Cyber attack

UmbroDays

Full Member
Joined
Aug 12, 2019
Messages
738
If a business doesnt create backups every day they are pretty stupid. Its automated.. You dont really have to do much.. Just switch to the backup. lose a days worth of work.
This isn’t always true if backups are on site.

Ransomware purposefully hunts for backups in order to delete them to hinder the restoration process. Volume Shadow Copies (VSS) is what it will hunt for on most machines.

It will then worm through the network to hunt for shares where the backups could also be (SANs, NAS, etc) and encrypts them.

The best way to beat ransomware is to be prepared for it, primarily be beachhead defended (first stage) and user training. Somewhere someone click a link or opened an attachment.

If you want to know how modern agressive ransomware works, take a look at NotPetya, which crippled a tonne of systems worldwide: The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED

Also, this attack against us is probably RYUK, which is described here: A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak (redcanary.com)

Bitdefender has ransomware protection. It scans and copies all the files so if overwritten it will restore them. Surely there is something out there the equivalent for servers after all these years
Ransomware is clever! It searches artefacts of the operating system to identify what anti-virus programs are running and disables them.

This is my day job (hunting, defending and remediation) and the biggest and best get hit. Some also pay the ransom, some/most pay a percentage. There are negotiators that the Big 4 (Deloitte, PWC, KPMG, EY) and other Incident Response (IR) companies have, so you deal with them as a middle man and never talk to the ransomware operators.
 
Last edited:

slyadams

Full Member
Joined
Sep 20, 2012
Messages
2,189
They simply infect and let it sit there for months, then your backups are all infected and they can get back in to your systems easily.
If you can't notice malware on your systems for 6 months or that your backups (which you should be validating and test restoring) are no longer readable, then frankly you deserve what you get.
 
Joined
Feb 12, 2018
Messages
19,776
Why are we negotiating with terrorists? This club kills me i swear :lol:

 
Last edited:

Woodzy

Full Member
Joined
Sep 10, 2004
Messages
14,697
Location
Cardiff
Imagine all the transfer offers for Phil Jones we've missed by not having e-mails for a couple of weeks.
 

Brophs

The One and Only
Joined
Nov 28, 2006
Messages
50,275
Curious as to what information they hacked? What could be so important to the club, that they pay up?
The same nudes of Ed that Phil Jones used to blackmail him into his last contract?
 

red thru&thru

Full Member
Joined
Mar 2, 2004
Messages
7,657
Is it too hopeful that Ed could lose his job because of this?

Someone definitely will be, I'm just hoping it would be him.
 

peridigm

Full Member
Joined
Dec 3, 2011
Messages
13,780
This isn’t always true if backups are on site.

Ransomware purposefully hunts for backups in order to delete them to hinder the restoration process. Volume Shadow Copies (VSS) is what it will hunt for on most machines.

It will then worm through the network to hunt for shares where the backups could also be (SANs, NAS, etc) and encrypts them.

The best way to beat ransomware is to be prepared for it, primarily be beachhead defended (first stage) and user training. Somewhere someone click a link or opened an attachment.

If you want to know how modern agressive ransomware works, take a look at NotPetya, which crippled a tonne of systems worldwide: The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED

Also, this attack against us is probably RYUK, which is described here: A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak (redcanary.com)



Ransomware is clever! It searches artefacts of the operating system to identify what anti-virus programs are running and disables them.

This is my day job (hunting, defending and remediation) and the biggest and best get hit. Some also pay the ransom, some/most pay a percentage. There are negotiators that the Big 4 (Deloitte, PWC, KPMG, EY) and other Incident Response (IR) companies have, so you deal with them as a middle man and never talk to the ransomware operators.
I wonder if United has in-house IT, outsourced, or co-managed? I'd imagine it would be in-house for the simple reason of eliminiating an outsourced IT company snooping data or seeing privileged info. Most ransomware is initiated from an email or drive-by attack but if you're in the industry you know MSP's have become a top of the list target. It will be interesting to know whether any other high profile companies have also been infected around the same time. You're spot on about education of the users. The end user is the last line of defense in most networks. The problem with most in-house IT is they don't always have access to the best options for backup etc... without using a partner that would be able to provide something like Datto.,
Why are we negotiating with terrorists? This club kills me i swear :lol:

If true there are either no backups or the threat actors had access to the network or and email account have have a data dump which means they’re threatening to release data if ransom has a not paid.

The bit about not being able to use email does not make sense unless United hosts their own email server which is stupid in this day and age, or the compromised account was a global admin on O365 and they encrypted the email as well. Would not put it past United to skimp out on email backup either.
 

Crustanoid

New Member
Joined
Feb 14, 2008
Messages
18,511
I wonder if United has in-house IT, outsourced, or co-managed?
All evidence points to Ed Woodward.

He wants to be in control of everything, hence no DOF, even though he knows the square root of feck all about football he insists on keeping control of all things football, lest it bruise his ego relinquishing any control to someone else who might upstage him, by knowing more.

