing and people like that don’t come cheap. Then you will also likely need some other people around for axillary tasks. Lastly, there will be some organized crime group that wants their ‘share’, if not, there will be soon if you swim in that body of water and make any money. The organized crime people can also keep more legit authorities from showing up at your door.
In the end, your share of the money will be much lower.
There isn’t much choice at this point. There wasn’t much choice at the start either.
If they paid quickly they may have been able to save themselves some hassle. If I were a dealership, I would be looking at alternatives. I may even *gasp* look at bringing critical IT functions in-house.
I suppose they figure ( the company being hacked) that they will just pay the ransom and cut their losses?
Their options are to pay and hope this can be salvaged or go out of business.
I’m not sure exactly what they were selling, but there are laws about businesses retaining records. If CDK was storing those records they will (or would be, in a properly functioning market) be sued into bankruptcy by the dealers relying on them for data storage or fined into the same position by regulators.
These ransomware people know what it will cost the company to NOT pay the ransom and as long as the ransom is LESS THAN that dollar amount the company is legally obligated by their shareholders to take the cheaper option. You can’t spend more money for a “moral victory” when you have shareholders to answer to.
UnitedHealth CEO tells lawmakers the company paid hackers a $22 million ransom:
https://www.cnbc.com/2024/05/01/unitedhealth-ceo-says-company-paid-hackers-22-million-ransom.html
Well, it’s good work if you can get it! 😉 (being a hacker)
Zero Cool/Crash Override, Acid Burn, Lord Nikon, and Cereal Killer agree.
Hack the planet!
For every ransom ware breach that leaks out as being paid I can assure you there are a hundred or more that quietly pay and move on.
“Does anyone else here think that it is a serious mistake for CDK to pay the ransom?”
Yes… I personally think it’s a mistake and if they’re Russian, then paying the randsom just might be illegal as it might go against sanctions the US has against Russia.
LOL, no, it was not a mistake. I would never go back. It has made my life and job easier than trying to do it without. I’m 46 and started my professional career in 2001. Life would just SUCK if I had to go to a book to look up material properties or formulas every time I use them.
As said below, it’s a tool. It’s the single best tool invented in the past 100 years, too. There has been NOTHING even close to it that has had such an impact on human development besides, perhaps, the printing press.
The dewpoint just collapsed this morning. It’s time for a long walk around the building.
I feel like late 2000s was internet peak, had youtube, myspace, Farmville, Amazon but it wasn’t killing Kmart yet. Netflix still shipped DVDs, everybody didn’t have their streaming channels, and cable only cost like $20 a month. Iphone had just started but lots of folks still rocking Nokias and Razrs(the good ones!)
So the internet was fine then, still a thing you could ignore, not everybody had a smart phone, kids still had to talk to each other at school, so just need to hit the reset button on the internet to around then and we’re all set.
Also bring back KMart.
Internet alone didn’t kill KMart, private equity deserves a lot of the credit for that.
“We definitely have to stop at Kmart. I definitely need to buy some new under wear.
And we need to get to a TV before 3 when Wapner comes on. Definitely need to find a TV.”
“Private equity sucks the big one Ray.”
Sounds like you can drive yourself there, probably a very good driver.
Maybe even an excellent driver.
LOL, COTD for Wapner reference. Forgot about that one!
Dr. Bruner:
Raymond, wouldn’t you feel more relaxed in your favorite K-Mart clothes?
Charlie:
Tell him, Ray.
Raymond:
K-Mart sucks.
Dr. Bruner:
Oh, I see.
Shop smart. Shop SMart.
You got that?!
To bring back KMart, go back in time, then get rid of Joe Antonini.
Eddie Lampert is the one you want. Trust me on that.
Still in charge at Sears and Kmart. And still living large.
Naw, peak internet was 92 or so. Far fewer edge lord idiots, no social media, amazon. A bonded isdn connection was peak geek.
“having the same few suppliers for critical needs wasn’t a great idea” No business runs a backup “business operating system” for lack or a better term, and the integration between operations of sales and service for a dealership is the whole point of a DMS. Having multiple vendor systems for different needs talking to each other is a point of potential failure, an integration headache, and additional security risk. There’s really no way for a dealer group to win here. They need to pick a DMS and pray that their security is up to scratch. Many ransomware attacks originate not by hackers getting in a backdoor somewhere, but via phishing or other types of social engineering attacks to try and get a user to give up a password. Because in the end, the human beings that run these systems are actually the weakest security link. I’m sure we’ll never know “how” they got access, but this is going to be a very expensive lesson for all concerned.
These are all good points, but the fact that CDK had no offline backups or seemingly no other plan for this *inevitability* is egregious.
