Jump to content

Ransomware Incidents and frequency - Thailand


Patong2021

Recommended Posts

Today's disclosure  by AXA of the loss of confidential data confirms article in Financial Times 

https://www.ft.com/content/4443da60-6d90-4d27-b300-b0896425f99f

Confirmation of the attack from Axa came after cyber criminals using ransomware called Avaddon said on Saturday that they had hacked the group’s Asia operations and stolen three terabytes of data, in a dark web post seen by the Financial Times. The post said the data were taken from its units in Thailand, the Philippines, Hong Kong and Malaysia, and included customers’ personally identifiable information, medical records and claims, as well as data from hospitals and doctors.

 

 I am not surprised and was anticipating  it would occur in Thailand at some point and had been wondering why there had been nothing acknowledged to date when so many companies in USA and EU were attacked.  AXA disclosed that data processed by Inter Partners Asia (IPA) in Thailand was accessed and that it would notify clients if found they had been affected.  AXA may be largest insurer int he world, but it is victim like anyone else.

 

My question is more of a general nature and not specific to AXA which I mention as illustration;

-Have you ever been subject to ransom attack?

-I backup  documents regularly on different hard drives and follow the recommended safe practice of up to date protection program and mail filters and avoid questionable websites and do not open junk email

What else can we do?

 

What if they take my passport detail, permit number, and other document from hospital? Lucky I do not have embarrassing medical condition but I feel for someone who may have private health issue and could be open for public blackmail. Now it makes me think. What is obligation of company in Thailand to disclose? What is obligation to protect loss of customer information?

 

The prospect of having thieves in Russia or North Korea with my personal information is not comforting.

Link to comment
Share on other sites

I'm very security and privacy conscious. Never been hacked or had such an attack. If I did, they would leave disappointed as I keep absolutely no data, files, contacts, passwords, anything at all, on the two laptops that I use to access the internet. And the cache is cleaned daily.

 

Instead I keep all my data on a PC that is not connected. I do all my work and hobbies offline and of course, don't keep anything in a third party 'cloud'.

Link to comment
Share on other sites

It's almost impossible to 100% protect yourself and/or your company IT.

I had an attack once on two PCs in a company. We disconnected the PCs right away.

Then we installed a recent backup. No problem.

 

The main important thing is that you have a backup of all your data and it is recent and the backup is not constantly connected to your PC. Otherwise the hackers may also encrypt your backup.

 

Does it happen often: I don't think so. But that doesn't mean it can't happen. Be prepared! 

  • Thanks 1
Link to comment
Share on other sites

On 5/17/2021 at 11:24 PM, Liverpool Lou said:

Yes, in a minor way 4 years ago, hackers encrypted all my photos and documents on my laptop and wanted $500 for the key.    I let them keep them.   

That's my strategy too. I have a 1Tb external USB drive. I plug in once a week, use AllSync software, then unplug. I never keep banking apps on my phone either. 

They generally only spend time on high profile people with money and lots of secrets. My secrets are pretty mundane. 

Link to comment
Share on other sites

  • 3 weeks later...
On 5/17/2021 at 11:43 PM, Antonymous said:

Instead I keep all my data on a PC that is not connected. I do all my work and hobbies offline and of course, don't keep anything in a third party 'cloud'.

 

This is good advice to a point. You should have a combination of cold storage and warm backup. By cold storage I mean completely isolated from any network and you rotate in such a way that there is always at least one copy of critical data and systems in cold storage at all times, even during the backup process itself (effectively means you have 2 cold stores). . .

 

. . . and if you don't use Windows and succumb to being a Linux geek, you're close to 100% safe already. This is a fact Windows fanboys seem to hate for some reason.

 

 

 

 

Edited by Led Lolly Yellow Lolly
Link to comment
Share on other sites

On 5/18/2021 at 12:32 AM, OneMoreFarang said:

It's almost impossible to 100% protect yourself and/or your company IT.

 

The problem is click happy humans and Thailand is a very, very soft target. I'll wager a straw poll would show at least 9/10 people use their mobile number as their password. We are blocking a lot of exploits from WITHIN our networks with DNSBLs, this prevents a lot of malware looking up the domain for it's command and control centre. It's pretty effective. Any department not following company IT policy is walled off on their own isolated VLAN and marked as a cesspool, and honestly, that's most departments in our company. By definition, it's any department running Microsoft.

 

 

 

 

 

 

Edited by Led Lolly Yellow Lolly
Link to comment
Share on other sites

I got hit with a ransomware attack last September. (05 September 2020 at around 18.00 PM Thai time). DJVU/STOP variant. All files on one of my computers were encrypted without me knowing at the time (.boop extension). Mainly media files (avi and mp4) and audio (mp3) and jpg and txt files. I don't know how they got in as I was running Windows firewall - real time windows protection was enabled - and I'm very careful about what programs I download and open etc. Anyway the good news is that it is only the first 250 KB of each file that is encrypted (I think that's the correct figure) and there is some free software out there that can recover your media files (mp4 - avi - mp3  etc) if you have good reference files (unencrypted) at your disposal.  (check Disktuna on YouTube - he has some great free stuff)

Edited by bulmercke
Link to comment
Share on other sites

i am a client of AXA. In the last two days I have had two calls, one from a Singapore number and the other from a US number. Both asked for me by name. When I queried where they had got my number, they both said from the Global Economics Forum.

