Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Crime Security The Almighty Buck

Ransomware Hits Three Indian Banks, Causes Millions In Damages (malwarebytes.org) 76

An anonymous reader writes: Ransomware has locked computers in three major Indian banks and one pharmaceutical company. While the ransom note asks for 1 Bitcoin, so many computers have been infected that damages racked up millions of dollars. According to an antivirus company that analyzed the ransomware, it's not even that complex, and seems the work of some amateur Russians.
This discussion has been archived. No new comments can be posted.

Ransomware Hits Three Indian Banks, Causes Millions In Damages

Comments Filter:
  • HAW HAW (Score:4, Funny)

    by Anonymous Coward on Sunday January 24, 2016 @07:06PM (#51363043)
    And now those jackasses will have to call tech support in India and the shit will REALLY hit the fan.
    • by Anonymous Coward

      Considering there are billion dollar high rises right next to slums I could care less.

      • Re: HAW HAW (Score:2, Funny)

        by Anonymous Coward

        Yeah they don't segregate as well as New York and Chicago do.

      • by Anonymous Coward

        Considering there are billion dollar high rises right next to slums I could care less.

        So you care a LOT then? It is 'couldn't care less', dipshit.

        • by tsqr ( 808554 )

          Considering there are billion dollar high rises right next to slums I could care less.

          So you care a LOT then? It is 'couldn't care less', dipshit.

          If you are unfamiliar with the concept of the widely accepted idiom [grammarist.com], it is likely that you are in fact the dipshit here.

      • Considering there are billion dollar high rises right next to slums I could care less.

        Maybe there are billion Rupee high rises. I'm pretty sure building costs and property values have not reached billion (US) dollar level yet.
        And be my guest, go ahead and care less. I'll get the popcorn.

        • Re: HAW HAW (Score:4, Informative)

          by nikkipolya ( 718326 ) on Monday January 25, 2016 @01:21AM (#51363995)

          They have surpassed billion (US) dollar levels. Mumbai is the worlds 9th most costliest city in terms of real-estate prices (http://www.telegraph.co.uk/finance/property/pictures/8892109/In-pictures-The-worlds-20-most-expensive-cities-to-buy-property.html?image=11).

    • by Anonymous Coward

      At least they'll be able to understand them.

      • by Mashiki ( 184564 )

        Oh sweet child how little do you know. My neurologist(here in Canada) these days primarily handles patients from India, and has a secretary that natively speaks Hindi. Even her secretary can't understand them.

        • by Anonymous Coward

          That's not necessarily because she can't understand the others' Hindi. Not everybody in India even speaks Hindi, there being more than 22 constitutionally recognized languages and more than 122 major languages

        • Of course she can't, India has MANY "official" languages. It's why English is sometimes the only common language Indians of different regions speak.

          India could save itself a LOT of trouble by just making English the "One and Only" official language, but they won't do it because of hard feelings about the Colonial period.

      • by Tablizer ( 95088 )

        I've heard it's a status symbol in parts of India to talk fast. There's less pressure on clarity. I found out because I suggested to an H1B co-worker that he try to talk slower. He said he didn't want to because a slower habit would make it harder to find a wife when he got back home to India.

    • Re:HAW HAW (Score:4, Funny)

      by Billly Gates ( 198444 ) on Sunday January 24, 2016 @08:27PM (#51363287) Journal

      Have they tried rebooting their mission critical servers?

    • And now those jackasses will have to call tech support in India

      It was probably them who installed it.

    • Unless they get a call center in Kentucky. Now that would be irony! :)

    • by Anonymous Coward

      Is there any wonder why the likes of Donald Trump has support in the US. Look at these people.

    • A customer feedback vindaloop? https://www.youtube.com/watch?... [youtube.com]
  • Not too shocking (Score:5, Informative)

    by Shoten ( 260439 ) on Sunday January 24, 2016 @07:20PM (#51363085)

    Most of these ransomware packages can traverse laterally within an org; they run in the rights context of the user on the first infected computer and use that to infect other systems, spreading within the local network. So if you don't have your permissions properly set up (having "Domain Users" in the local Administrators group on your desktops as a matter of standard, for example), it's a cakewalk for the malware to hit everyone.

    • Define "properly". Having domain users in the local administrators group can save a small fortune in IT related support costs in many scenarios. It just needs to be weighed against the potential risks.

      I would imagine that the potential risks for randsomware hitting an organisation with proper IT support should be minimal... unless someone isn't doing their backups properly.

      When everyone goes home at night, re-image all PCs, and restore backups. That shouldn't cost $1m.

