Support NeoGAF

[Fredescu]

Huh. Looks like a few users at my work got hit by a new version of the Cryptolocker trojan. Fucking idiots.

I think it was from AFP or something, apparently.

I've done 7 Cryptolocker related server restores over the last year or so. Always fun. The original one was kind of obvious, but the new generation one appears to have a dedicated development team targeting Australia. They put together very professional looking emails that catch a lot of people out, and do very concentrated roll out campaigns to get the maximum number of people before any warnings can go out about the particular fake email.

The speeding ticket one was a good one. People's fear about that time that maybe they went too fast past a camera overcame being suspicious about the fact that they have never received a speeding ticket via email before.

 

[Ozzy Onya A2Z]

Who the fuck is opening email on a server?

Or does it infect across the network?

 

[Fredescu]

Who the fuck is opening email on a server?

The virus encrypts any files of common file types it can get write access to, including mapped drives. Have had to restore entire file servers because of it.

 

[Shaneus]

Cheap portable battery thingy at DSE, today only.

I've done 7 Cryptolocker related server restores over the last year or so. Always fun. The original one was kind of obvious, but the new generation one appears to have a dedicated development team targeting Australia. They put together very professional looking emails that catch a lot of people out, and do very concentrated roll out campaigns to get the maximum number of people before any warnings can go out about the particular fake email.

The speeding ticket one was a good one. People's fear about that time that maybe they went too fast past a camera overcame being suspicious about the fact that they have never received a speeding ticket via email before.

Yeah, you have to wonder how the fuck the police would get, let alone use, something as unenforceable as email to distribute anything. Fucking idiots.

 

[Darren870]

Thankfully I have an apple so I am protected from all this!!!

 

[Yagharek]

The virus encrypts any files of common file types it can get write access to, including mapped drives. Have had to restore entire file servers because of it.

Ahh yes, I know of a similar example of this too. Mapped drives are a liability when access to a PC with them is operated by idiots.

Cheap portable battery thingy at DSE, today only.


Yeah, you have to wonder how the fuck the police would get, let alone use, something as unenforceable as email to distribute anything. Fucking idiots.

I don't wonder at all. All it takes is one person who is not competent with computer to open the email before IT sees it.

 

[senahorse]

I've done 7 Cryptolocker related server restores over the last year or so. Always fun. The original one was kind of obvious, but the new generation one appears to have a dedicated development team targeting Australia. They put together very professional looking emails that catch a lot of people out, and do very concentrated roll out campaigns to get the maximum number of people before any warnings can go out about the particular fake email.

The speeding ticket one was a good one. People's fear about that time that maybe they went too fast past a camera overcame being suspicious about the fact that they have never received a speeding ticket via email before.

Our current border IPS (or next-gen firewall for coolness) has successfully stopped some reaching the damaging (encryption) part. We were also hit with it a few times, wreaks havoc when you have network drives in the mix, but that's what backups are for, mostly, some people lost a days work though.

 

[Fredescu]

Thankfully I have an apple so I am protected from all this!!!

Sarcasm?

Ahh yes, I know of a similar example of this too. Mapped drives are a liability when access to a PC with them is operated by idiots.

And in a mature organisation, your network drive permissions can be fairly granular to mitigate the risk. Our customers are mostly smaller companies and disorganised startups, so you tend to get regular users with full access to the one network drive. Keeps me on my toes.

Our current border IPS (or next-gen firewall for coolness) has successfully stopped some reaching the damaging (encryption) part. We were also hit with it a few times, wreaks havoc when you have network drives in the mix, but that's what backups are for, mostly, some people lost a days work though.

How does it stop that? I have to say, all of the above mentioned restores have been successful and the disruption has been minimal. It's a good backup health check, although my heart was in my mouth a couple of times.

 

[senahorse]

How does it stop that? I have to say, all of the above mentioned restores have been successful and the disruption has been minimal. It's a good backup health check, although my heart was in my mouth a couple of times.

Darren's the security expert (maybe he knows more) but according Palo Alto (brand of one of our IPS's) this is where it stops it:

Phase 4 (establish Command and Control):
Before this attack encrypts, it communicates out to a command and control network to send the asymmetric key pair to be used to encrypt the data. This is the only way that the attackers can deliver on their promise of releasing your files once the ransom is paid.
Command and Control traffic (C2) is detected using the Spyware elements of our Threat Prevention. Setting this to block medium, high and critical severity spyware on outbound traffic will isolate this C2 call by CryptoLocker. Without encryption key delivery, the encryption process does not initiate. C2 signatures are part of WildFire’s threat intelligence feedback loop, so new C2 patterns are constantly being updated.