Wanted me to answer some questions. I hung up and blocked  them.

I wonder if this have anything to do with the breach. I am very wary of cold calls and online scams.

 

Tried looking up Global Economic Forum, but couldn't find any info.

  • Like 1
Link to comment
Share on other sites

Malware attacks are not going to correlate to the location of your computer, but to the locations of the websites you connect to plus email connections.

 

There is a simple and free step you can take to increase your protection against malware.  You can change the DNS servers that you use to these two:

 

9.9.9.9

149.112.112.112

 

https://www.quad9.net/

 

This is a free DNS service funded by a consortium led by IBM that blocks connections to known malware sites.  Since there is going to be a lag between the time a new malware site appears and when it is identified and blocked in the Quad Nine DNS server, it is not going to be 100% effective, but using this DNS service will reduce your risk.

 

If you can log in to your router with the admin account, you can change your DNS server there which will then apply to all the devices on your network.  Otherwise, you can change it on each pc, mobile, etc.

 

Specifically to protect against ransomware attacks you should have daily backups of your pcs for some period.   

 

 

Link to comment
Share on other sites

11 minutes ago, cmarshall said:

Malware attacks are not going to correlate to the location of your computer, but to the locations of the websites you connect to plus email connections.

 

There is a simple and free step you can take to increase your protection against malware.  You can change the DNS servers that you use to these two:

 

9.9.9.9

149.112.112.112

 

https://www.quad9.net/

 

This is a free DNS service funded by a consortium led by IBM that blocks connections to known malware sites.  Since there is going to be a lag between the time a new malware site appears and when it is identified and blocked in the Quad Nine DNS server, it is not going to be 100% effective, but using this DNS service will reduce your risk.

 

If you can log in to your router with the admin account, you can change your DNS server there which will then apply to all the devices on your network.  Otherwise, you can change it on each pc, mobile, etc.

 

Specifically to protect against ransomware attacks you should have daily backups of your pcs for some period.   

 

 

And may I add, that the backups should be removed from your network, as a lot of ransomware will search for all the network attached drives, and any locally connected ones, so if you make a local backup, it could get scrambled as well.

 

Actually Windows 10 now allows you to set ransomware protection on your important folders by only permitting specific applications to write into protected folders.

 

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide

Link to comment
Share on other sites

21 minutes ago, tomazbodner said:

And may I add, that the backups should be removed from your network, as a lot of ransomware will search for all the network attached drives, and any locally connected ones, so if you make a local backup, it could get scrambled as well.

 

Actually Windows 10 now allows you to set ransomware protection on your important folders by only permitting specific applications to write into protected folders.

 

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide

 

If you want to get down to specifics, I would never trust any operating system to protect itself against malware since the malware has access to and can attack those very protections which we have seen with some viruses that disable virus protection.  Instead, the safer alternative is to run virtual machines on a host computer that itself never browses websites or receives email.  I run vmware workstation on a linux host from which I never browse the internet.  The important data and software are not in linux, but in a Windows 10 vm running in vmware on the linux host.  Managing a windows installation in a vm is much easier and safer than on bare metal.  Backups are performed cold, i.e. vm is shutdown so that it is just a question of backing up a bunch of linux files.  If the vm were to be attacked it would not have access to the backup files which are not visible to the windows vm itself.  

 

Running Windows in a vm has other benefits such as the ability to take a snapshot before any risky operation such as updating any software in Windows.  Then if the update has problems, reverting back to the former configuration is only a click away, but could also be done via restore from a backup if necessary.  Also, by running vms, you can isolate your sensitive information in a "clean" vm that only connects to trusted sites, such as banks, brokers, and email servers, while using a separate vm for general browsing purposes.

 

But a configuration like this is too complicated for end users without linux and other skills.  

  • Like 1
Link to comment
Share on other sites

1 hour ago, cmarshall said:

 

If you want to get down to specifics, I would never trust any operating system to protect itself against malware since the malware has access to and can attack those very protections which we have seen with some viruses that disable virus protection.  Instead, the safer alternative is to run virtual machines on a host computer that itself never browses websites or receives email.  I run vmware workstation on a linux host from which I never browse the internet.  The important data and software are not in linux, but in a Windows 10 vm running in vmware on the linux host.  Managing a windows installation in a vm is much easier and safer than on bare metal.  Backups are performed cold, i.e. vm is shutdown so that it is just a question of backing up a bunch of linux files.  If the vm were to be attacked it would not have access to the backup files which are not visible to the windows vm itself.  

 

Running Windows in a vm has other benefits such as the ability to take a snapshot before any risky operation such as updating any software in Windows.  Then if the update has problems, reverting back to the former configuration is only a click away, but could also be done via restore from a backup if necessary.  Also, by running vms, you can isolate your sensitive information in a "clean" vm that only connects to trusted sites, such as banks, brokers, and email servers, while using a separate vm for general browsing purposes.

 

But a configuration like this is too complicated for end users without linux and other skills.  

True. You could go far deeper, and nothing is 100% sure. There are also ransomware protection options with antivirus vendors where files get backed up to cloud by the vendor, etc. But I thought that OS built-in feature was simple enough to use, and many users might not know it exists.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...