      • That's exactly how we deal with it when a user is stupid enough to click where they shouldn't. backups really help. also gives IT a chance to have a clear out of some old junk and keep it only in archives.

        In each case the user rights of the offender were the limits of the infection. We did change the rights of the users and imposed stricter program execution policies to prevent further hassle. Also some user training helped them spot what they were about click on.

        these minor attacks really helps our systems

      • by Shoten ( 260439 )

        Define "properly". Having domain users in the local administrators group can save a small fortune in IT related support costs in many scenarios. It just needs to be weighed against the potential risks.

        I would imagine that the potential risks for randsomware hitting an organisation with proper IT support should be minimal... unless someone isn't doing their backups properly.

        When everyone goes home at night, re-image all PCs, and restore backups. That shouldn't cost $1m.

        So...you're a fan of building a whole new PC image every time there's a patch? Not to mention the bandwidth needed to push images to all PCs at the same time, every single night, and be sure that there have been no issues? Let's also keep in mind the fact that desktop configurations in nearly all organizations differ, so you'll have driver concerns for some devices, and one-off applications (especially for the most critical users) on others.

        At first blush, your "re-image all PCs" idea sounds great...but I

        • So...you're a fan of building a whole new PC image every time there's a patch?

          What the hell kind of an operation are you running? No what we do is control the patching at our own schedule and once a quarter update the master image. Get your machine rebuilt just before the new master comes out? Tough get a coffee while it applies updates when you first turn it on.

      • I am not my companies it person we hire that out. That said I have three logins.
        My everyday low rights user information. A higher rights user and full admin access to every server
        This way when a print job gets stuck I can kill it with admin rights of if someone access is screwed up I can force a logout of them which general clears up the issue.

        I only do limited actions and then log out of admin. This saves it daily headaches. While providing security.

        You can do both. You the responsible people a sco

  • That word (Score:5, Insightful)

    by Barny ( 103770 ) on Sunday January 24, 2016 @07:20PM (#51363087) Journal

    "Amateur Russians."

    If they are actually making money from this, then they are firmly in the "professional" bracket.

    • by sjames ( 1099 ) on Sunday January 24, 2016 @07:24PM (#51363101) Homepage Journal

      They are professional malware distributors. Nobody pays them to be Russians :-)

    • Re:That word (Score:5, Insightful)

      by turbidostato ( 878842 ) on Sunday January 24, 2016 @10:02PM (#51363541)

      "Amateur Russians."

      And that means the headline is wrong. It says "Ransomware Hits Three Indian Banks, Causes Millions In Damages" when it should say instead "Incompetence Hits Three Indian Banks, Causes Millions in Damages".

      When some amateurs from a different country can wreak havoc in three different financial institutions the cause is not whatever the amateurs have done but gross incompetence.

    • by Threni ( 635302 )

      Eh? I know a lot of amateurs working in IT. I don't think that word means what you think it means.

  • by iggymanz ( 596061 ) on Sunday January 24, 2016 @07:33PM (#51363135)

    there is a way they can be hunted down and killed. take pictures of the corpses and post them, send the message.

  • Or Native American?

  • What security? (Score:5, Informative)

    by PhunkySchtuff ( 208108 ) <kai&automatica,com,au> on Sunday January 24, 2016 @07:41PM (#51363169) Homepage

    According to the linked article from Malwarebytes [malwarebytes.org]:

    It is different than most of the ransomware present nowadays. Instead of spreading to users and automatically infecting their machines, LeChiffre needs to be run manually on the compromised system. Common scenario of infection is that attackers are automatically scanning network in search of poorly secured Remote Desktops, cracking them, and after logging remotely they manually run an instance of LeChiffre.

    Just how good is their security if something that has to be manually run on each system has completely pwned them?

  • Fake news (Score:5, Insightful)

    by Ajay Anand ( 2838487 ) on Sunday January 24, 2016 @11:27PM (#51363743)
    Fake news just based on word of mouth. Take a look at the original article referenced in the referenced article and you'll know that not a single aspect of the news is verifiable. No company has been named. No people have been named. Just one person's statement has been bloated into a short article.
  • Here is a link to that story, as told by an actual newspaper. http://cio.economictimes.india... [indiatimes.com]

    "ET couldn't confirm the names of the banks and the pharmaceutical company or the total number of computers that were compromised." So it is possible that the whole story is made up.

    "In May last year, two Indian conglomerates had to pay about $5 million each after hackers breached their systems. The hackers, suspected to be operating from the Middle East, threatened to leak information to the Indian government

  • "It is distributed as a typical Windows executable: When we run it what appears is a GUI with labels in Russian:" ref [malwarebytes.org]

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...