 

[codswallop]

We were hit with that earlier this year, thankfully on an area that was mostly locked down, but we had to restore 20-30GB of data.

...new C2 patterns are constantly being updated...

Sounds like it's still a cat and mouse thing as with anti-virus.

 

[Fredescu]

Sounds like it's still a cat and mouse thing as with anti-virus.

Yeah, I was just typing a question along those lines. If it only works for known keys or known bad external hosts, it's up against the fact that these releases seem like organised campaigns.

 

[Darren870]

Sarcasm?

Always Though, I do have a Mac...

Darren's the security expert (maybe he knows more) but according Palo Alto (brand of one of our IPS's) this is where it stops it:

Yea, I figured it was a Palo Alto Product. However, they aren't really preventing the opening/downloading of the file. What they are doing is preventing the contact to the 3rd party. As you said.

Yeah, I was just typing a question along those lines. If it only works for known keys or known bad external hosts, it's up against the fact that these releases seem like organised campaigns.

Yea, well ideally you update your signatures nightly. This obviously puts you in a good place if these attacks are frequent. You need to be sure that the company releasing the signatures is on the ball. Palo Alto is pretty good with that.

I sat on a presentation about a year ago for a product by FireEye. It looks pretty good and probably would work well for these type of email attacks. My understanding is that it opens email attachments as they come in within a VM. If the email attachment is a virus/malware it kills its delivery. If not then off it goes. At the time it required a bit of user interaction, but I haven't actually used it hands on. It also has the same type of feature that Palo Alto has where it blocks outgoing communication.

I think the issue was the amount of emails it could handle. Looking online its 600k a day, which isn't enough for a big company, but for a small to mid size company it should be plenty. After 600k you need to move to the cloud.

NetworkWorld did a review for their NX series a while back: http://www.networkworld.com/article...--fireeye-fights-off-multi-stage-malware.html
EX Series would probably meet these kind of needs though.

 

[Fredescu]

Yea, well ideally you update your signatures nightly. This obviously puts you in a good place if these attacks are frequent. You need to be sure that the company releasing the signatures is on the ball. Palo Alto is pretty good with that.

Yep, so essentially you're vulnerable on the day of the rollout.

 

[Darren870]

Yep, so essentially you're vulnerable on the day of the rollout.

Yea of course, that's assuming that your vendor even finds them! I mean IPS have been falling behind pretty fast over the years. I would never rely on them for much since 0 Days are the ones that usually sting the most.

I think that FireEye product sounds good, though haven't had a chance to play with it. zscaler too has some good things for internet browsing.

 

[wonzo]

 

[Yagharek]

No.

Fucking.

Way.

 

[endlessflood]

I managed to snag a copy of Project Cars Limited Edition for PS4 today at my local JB but other JBs in the area are sold out. So you might find a local copy still. It's $79 at JB for LE or normal edition.

Also mightyape.com.au are still listing some stock of the PS4 LE.

Yeah my local JB was sold out, but I managed to snag the last LE version at a JB store a bit further away. Having started to play the game I can say that you definitely want to have the extra cars.

 

[reptilescorpio]

Limited Edition for April 1 only?

 

[wonzo]

No.

Fucking.

Way.

Limited Edition for April 1 only?

https://twitter.com/CadburyAU/status/596155604361613314

 

[Ozzy Onya A2Z]

https://twitter.com/CadburyAU/status/596155604361613314

The top two replies on that Cadbury Twitter feed...

 

[shanshan310]

Someone was talking about nice tea earlier, and well I just discovered this:

it's actually amazing. Much nicer than vegemite chocolate sounds (although I'm curious I'll admit). I'm going to be very sad if it's limited.

 

[Shaneus]

I don't wonder at all. All it takes is one person who is not competent with computer to open the email before IT sees it.

It's not an IT thing though, it's just sheer stupidity and/or gullibility. The same people likely don't open the "YOU MAY HAVE ALREADY WON!!11" letters, but are still sucked in by the fact that the AFP are now, for some reason, sending letters about speeding fines to their fucking WORK EMAIL?!?

It's not an IT issue. It's a common fucking sense issue.