Clearly, he’s been advised to get in someone to oversee the information systems and panicked about the fact someone else might make him look bad by doing their job probably. So he made himself Head of MUFC IT department. And this is the result
 

Sandikan

aka sex on the beach
Joined
Mar 14, 2011
Messages
52,710
Why are we negotiating with terrorists? This club kills me i swear :lol:

Imagine an "expert" telling you that.

"Yeah you're screwed. Just pay them whatever they want mate".
Beyond belief
 

Bastian

Full Member
Joined
Jul 16, 2015
Messages
18,444
Supports
Mejbri
Only this summer we were adamant we were not going to be held to ransom..
 

Hugh Jass

Shave Dass
Joined
Apr 16, 2016
Messages
11,244
Seriously though, what could a major football club have that they dont want released?
 
Last edited:

Brophs

The One and Only
Joined
Nov 28, 2006
Messages
50,275
I’m starting to think we should have sold Madrid that virus.
 

Sandikan

aka sex on the beach
Joined
Mar 14, 2011
Messages
52,710
Seriously though, what could a major football club have that they dont want released?
50,000 season ticket holders addresses, names and bank account details?
Many more One United members?

Every single element of our income and outgoings?

Would you ask the same question for another business? If not why would you ask it for a business that masquerades as a sport team?
 

King_Cantona07

New Member
Newbie
Joined
Jun 6, 2014
Messages
503
Location
London
I wonder if United has in-house IT, outsourced, or co-managed? I'd imagine it would be in-house for the simple reason of eliminiating an outsourced IT company snooping data or seeing privileged info. Most ransomware is initiated from an email or drive-by attack but if you're in the industry you know MSP's have become a top of the list target. It will be interesting to know whether any other high profile companies have also been infected around the same time. You're spot on about education of the users. The end user is the last line of defense in most networks. The problem with most in-house IT is they don't always have access to the best options for backup etc... without using a partner that would be able to provide something like Datto.,

If true there are either no backups or the threat actors had access to the network or and email account have have a data dump which means they’re threatening to release data if ransom has a not paid.

The bit about not being able to use email does not make sense unless United hosts their own email server which is stupid in this day and age, or the compromised account was a global admin on O365 and they encrypted the email as well. Would not put it past United to skimp out on email backup either.
Hcl manages IT for united seeing from app
 
Joined
Jun 26, 2014
Messages
21,604
Location
Behind the right goal post as "Whiteside shoots!"
Why are we negotiating with terrorists? This club kills me i swear :lol:

It may be but we know the media/social media love anything United as they can throw our name into a story and speculate, most of the time wildly. "United allegedly interested in buying xxxxxx", "United owners considering taking £xxm extra out of the business", etc.

We sell stories.

This is a United fan Twitter account quoting Times who say an expert told them something.

 

Hugh Jass

Shave Dass
Joined
Apr 16, 2016
Messages
11,244
50,000 season ticket holders addresses, names and bank account details?
Many more One United members?

Every single element of our income and outgoings?

Would you ask the same question for another business? If not why would you ask it for a business that masquerades as a sport team?
Oh right. Never thought of that. I was thinking of the footballers.
 

Sandikan

aka sex on the beach
Joined
Mar 14, 2011
Messages
52,710
Oh right. Never thought of that. I was thinking of the footballers.
If you've worked for any company or bought goods off anyone online this last year or 2 you'll know GDPR is an absolutely huge issue.
A massive breach of personal data of fans would be a disaster.

However there are stories where United deny it's much of a thing! But they would say that.
But then the media would try and hype it up as a disaster. So who knows where the truth is.
 

crossy1686

career ending
Joined
Jun 5, 2010
Messages
31,486
Location
Manchester/Stockholm
Why are we negotiating with terrorists? This club kills me i swear :lol:

Not really, this is how hackers operate. There are generally two schools of hackers, white hat and black hat.

White hat hackers will hack your website, do something none malicious and then contact you, letting you know your security has been breached, how they got in, and sometimes how to fix it. They do this as a hobby and for the chance of a reward, which the company is happy to pay out in most cases. Perfectly legal.

Black hat hackers hack your website and hold you ransom for a fee they decide is acceptable. Obviously illegal. Once they're in, there isn't much you can do about it. Pay them or give up and start again with something else. There's a good chance the emails and stuff will get leaked at a later date anyway as there's more money to be made in the press.
 

crossy1686

career ending
Joined
Jun 5, 2010
Messages
31,486
Location
Manchester/Stockholm
We’re currently preparing an offer. Probably the cyber criminals will get bored and give it us back for free.
I can see it now, Ed Woodward heading down to his local off licence: "Can I have £1m worth of iTunes vouchers, please? Yeah, they're for my nan...Christmas present..."
 

sourdough satellite

New Member
Newbie
Joined
Nov 6, 2019
Messages
212
This isn’t always true if backups are on site.
Imagine not having remote secondary backup in 2020.

White hat hackers will hack your website, do something none malicious and then contact you, letting you know your security has been breached, how they got in, and sometimes how to fix it. They do this as a hobby and for the chance of a reward, which the company is happy to pay out in most cases. Perfectly legal.
Is it legal to hack someone without their permission in the UK? I'd be very surprised if that was the case.