Have you listened to our podcast? Listen now

S2 Ep15: City under attack! VPN hacked, floppies nixed

01 Nov 2019 2 Podcast, Ransomware

Episode 15

by Mark Stockley

This week host Anna Brading is joined by Sophos experts Mark Stockley, Greg “Fido” Iddon and Peter Mackenzie.

This week we discuss an attack on the city of Johannesburg that came with a ransom demand and ask “was it ransomware?”; we talk about what the breach at NordVPN means for VPN users; and we reminisce about the ancient floppy disks that, until recently, underpinned the USA’s nuclear deterrent.

Listen below, or wherever you get your podcasts – just search for Naked Security.

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast.

Free tools

Sophos Home

Sophos Home
for Windows and Mac

Hitman Pro

Hitman Pro

Sophos Mobile Security for Android

Sophos Mobile Security
for Android

Virus Removal Tool

Virus Removal Tool

Antivirus for Linux

Antivirus
for Linux

2 comments on “S2 Ep15: City under attack! VPN hacked, floppies nixed”

David says:

November 3, 2019 at 2:01 am

In a case like the city of Johannesburg or any other ransomware, do they not have any antivirus, anti-malware or anti-ransomware software like Intercept X? Or they do have it and it just didn’t work?

Reply
- Paul Ducklin says:
  
  November 3, 2019 at 5:33 pm
  
  The City of Jozi case isn’t ransomware in the traditional meaning of “implanted malware that attacks your system and locks up your files” – so we don’t know how (or even if) the crooks actually got in. The Jo’burg situation is that the crooks want to be paid *not* to do something (pay or we’ll leak the data we claim already to have stolen) rather than being paid to unlock scrambled data. Ironically, in attacks of this sort, which are much less common than file scrambling ransomware, but not a new thing either, if you pay up and nothing leaks you can never quite be sure whether the crooks kept their word, or whether they had nothing in the first place…
  
  When it comes to file-scrambling attacks, it’s impossible to say how the crooks got in in every case. But in many of the cases I’m aware of where the post mortem revealed what probably happened, there was at least some, and often plenty, of advance warning from the security software on the victim’s network (whether Sophos’s or someone else’s, or both) that would have given away that crooks were preparing for something bad.
  
  The problem is that if you don’t react in time, or you ignore warnings for too long, then the crooks are often able to promote themselves to system-widem admins – in other words, they have at least as much power as any sysadmin in your network – so it’s then very hard to stop them reconfiguring your network to make it attackable no matter how secure it was before…
  
  Reply

What do you think? Cancel reply

Recommended reads

Mar12

by Danny Bradbury

0

Firefox 74 offers privacy and security updates

Apr23

by Alice Violet

1

S2 Ep36: Rogue Chrome extensions, Signal fears and Darth Vader – Naked Security podcast

Mar30

by Lisa Vaas

8

Chrome may bring back ‘www’ with option to show full URLs