 

[industrian]

It seems I miscalculated the amount of medication (warfarin) I needed before I came to Australia. So it looks like I'll need to go to a doctor or hospital here to get a prescription.

Any advice for what places to go in order to get the cheapest deal (I've no idea what's private/government-owned, etc) and stuff? The UK-Australia Reciprocal healthcare agreement won't cover this as it's a pre-existing condition.

 

[Fredescu]

Yea of course, that's assuming that your vendor even finds them! I mean IPS have been falling behind pretty fast over the years. I would never rely on them for much since 0 Days are the ones that usually sting the most.

Thanks, always glad to have someone validate my fear of organised ransomware development houses.

 

[MoonGred]

It's not an IT thing though, it's just sheer stupidity and/or gullibility. The same people likely don't open the "YOU MAY HAVE ALREADY WON!!11" letters, but are still sucked in by the fact that the AFP are now, for some reason, sending letters about speeding fines to their fucking WORK EMAIL?!?

It's not an IT issue. It's a common fucking sense issue.

The government knows everything and used their power to track down the offender's work email to show them they're serious about speeding.

A person asked today if the admin role she applied for uses computers, because she's not very good at them.
Which then got me wondering if there's still a role within an office environment that doesn't utilise a computer, apart from the cleaners.

 

[reptilescorpio]

It seems I miscalculated the amount of medication (warfarin) I needed before I came to Australia. So it looks like I'll need to go to a doctor or hospital here to get a prescription.

Any advice for what places to go in order to get the cheapest deal (I've no idea what's private/government-owned, etc) and stuff? The UK-Australia Reciprocal healthcare agreement won't cover this as it's a pre-existing condition.

Chemist Warehouse is generally the cheapest place to fill prescriptions pretty sure. That won't help you with the doctor though.

I assume bulk billing clinics would have the cheapest standard visit rate? Our clinic charges an arm and a fucking leg but the other 2 places have treated us like shit in the past so we really don't have much choice sadly.

Spoiler

Fuck GP's. I've wasted so much money on inept, useless GP's lately.

 

[MoonGred]

Chemist Warehouse is generally the cheapest place to fill prescriptions pretty sure. That won't help you with the doctor though.

I assume bulk billing clinics would have the cheapest standard visit rate? Our clinic charges an arm and a fucking leg but the other 2 places have treated us like shit in the past so we really don't have much choice sadly.

Spoiler

Fuck GP's. I've wasted so much money on inept, useless GP's lately.

Bulk billing has been completely free for me and I've got one of those blue Medicare cards for foreigners, so you should definitely hit them up.

 

[ClivePwned]

It seems I miscalculated the amount of medication (warfarin) I needed before I came to Australia. So it looks like I'll need to go to a doctor or hospital here to get a prescription.

Any advice for what places to go in order to get the cheapest deal (I've no idea what's private/government-owned, etc) and stuff? The UK-Australia Reciprocal healthcare agreement won't cover this as it's a pre-existing condition.

you could probably get a prescription from a GP providing you can show details, it might be much of a muchness in terms of cost, and probably expensive if you're not able to get pricing from the Pharmaceutical Benefits Scheme. If you have travel insurance, that might help.

If all else fails, rat poison. It worked on Arrow.

 

[bodyboarder]

It seems I miscalculated the amount of medication (warfarin) I needed before I came to Australia. So it looks like I'll need to go to a doctor or hospital here to get a prescription.

Any advice for what places to go in order to get the cheapest deal (I've no idea what's private/government-owned, etc) and stuff? The UK-Australia Reciprocal healthcare agreement won't cover this as it's a pre-existing condition.

Just do a ring around of nearby doctors/medical centres and go with whoever is the cheapest.

 

[Yagharek]

It's not an IT thing though, it's just sheer stupidity and/or gullibility. The same people likely don't open the "YOU MAY HAVE ALREADY WON!!11" letters, but are still sucked in by the fact that the AFP are now, for some reason, sending letters about speeding fines to their fucking WORK EMAIL?!?

It's not an IT issue. It's a common fucking sense issue.

What I mean is that often IT can get these emails before they go through to the general users, but occasionally some slip through the filters where they are at risk of being opened by fools.

I wasn't blaming IT, so re-read the original post again.

 

[Deeku]

Someone was talking about nice tea earlier, and well I just discovered this:

it's actually amazing. Much nicer than vegemite chocolate sounds (although I'm curious I'll admit). I'm going to be very sad if it's limited.

