I think a lot of companies, don't consider this a big enough risk, or it doesn't come up on there radar, until they get hit, and are in reactive mode, and the ohh crap button has been pushed. I still think that convert attacks are still the preferred method of information leakage and retrieval, just from a hacking prespective, if I can penetrate your systems and siphon off the juicy info I want, without you even knowing, then I can use your data (crown jewels, because its all about the data) to sell to the highest bidder.
Why even go the route of ransonware for the data and let them know its stolen in the first place? Its that like tipping the unsuspecting company, user that something is afoul, especially when they "think" (Notice Think, not Know, or have a clue) that there systems might have been compromised and information could have just gone out there internet pipe without them noticing it. Just my 2 thoughts... Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + [email protected] Phone:401-639-3505 ________________________________ From: Marc Maiffret [mailto:[email protected]] Sent: Thursday, October 29, 2009 8:28 PM To: NT System Admin Issues Subject: Re: Ransomware Another on the list of reasons of why it drives me insane that so many companies still sit around saying the same thing year after year: Why would anyone come after me? I am joe small business in joe small town. I am not wells fargo. I have never had an incident before beyond the normal spyware and such. Questions and comments which are so easily slain as are the servers and workstations of the people whom make them. Two types of people call by company, the ones whom are looking to be proactive and avoid the pain of what a breach can turn into and the ones whom thought like the people above whom now are looking for people to help clean up the mess. -Marc Maiffret www.marcmaiffret.com <http://www.marcmaiffret.com/> On Wed, Oct 28, 2009 at 12:05 PM, Roger Wright <[email protected]> wrote: Spyware, Malware, Scareware, etc.... now we have Ransomware. http://blogs.zdnet.com/security/?p=4748 Roger Wright ___ Sent from Tampa, FL, United States ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