You’re right that social engineering / phishing etc is the most common attack vector. That’s not new information. To not have any fail-safes against it is wild.
Was the internet a mistake? Nope, they did it on purpose.
LOL!!!! COTD.
Dude, kittens and porn. Okay, the original purpose of the WWW was to replace textbooks, but still. Get all this serious discussion crap outa me network, n00b.
“CDK Global Hackers Want Millions, CDK Global Likely To Pay”
Oh FFS… so these jackasses at CDK didn’t have proper OFFLINE backups. And most likely their online backup server was also compromised.
Now here’s the thing someone needs to tell them… even after paying off the criminals, some businesses STILL didn’t get their data back.
“In a ransomware attack, paying the ransom does not guarantee that attackers will provide the decryption key. Even with the key, most organizations are unable to recover all their data with decryption alone. In one study, as much as 92% of companies failed to restore all their data even after paying the ransom.”
https://www.riskandresiliencehub.com/6-reasons-not-to-pay-the-ransom-in-a-ransomware-attack/#:~:text=In%20a%20ransomware%20attack%2C%20paying,even%20after%20paying%20the%20ransom.
Instead of paying money to criminals, they should spend the money on a professional recovery service.
And that will take time.
So while the recovery service does their thing, you start with a new server and build the system from scratch… reinstall the OS, reinstall the software, set up the users, etc.
It’s a nightmare, but it’s the better and proper way to do it.
And then going forward, you make sure your critical servers are in a VM. Then you back up the entire VM to a hot backup.
Then you make a copy of that hot backup VM file onto removable drives that are then taken offline and kept as cold backups… with some backups kept in one place (such as a service like Iron Mountain) and some kept in another (like a bank safety deposit box).
And you want to have a full cold backups for every month stored off site. And keep some current cold backups onsite to enable quick file recoveries if there is an issue with the hot backup.
It sounds like overkill, but my way guaranteed there would be a backup even if there was a total loss of a facility due to some disaster.
That is essentially what I did when I managed the backups for my company. And I actually DID have a ransomware attack because one of my end users was an idiot as well as the usual end-user idiocy of overwriting/deleting their own data by accident.
But I was able to restore data every time. And we were able to give the criminals the big middle finger because of my *proper* backup scheme with redundancy built in.
“ The hacking group behind the attack is believed to be based in eastern Europe, “
My money is on hacking group being based in Russia…. likely backed by Putin.
“Was the internet a mistake?”
No. The internet is just a tool. And like any tool such as money, it can be used for good and bad purposes. And like many tools, you can be hurt by it if you’re not careful with it.
You’re right, this is the proper way to do a backup, but the way so many cloud services businesses operate these days, they may not even have the ability to have such a well structured plan. They might not even be operating their own data centers, and the data could be stored separately from the applications. Also consider that we’re talking about thousands of dealers, so all their users, all their data (stored independently from each other). I have not idea how CDK’s service is designed, but rebuilding from scratch from a backup may not be feasible.
In some ways, cloud servers make it easier. You can clone whole VM images and clone databases to geo-redundant datacenters, in addition to downloading for offline backsup.
“ but the way so many cloud services businesses operate these days, they may not even have the ability to have such a well structured plan. “
If you have access to the VM server, then you should have access to back up the given VM
And if you can back up the VM, then you can general specify WHERE that backup goes to.
And if you can specify WHERE it goes to, then you can specify that it go to a removable drive that can be taken offline
“Also consider that we’re talking about thousands of dealers, so all their users, all their data (stored independently from each other).”
So what? Exporting the user database and related user data would be part of the backup like any other.
While there may be thousands of users in many places, they’re all in the same database. You wouldn’t have to go to each individual dealer to get their data.
That’s not how it works.
“ but rebuilding from scratch from a backup may not be feasible.”
The system they are on absolutely was installed and built from scratch at one time. If it can be done once, then it can be done a second or more times.
And this isn’t the old days were all in-house ERP systems were custom programmed. CDK is a seller pf packaged ERP solution like SAP, PeopleSoft, etc… just not as big and more specialized.
And like SAP, CDK sells a cloud version of their software.
I’m sure they absolutely have copies of the original software used. Hell, they likely have installers for several previous versions if they ever need to go back for whatever reason (like needing to restore old data from like 7 years ago).
Note as well that they have more customers than just dealers:
https://www.appsruntheworld.com/customers-database/products/view/cdk-global-dms
What if the ransomware folks didn’t encrypt anything, not a single file, but instead they exfiltrated sensitive information, like PII for every customer at every dealership CDK services? How will proper backups protect from having to pay that ransom?
It’s possible the delay preventing CDK from coming back online isn’t the time it takes to do backups but the time it takes to realize that the baddies are still active on the CDK network.
