If you can't notice malware on your systems for 6 months or that your backups (which you should be validating and test restoring) are no longer readable, then frankly you deserve what you get.
"dwell time" which is the time threat actors breach your system to the time your discover them is around 200 days. It's not a United problem, there are bigger global companies that had the same. But where it seems we've lacked is processes and procedures to detect any threats. It's something in the industry we've seen turning slowly, but companies do not want to put £$£$ into proper cyber security plans. But in the long run it works out well for the likes of me and many others who have to get your hands dirty when companies are breached
I wonder if United has in-house IT, outsourced, or co-managed? I'd imagine it would be in-house for the simple reason of eliminiating an outsourced IT company snooping data or seeing privileged info. Most ransomware is initiated from an email or drive-by attack but if you're in the industry you know MSP's have become a top of the list target. It will be interesting to know whether any other high profile companies have also been infected around the same time. You're spot on about education of the users. The end user is the last line of defense in most networks. The problem with most in-house IT is they don't always have access to the best options for backup etc... without using a partner that would be able to provide something like Datto.,
If true there are either no backups or the threat actors had access to the network or and email account have have a data dump which means they’re threatening to release data if ransom has a not paid.
The bit about not being able to use email does not make sense unless United hosts their own email server which is stupid in this day and age, or the compromised account was a global admin on O365 and they encrypted the email as well. Would not put it past United to skimp out on email backup either.
I mentioned earlier in the post that in 2018/2019 I saw a cyber security analyst/manager role I wanted to apply for, but I cannot remember the details. But I think their security and IT departments are outsourced.
Imagine not having remote secondary backup in 2020.
Is it legal to hack someone without their permission in the UK? I'd be very surprised if that was the case.
100% illegal unless you have given prior written consent. The white/grey hat hackers have permission or utilise a "ethical disclosure/bug hunting" program - where companies openly say try and hack xyz and we'll give you £$£$ if you do. It's mainly tech companies that do this though
So is that story confirmed? I still don’t get the piece about the email, what did they do exactly to not even allow emails to be used?
Critical parts of the operating system would have been targeted, databases, etc. Also think if you own an office and someone breaks in - you can't just start working straight after as the doors maybe broken, windows shattered, cables disrupted, etc. So I presume that's what delaying things, but we have so little information it leads me to believe this is bigger than normal. We have NCSC involed which is the cyber side of GCHQ. They don't do anything for non-government companies but act as a advisory for large and critical incident response situations, so I think we're completely overrun and had to call in governmental advisory.
We won't hear the full outcome from this for a few more months as we've advised ICO that no customer data was breached.
It appears the group that targeted us was RYUK, they've had payouts in the tens of millions and we already know we wouldn't spend 80 on Sancho, so I guess this will be not negotiated after a while and just will be a "start from fresh" approach. As this is occuring around the Transfer Window, I feel this will affect things in Jan.