Cyber attack on dark Fibre at Okanagan College

[jason500]

Good on them for not paying the ransom. Don't negotiate with terrorists. Don't give the incentive to do it again.

Lol. And in return, thousands of innocent people have their identity heavily compromised. Passport photos for all international students, banking information for student tutors and staff, emails, literally everything... It's easy to say don't negotiate with terrorists, but there are major, major consequences if you don't. Not like ignoring them just meant nothing bad happened.

[cv23]

It's easy to say don't negotiate with terrorists, but there are major, major consequences if you don't. .

And there are just as many and more major major consequences to paying up in cases like this.
If the ransomee pays there is absolutely no guarantee whatsoever that the ransomer will not demand more money over and over again and still just release the data in the end. This isn't like ransoming an object or a person that if the ransom is paid and the item/person returned its all over. Sure the data could be returned but how many thousands of copies have already been made just waiting for another ransom demand or release just because.
OUC is the one to blame for all this as their lack of security is the reason for the issue in the first place. OUC now believes this may have been an inside job perpetrated by a current or former disgruntled employee and knowing how OUC deals with and treats their employees there a LOTS of potential suspects.

[jason500]

It's easy to say don't negotiate with terrorists, but there are major, major consequences if you don't. .

And there are just as many and more major major consequences to paying up in cases like this.
If the ransomee pays there is absolutely no guarantee whatsoever that the ransomer will not demand more money over and over again and still just release the data in the end. This isn't like ransoming an object or a person that if the ransom is paid and the item/person returned its all over. Sure the data could be returned but how many thousands of copies have already been made just waiting for another ransom demand or release just because.
OUC is the one to blame for all this as their lack of security is the reason for the issue in the first place. OUC now believes this may have been an inside job perpetrated by a current or former disgruntled employee and knowing how OUC deals with and treats their employees there a LOTS of potential suspects.

I'm not sure if you quite understand how it works, but it is essentially a business to these people. If the Ransomer were to ask for more money again after the initial, they would have a reputation that paying the ransom means nothing, and therefore no one would ever pay. The whole gig is based around the fact that paying actually does mean that your data is not sold or leaked. If it wasn't for that, of course, why would anyone pay?

[cv23]

If it wasn't for that, of course, why would anyone pay?

Who has ever paid?

[lensbaby]

If it wasn't for that, of course, why would anyone pay?

Who has ever paid?

Those that do most likely want it kept quiet.
If nobody ever paid, these guys would be n a different line of work.

[spooker]

If it wasn't for that, of course, why would anyone pay?

Who has ever paid?

DuckDuckGo is your friend ...

https://heimdalsecurity.com/blog/ransomware-payouts/

[cv23]

Who has ever paid?

Those that do most likely want it kept quiet.
If nobody ever paid, these guys would be n a different line of work.

Not being in jail doesn’t mean they’re making any $$$ from people paying only that they haven’t been caught , yet.

[cv23]

DuckDuckGo is your friend ...

https://heimdalsecurity.com/blog/ransomware-payouts/

Good find. Thanks!
ONE company did actually pay ransom to keep sensitive data from being made public as in the OUC situation.
Would be interesting to know how many attempts, how much effort made and by how many different hackers it took to find that ONE organization willing to pay?

[watchd0g]

Again, this is in the news today

I am appalled by this delay and can only hope that the highest levels of IT counselled the Executive branch early on to remedy this as well. Giving them the benefit of the doubt as I know I would have, but I equally am not totally surprised at the personal fears of the executive branch that interfered with common sense and worry of liability and their jobs.

@tyler44 did a thorough job early on attempting to insert some sanity for both the oblivious 'Admiralty' of the board and the newbies alike.

To some of the others, there is no evidence of IT lacking and how they breached will never be made public, which further shows responsible leadership in their IT department.

[the truth]

https://www.castanet.net/news/Kelowna/4 ... ber-attack

Update.

is that all these losers are offering credit check, if they have all this personal information on people it is there responsibility to make sure it is 100% safe, if they get hacked, they should be responsible for all the harm and damage done to anyone or everyone lmo

like i said ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

[featfan]

https://www.castanet.net/news/World/435 ... hool-hacks

Wonder if this is happening here also.