“What if the ransomware folks didn’t encrypt anything, not a single file, but instead they exfiltrated sensitive information”
What you describe sounds like it would be a case of:
“Okay everyone… change your passwords for the system login, change your banking passwords, cancel your credit cards,etc”
But this case doesn’t sound like that.
Because in that case, paying the ransom won’t actually secure or fix anything.
They would only want to shut things down to identify and plug the security hole.
What I described is the other form of ransomware, you pay the ransom to secure their “promise” not to release the sensitive data, in this hypothetical case it’s the PII of their entire customer base.
I wouldn’t pay the ransom in that case because I wouldn’t trust the “promise” of criminals. And I wouldn’t trust that they wouldn’t keep coming back for more money.
Nah… the only long-term way to break an extortion racket is to not pay and deal with the consequences.
I agree, paying just leads to them asking for more money in the future, but I can imagine that as a scenario CDK is contemplating right now. There’s a reason why we all keep getting free 1-year credit monitoring offers from just about every corporation we do business with.
Most companies are unwilling to pay for this level of backup.
The bosses are told that the ‘cloud’ solves all of this and doesn’t require employees – and being bosses they blindly accept what you tell them with a nice powerpoint deck as long as you put the right buzzwords in there.
If the people who knew this IT stuff spent less time learning and doing IT things and more time simplifying concepts into picture-book format, then maybe the bosses would listen to them.
Then they pay the ransom, eat the shaming and or find a new job. I don’t know how many presentations I’ve done and been involved with where the first question out of management’s mouth is, how much does this cost and do we have to do it. They are constantly running the calculus of risk vs bottom line. Too many of them are willing to roll the dice for that juicy bonus.
They’re only bonused on increasing revenue or reducing costs.
If you’re in operations you can’t really increase revenue so you’re going to focus on reducing cost.
People who take a holistic view of the company rarely make it to upper management.
Any way you slice it from the lowly tier 1 employee or contractor through the CTO the result is the same. Splain to management or investors what happened and why and then serve up head for removal
“Most companies are unwilling to pay for this level of backup.”
That level of backup is not actually expensive… and it’s way cheaper than it used to be.
NOT doing it would be a case of being “penny-wise, pound-foolish”
“Penny wise, pound foolish” is the motto of large American businesses these days.
And to add to my last comment:
I think a lot of companies don’t do this level of backup not because they don’t want to pay.
They don’t do it out of ignorance.
They think “oh we have a backup server… we’re fine”.
And because they don’t have someone like me, they don’t have someone like me saying “Okay… now what happens if they backup server goes down because it was infiltrated, eviscerated in a fire/natural disaster or some other failure? Show me where you’re gonna get your data back from then?”
And then that would lead me to saying “Look… removable hard drives are cheap… for $1000 (less than any one of you spends on gasoline per year), I can give you an cold offline backup solution to compliment what you’re already doing in case the worst of the worst happens. You have a safety deposit box at the bank? Well we’ll keep at least one backup there and then maybe at a company that specializes in records storage. Let me introduce you to Iron Mountain… “
Don’t forget SaaS off-site backup solutions such as Glacier, BackBlaze, etc. Those are stupid easy to set up and extremely affordable. The recovery time might be a bit longer to retrieve/download/restore but at a bare minimum it’s excellent fire/infiltration/meteorite insurance.
“And because they don’t have someone like me”
^^ That is the problem. They do not want to pay someone like you. IT at many companies has become a rotating cast of recent graduates (high school graduates, in some cases) who make sure that terminals can access the internet and not much more.
Since software runs remotely, they do not have to maintain or set up local servers and probably wouldn’t know how. Without local servers, they’re probably not dealing with any sort of local backups.
Note: I am making a lot of assumptions about how the CDK software operates, and am completely open to correction. But since no individual dealers seem able to just disconnect and restore locally it seems like it’s all in the cloud.
“Without local servers, they’re probably not dealing with any sort of local backups.”
You don’t need to have local servers to make local backups.
And actually I routinely argued that you don’t want to keep your backups in the same place your server is… at least not the offline backups.
“But since no individual dealers seem able to just disconnect and restore locally it seems like it’s all in the cloud.”
Just because it’s ‘in the cloud’ doesn’t mean it isn’t sitting on some physical hardware somewhere.
Most likely it’s sitting on hardware that hosts the VMs. And those VMs connect to network attached storage.
If you have admin access to the VM host and NAS boxes, then you can send regular backups to an online/hot backup system.
Then from the online/hot backup system, you make a copy of the backups to a ‘cold’ source that can be physically taken offline and stored as a ‘master backup’.
Whether it’s in a cloud or not is irrelevant to whether something like this can be done.
I know this could have been done by CDK, but would they have granted sufficient access to their clients so they could implement their own backup solution?
When I was in sales, in order to kick a competitor out of a customer I had to be able to supply every item that customer was buying from that competitor. If the customer still had to deal with both vendors, I didn’t really save them any time.
I’m assuming CDK was offering to take over all their database needs, including a backup system that I am sure they sold to dealers as ‘robust.’
“Don’t worry about backups, we have built in redundancies in multiple physical locations and run regular full backups and daily incremental backups,” I imagine the CDK salesman saying.
The internet was not a mistake, but just about everything available on the internet is mistake. The original ideas that spawned the internet are noble, and worthwhile, however the execution of it has been an interesting experiment in how can best separate and destroy our own populations from one another. There are exceptional resources with almost limitless information, and there are also platforms where extremely influential people can finger private citizens as terrorists with impunity.
Overindulgence in the internet is a mistake. Social media addiction is way too common these days.
Yep moderation is key for not just Internet but life in general.
If the internet was a mistake that somehow was rectified in a way that it didn’t exist, then life as we know it today wouldn’t exist in its current form
With that in mind, the question morphs into, “Are you willing to trade the life that you currently know, for one that is completely unpredictable in how it would present itself in the present?”
It’s an impossible question to answer.
Lack of laws and regulations are the mistake. In it’s current state it’s just a few steps away from a Libertarian’s wet dream.
You should go to China. They have all that. On a serious note: when this thing was built nobody was sure what it would be used for. We built it for physics initially. Nobody knew what would happen. Can we fix the network so stuff like this hack would be really tough? Oh yeah. Would you scream bloody murder when I take away any semblance of anonymity you have? Even more. We have met the internet, and they are us.
Everyone knew it would be used for porn and warez – just like the BBS’s that preceded the internet.
Not at the beginning they didn’t, which was kinda weird. Netnews was already a thing so you’d think it would have come up… but remember: you couldn’t get onto the earliest version of this thing unless you were on the right network. We didn’t let the unwashed in 🙂
They had no vision.
Nobody had any idea. Seriously, we were site #2 in the entire world, before you unwashed were allowed anywhere near it. Microsoft would have gone out of business if they hadn’t pivoted to the web, and they damn near didn’t. Interesting times.
If fairness, I knew for sure about the porn and warez. The kittens were a surprise.
See!? Kittens are the best part in my opinion, although your mileage may vary.
Love the immediate leap is to an authoritarian example. God forbid there be nuance and a middle ground.
By all means propose one. I’ve been working with this stuff for a long time, so I understand the ramifications. Folks are scared that once you start regulating it more closely, it will ultimately become a repressive tool. They aren’t wrong to worry, because this is how governments think (in your best interests, naturally.) What’s your idea?
Are you asking if there are examples of government regulating risk to its citizens without rising to the level of an authoritarian regime?
I am. I’d also be interested if that regulation helped with security at all because what we have now is the equivalent of swiss cheese.
You know, another question that isn’t being asked enough is whether there were any sales lost due to this hack.
If they could only access the system, dealers could tell you exactly what they’ve lost in sales.
I think we’re going to end up hearing some big number related to lost sales. I also think that it’s going to be a little misleading.
Individual dealers may lose money as people go to dealers that aren’t affected. And some people may delay a purchase. But I don’t know how many people are just going to decide not to buy a vehicle. Maybe more than I think, since the largest portion of buyers aren’t buying because they need a car, but because they want a new/different vehicle.
One dealer might have lost some sales to another dealer, I doubt any shut their doors for long. maybe Penske stores did.
Some sales might have been delayed, I doubt any will be lost in the long term.
I am pro-hacker in general.
I am extra pro-hacker when the other choice is auto dealers.
Why would that be? Sure some dealerships suck, but don’t go there is the answer.
Meanwhile the dealership where my wife works (and many like them) is doing everything on paper that they can. but due to CDK being tied to other programs they might run out of temp tags to issue, which means no sales, which means sales staff maybe can’t make their bills, the office staff have nothing to process, so are sent home. The office staff are close to minimum wage workers, they’re the ones bearing the worst of this.
CDK pays the $80M, who ultimately pays? The customer. That’s you and me.
There will be lawsuits, who ultimately pays? The customer. That’s you and me.
At the end of the day every cost (nearly) always gets past down to the end user. Who is that? You and me!
If you want to see this in action and are a customer of So Cal Edison, check your bill for a wild fire recovery fee.
I am a fan of irony.
A CDK salesman walked into all these dealerships selling a secure solution with guaranteed uptime and got them to sign the papers, only to find out that the deal they got is not the deal they were promised.
That’s just too perfect.
Yeah but that TruCoat!
mop and glow!
We should all know that nothing can ever be 100% guaranteed!
Aside from death and taxes
And cyberattacks if you paint a large enough target on your back.
Yes Sir.
I don’t think the internet was a mistake. However, some of the things that resulted from the internet definitely were. If you want to apply the law of syllogism there, perhaps an argument could be made the internet was a mistake.
The Internet isn’t bad or mistake. It’s just that people put things in motion that didn’t have proper security measures in place. It is pretty expensive to get cyber insurance. It’s next to impossible to get it without proving you took ALL the known steps to secure data. Now many companies are going back and revising their security protocols. Now a days, not only do you have to vet your own security, you have to vet your vendors.
Natch.
I am not really eager in most cases to blame the victim for tragedies, but in this case I’m not sure what else it could be. Chunky column shifters don’t move themselves between gears and there’s not really a conceivable mechanism for them doing so. If this was a design defect going back to the 1980s, literally millions of trucks would be affected, and yet no one else is getting run over. Make sure your truck is in park before you get out of it, lady!
Knowing the likelyhood this used common parts across multiple models (e.g. F-series & Expedition) that this issue would have been brought up, and seen long ago.
This sounds like a retread of the ‘insufficiently strong detents in the shifter’ thing that Ford was dinged with in the 60’s. Those cars were supposedly so easy to shift out of park that they could conceivably *fall* out of park into reverse when they were sitting idling. Not sure how much I believe that, and I’m even less sure that a ’98 Expedition could have such a problem.
Of course this is a 26 year old car, so there’s no telling how much wear and tear and shade-tree hackery the shift mechanism could have been subjected to over that time. Even if the car was perfectly maintained and this failure occurred due to wear of the original mechanism that was over a decade beyond its warrantee (and likely design) lifetime, I’m not sure I’d agree with setting the precedent that the OEM should be liable.
Yes this is good clarification.
Those cars in the 60s didn’t have shift interlock (apply brake to shift from park) like 90s Ford trucks do though. It’s possible both the interlock and the detent independently stopped working, but after 25 years I agree with you, there’s no way Ford should be liable for that.
I guess an exceptionally loose shifter could drop from P to R. At this vehicle’s age, it would be normal for there to be some slop in the controls from use.
But 25 years into service, this seems like a maintenance issue more than a design issue.
Remember, the presumably independent shift interlock would also need to fail for that to happen.
If it’s a mechanical interlock of some sort (I’m not familiar with Fords), then I guess it’s also subject to wear and slop.
If it’s electronic, those get bypassed all the time as a temporary fix.
I’m also guessing that the slop could have prevented the shifter from locking all the way into park – even if it appeared to be in park. If it’s not locked into Park it may not need to bypass the interlock to drop into reverse.
This may be the most likely explanation.
I feel for the folks at CDK, ransomware is a global suckfest that isn’t going away any time soon and is next to impossible to defend against in any large organization.
We have to do cybersecurity training at work every other month. It is a constant reminder how important it is to be vigilant in our organization. They also seem to like to impress upon this by doing phishing tests on new hires the first week. Many fail, and I wish IT would at least give them a week and one training before doing those tests.
My company does so many phishing tests that I will mark anything remotely odd as phishing. They’ve got me paranoid (which is the point). But I do love getting that “Congratulations on spotting a simulating phishing attempt!” pop up.
Ah, my company does these as well. The simulated phishing attempts.
I agree with one of your statements, but not the other two. I have no connection to CDK, but work in IT and have responded to two ransomware attacks.
The top leadership at CDK who didn’t listen to their IT team should be sacked. And if the CDK IT team didn’t raise red flags that the company wasn’t following best practices, they should be sacked.
False and incorrect. All you do is make yourself less of a target.
If they want in, you cannot stop it. Period.
False and incorrect. You clearly have zero clue as to what is involved in data restoration of that level, and even less experience. In other words, you’re talking out of your ass from fantasyland.
Here’s a protip: at the absolute maximum possible throughput, it takes over 9 hours to write 12TB to tape. Nothing ends up on a single tape. A single 50TB Oracle database can easily take 14 hours just pull back down to disk. That’s not even starting to bring it back online, that’s just writing files back out.
And no, there is not a ‘non-tape’ option.
Congratulations, you’re part of the problem. I bet you think that paying them off is also the most effective way to ensure customer data doesn’t get leaked, and that installing an ‘enterprise’ VPN like Pulse is best practices../../../
Slightly less delicate than I would say it, but, yeah. And if they rooted any of the hardware and/or have been in the system for some time, they would probably have to literally replace hardware to just to get a clean boot. Computer systems are now so complicated that there is just no way to eliminate every risk. Basically every single operating system, database, middle-ware, router, you name it, has bugs (well, except maybe BSD) and most of those bugs will not be found and fixed. It’s simply inherent to any system once it becomes complicated enough and there is no avoiding it. No matter who you are and what you do, you are hackable. Just ask COVID. The human body is a decent analogy for the internet on a complication level.
So have a little sympathy for CDK and start lobbying your politicians for drone strikes on ransomware operators.
False and incorrect. All you do is make yourself less of a target.
If they want in, you cannot stop it. Period.
We’ll have to agree to disagree on this.
False and incorrect. You clearly have zero clue as to what is involved in data restoration of that level, and even less experience. In other words, you’re talking out of your ass from fantasyland.
Here’s a protip: at the absolute maximum possible throughput, it takes over 9 hours to write 12TB to tape. Nothing ends up on a single tape. A single 50TB Oracle database can easily take 14 hours just pull back down to disk. That’s not even starting to bring it back online, that’s just writing files back out.
And no, there is not a ‘non-tape’ option.
Datacenter-to-datacenter mirroring, and backups to things other than tapes are available.
Congratulations, you’re part of the problem. I bet you think that paying them off is also the most effective way to ensure customer data doesn’t get leaked…
Your assumption is incorrect. IMHO, paying a criminal is a crapshoot at best and I would not recommend doing so.
As implied in my initial posting, preventing a cyberattack requires an array of defenses. Relying on one product or piece of hardware will not be effective.
“Datacenter-to-datacenter mirroring, and backups to things other than tapes are available.”
+1
Rootwrym thinks we still use tapes for backups… what an idiot.
I personally phased out tapes well over a decade ago.
WTF?! I wouldn’t be calling anyone an idiot without checking the mirror first. Don’t try to sound like an expert if you don’t know WTF you’re talking about. Just a sampling below. Tape will still be used long after you’re dead.
https://www.techtarget.com/searchdatabackup/news/366588292/LTO-tape-shipments-set-another-capacity-record
https://www.cloudwards.net/is-tape-storage-relevant-anymore/
https://www.datacenterknowledge.com/hyperscalers/google-turns-to-tape-to-rescue-lost-gmail
https://news.google.com/articles/CBMiaWh0dHBzOi8vd3d3LnRlY2h0YXJnZXQuY29tL3NlYXJjaGRhdGFiYWNrdXAvbmV3cy8zNjY1ODgyOTIvTFRPLXRhcGUtc2hpcG1lbnRzLXNldC1hbm90aGVyLWNhcGFjaXR5LXJlY29yZNIBAA?hl=en-US&gl=US&ceid=US%3Aen
https://news.google.com/articles/CBMiRGh0dHBzOi8vd3d3LmhlbHBuZXRzZWN1cml0eS5jb20vMjAyNC8wMS8xMi9maW5sYW5kLWFraXJhLXJhbnNvbXdhcmUv0gEA?hl=en-US&gl=US&ceid=US%3Aen
https://news.google.com/articles/CBMivgFodHRwczovL3d3dy5pdHByby5jb20vaGFyZHdhcmUvc3RvcmFnZS9tYWduZXRpYy10YXBlLXN0b3JhZ2UtaGFzLWZvdW5kLWEtbmV3LWxlYXNlLW9mLWxpZmUtd2l0aC1hLXJlY29yZC0xNTI5LWV4YWJ5dGVzLXNoaXBwZWQtd29ybGR3aWRlLWluLTIwMjMtYW5kLXRoZS1yaXNlLW9mLWdlbmVyYXRpdmUtYWktaXMtYS1rZXktZmFjdG9y0gEA?hl=en-US&gl=US&ceid=US%3Aen
https://news.google.com/articles/CBMiNWh0dHBzOi8vd3d3LmVldGltZXMuY29tL3RhcGUtc3RvcmFnZS1pcy1oZXJlLXRvLXN0YXkv0gEA?hl=en-US&gl=US&ceid=US%3Aen
https://news.google.com/articles/CBMiwgFodHRwczovL3d3dy5wY2dhbWVyLmNvbS9oYXJkd2FyZS9zdG9yYWdlL2Rlc3BpdGUtYmVpbmctb2xkZXItdGhhbi10aGUtcGMtbWFnbmV0aWMtdGFwZS1zdG9yYWdlLWlzLWZhci1mcm9tLWRlYWQtaW4tZmFjdC1pdHMtZ3Jvd2luZy13aXRoLTE1MzAwMDAwMC10ZXJhYnl0ZXMtb2YtdGhlLWZyYWdpbGUtc3R1ZmYtc2hpcHBlZC1pbi0yMDIzL9IBAA?hl=en-US&gl=US&ceid=US%3Aen
https://news.google.com/articles/CBMidWh0dHBzOi8vd3d3LmZvcmJlcy5jb20vc2l0ZXMvdG9tY291Z2hsaW4vMjAyMy8wOC8yMi9pYm0tYW5ub3VuY2VzLTUwdGItZW50ZXJwcmlzZS1tYWduZXRpYy10YXBlLWRyaXZlLWFuZC1jYXJ0cmlkZ2VzL9IBAA?hl=en-US&gl=US&ceid=US%3Aen
Tape is NOT relevant. The only organizations using tape are ones with old systems or highly bureaucratic organizations where change is difficult (like government).
They represent the less-than-10% of holdouts who are afraid to move or are prevented from moving to more modern solutions for one reason or another
https://www.unitrends.com/blog/one-last-holdouts-8-9-teams-still-using-tape-tech-primary-storage
https://www.networkworld.com/article/965260/why-is-tape-declining-in-the-backup-world.html
And if you need a solution where you can restore data in a TIMELY fashion, tapes are fucking useless.
You might think your stupid little Google search makes you a genius… but you’re not.
Both you and your buddy are know-nothing idiots on this subject.
Yep, that’s why tape is bigger than ever. It’s so cheap and stable, it’s never going away. It’s for long term backup and archiving, not for fast recovery. It’s entirely offline and pretty hard to encrypt. Having only one backup system is fucking idiotic.
Now with respect to our shared idiocy, I never claimed not to be such. In actual fact, I admit to and declare being an idiot multiple times per day. All I said was to check yourself before calling someone else one, but I guess you were too idiotic to grasp that concept. Keep it up, as it really demonstrates your level of critical thinking.
Some say, when you’ve lost the argument, attack the person.
Finally, thank you for calling me a genius. It rarely happens, but I do appreciate it.
Almost got me. lol
Aww, I thought your whiny bitch ass was leaving… what’s the matter, couldn’t find the exit?
Ha!
Buddy, I’m not sure what you expect as a response.
Tell you what, you keep speaking in your absolutes about anything and everything. I genuinely hope it makes your day better and helps out with whatever you have going on. I’m in no position to judge, only empathize.
Maybe take it down a notch.
As a cybersecurity professional, I’ll say this. Ransomware attacks and cyberattacks in general are preventable. To a degree, but they don’t have to be inevitable. And their effects can be mitigated so you aren’t held hostage by cyber criminals.
Trying to get an organization to spend money and resources on good cybersecurity practices, procedures and technology can be very difficult. Security by its very nature is inconvenient and people like things to be convenient and easy. Selling security is like Volvo trying to sell safety in the 70’s. No one wants to think about something bad happening so they ignore and spend money on cooler, shinier things.
However it is entirely possible to plan ahead for bad things happening and be prepared. As an incident responder for my state(I won’t say which for security reasons) I have dealt with over a dozen ransomware incidents in the last 10 months. These occurred at the state, local and educational levels. Some organizations were prepared, others not so much. The impact ranged from being fully crypto-locked, including backups and being forced to rebuild their entire IT infrastructure. That means new servers from scratch builds, new network architecture, re-imaging client machines, everything. Other orgs recovered in less than 48 hours. They had good endpoint defense software, 24 hour monitoring, automatic mitigation enabled, excellent network segmentation to prevent lateral movement and system backups that were isolated from other systems that didn’t share any identities. (BTW backups don’t have to be full backups every time, you can just perform a delta everyday and save storage and reduce backup times)
The TTP’s used by cyber criminals are ever changing. It used to be that post-incident forensics showed threat actors present on networks for months before an attack was executed. Now that lag time has been reduced to days as defenses have gotten better at detecting and preventing ransomeware. It’s a constant game of cat and mouse and only organizations that place cybersecurity as a sold priority 1.1 will prevent this kind of thing regularly. I say 1.1 and not priority 1 as business needs will always come first.
In my experience trying to get the org to spend the money is more difficult than actually locking down the network. Just trying to get the exec to listen to the arguments for spending the money before tuning out and picking up his iPhone is nearly impossible.
Your exec is often your weakest link for social engineering. Isn’t that fun?
^ This. If you have a mitigation strategy and good design you can weather cyber breaches quite well. The challenge is organizations mostly don’t take planning seriously.
This is one of the big things I wish more corner-office people understood. Backup storage is not built for raw speed and if you actually need that it’s going to cost orders of magnitude more.
I unwittingly became the “backup guy” at a previous gig for a medium sized org and my worst times were trying to explain that whatever SLAs they dreamed up over a liquid lunch was not even remotely achievable with the hardware they bought. Sorry, not going to be able restore 500TB VMs/databases in a timely manner from the cheapest spinning rust they could find.
False and incorrect. You clearly have zero clue as to what is involved in data restoration of that level, and even less experience. In other words, you’re talking out of your ass from fantasyland.”
No
It is YOU that has no clue. And I speak as a person with 25+ years of corporate IT experience… which includes using backups to recover data due to an attempted ransomware attack… which we didn’t pay because *I* personally devised a good backup scheme with redundancies that made it very unlikely that we’d ever lose more than a day or two of data.
“Here’s a protip: at the absolute maximum possible throughput, it takes over 9 hours to write 12TB to tape”
Oh btw… here’s a protip for you: Nobody is using tapes anymore. Most have switched away from them well over a decade ago.
I mentioned this on the previous CDK thread, but there’s a growing cybercrime business in paying commission on ransom payments to malicious insiders who facilitated access to network infrastructure.
Either CDK is criminally negligent with its backups (using that term properly – it varies by state, but failing to have backups of some of its records is a violation of a variety of state laws for controlled parts as well as for financial data), or the malicious actors were in there long enough to vet the backup processes and encrypt the backups as well (which could be an architectural failing – there are an alarming number of architects out there, most hailing from yon days of Old School clustering, who believe “failover site” or “replication site” is synonymous with “backup,” which it assuredly is not), or… access was facilitated by an insider.
The best separation-of-duties SOP’s and awareness does no good if you shuffle off 20 bitcoin to the guy running the IdM platform who can grant himself access to the backup app and the production environment and then proceed to generate legit accounts for malicious actors, then destroy said identities (or masq them as service accounts or what-not) when attack is concluded.
The appropriate hardware, software, staff training, and IT personnel are only as secure as the weakest link, which is often a human, and more often than not a human with a leadership title within the organization. Most likely the same exec that cut IT’s budget year over year over year because all of the things you mentioned cost $$$ with no easily apparent ROI.
I guess I should clarify, my sympathy isn’t with the entire CDK organization but more specifically the members of the IT team that have probably been unable to fully relax on weekends and vacations for years worrying about something exactly like this but not given the resources to actually combat it, and now their fears have come true and they’re catching shit for it. How do I know the CDK IT team didn’t have the full resources necessary to prevent or at least minimize the chances of such an attack? Well, because they’ve been attacked.
When every company’s IT department is reduced to just two guys who install a windows image on new company laptops, this is the result.
You can’t put an entire industry’s eggs in a single basket and just hope it’s a strong basket.
The guys who would have been running corporate IT departments ten years ago still exist. Some of them will just switch sides.
Can confirm, our IT dept has been reduced to just me and my sysadmin, we’re the only 2 left for the entire organization.
I am in IT. Our company recently laid off loads of IT people throughout the company. In previous reductions, the remote sites have generally not been touched. This time they outsourced new computer installs to a third party who is supposed to come in and perform the install and deploy them.
We tried it earlier this year with an 18 desktop computer refresh. Complete fustercluck. The person had no AD credentials to add the devices to the OU and no credentials to log into the computer to finish configuration (set up printers, install additional software not part of the image, etc). Plus because they have zero familiarity with the site, they had no idea where any of the users receiving a new computer were located. Since that time, my boss has just had me continue to image any new devices as I have been doing for years.
Our local team was spared due to other applications and automation we support in addition to local support. I’ve sadly seen a lot of people no longer around; the people I knew to call the bypass the helpless desk and get issues resolved quickly.
I always made sure to know the IT guys. After a few calls, I would usually be granted more permissions than I should have had just so I could install a printer or software without having to bother them.
Risky on their side, but I never opened stupid attachments or had the shipping department ready to send out $80k worth of goods to an emailer who “want make purchase goods your store.” We literally had a sales guy who did that, and it almost made it out the door.
“As a global threat, the risk of prosecution, in many cases, is low, allowing rogue operators to organize themselves with staff, structures, and processes comparable to modern-day businesses.”
Looks like I’m in the wrong business.
This shit has been pure business for a lot longer than the rest of the world has learned the word ‘ransomware.’ Risk of prosecution is basically zero if you operate in a friendly country. And it’s a double profit; you collect the ransom, then you sell the data multiple times anyways. The ransom part’s new, but stealing and selling data has been a highly organized, professionally run business for well over a decade.
Heck, ransomware predates cryptocurrencies (though crypto *did* make it tons easier.)
Reminds me, gotta start testing a ransomware remediation plan soon, we don’t have much valuable data or money for paying ransom but Script Kiddie Ivan doesn’t know that.
And here I thought being an alien lizard working for the Deep State was the ultimate evil.