That kinda sounds alright! Seems less boring than the twinings peppermint tea I'm super into these days.

 

[Shaneus]

What I mean is that often IT can get these emails before they go through to the general users, but occasionally some slip through the filters where they are at risk of being opened by fools.

I wasn't blaming IT, so re-read the original post again.

I'm talking about IT knowledge of the end user, not IT the department.

 

[Jintor]

Russian Caravan *folds arms*

 

[Arksy]

Russian Caravan *folds arms*

10/10 would agree again.

 

[evlcookie]

Do I need private health insurance ? Got a letter in the mail about something, since I'm now 31 and have until June 30th to get some insurance.

Seems expensive, less than $100 a month for basic cover. I can't tell if it's worth it or not. Essentially its $1k a year and I don't even think I spend that much on medical bills anyway. So I'm not too sure what the benefit would be.

 

[Omikron]

Do I need private health insurance ? Got a letter in the mail about something, since I'm now 31 and have until June 30th to get some insurance.

Seems expensive, less than $100 a month for basic cover. I can't tell if it's worth it or not. Essentially its $1k a year and I don't even think I spend that much on medical bills anyway. So I'm not too sure what the benefit would be.

If you want a choice in medical care and access to some elective stuff easier. Then sure.

You can take it out anytime waiting out the waiting period. Just if you take it up post 30 it might cost more because reasons.

 

[Stackboy]

I think I might buy that Splatoon bundle at the end of the month, if I end up being sold on it, or the Mario Kart bundle.

 

[Ozzy Onya A2Z]

Do I need private health insurance ? Got a letter in the mail about something, since I'm now 31 and have until June 30th to get some insurance.

Seems expensive, less than $100 a month for basic cover. I can't tell if it's worth it or not. Essentially its $1k a year and I don't even think I spend that much on medical bills anyway. So I'm not too sure what the benefit would be.

From memory the private health levy is income means tested, basically if you're a mid to high income earner you can be up for a maximum of $2K per tax return. You may want to factor that in mate.

 

[reptilescorpio]

Russian Caravan *folds arms*

Bro fist.

 

[evlcookie]

From memory the private health levy is income means tested, basically if you're a mid to high income earner you can be up for a maximum of $2K per tax return. You may want to factor that in mate.

I don't think i'm mid or high haha. I know I earn under $90k which means the govt does something ..

Guess my weekend will be filled with health insurance googling.

 

[senahorse]

Yea of course, that's assuming that your vendor even finds them! I mean IPS have been falling behind pretty fast over the years. I would never rely on them for much since 0 Days are the ones that usually sting the most.

I think that FireEye product sounds good, though haven't had a chance to play with it. zscaler too has some good things for internet browsing.

Yeah we have it more so to to fulfill audit requirements by just taking care of the 98% or so of threats. Used with port based security (firewalls or even router ACLs) in combination with application layer firewalls (e.g. F5 ASM), a rigorous (haha) patching policy and on top of that alerting through your syslog with your [insert your log analysis tool e.g. Splunk] etc it takes care of most common threats and certainly mitigates the risk. However if someone wants in, or wants to do damage they are going to do so, and it will more than likely, happen from within. I am sure you have shaken your head a few times in your work where management has outweighed cost over risk and leaves a certain part of your infrastructure more vulnerable than it should be while over compensating another part.

 

[Darren870]

Basically my understanding (as a non Australian who has to have medical insurance for my visa) is that if you make over $88K as a Single or $176k as a family you don't have to pay the levy which can range up to 1.5%

Example: If you made $103k you would have to pay 1.25% or $1287.50 in tax for not having private health care

My understanding is that last year the government made some changes that meant if you were over 30 you had to start paying a loading fee of 2% for each year you DIDN'T have health insurance.

Example: My premium is $100 at 29. If I decided to wait till I was 35 then my monthly premium is now $110. I now an losing $120 a year cause I waited.

The problem is getting a mix and match of the levy and the loading fee. So if you were 30 for example and making under $88k, but knew you were going to get a raise next year (at 31) that put you over $90k it probably be wise to get health insurance. Otherwise you will be paying $900 for the levy and then 2% more in premium at 31.

You kinda have to see where you think you are going to be in the future. Also health insurance should only cost you like $60 a month, so instantly its cheaper then the levy.

Sometimes I think I should be a financial adviser.... (I'm not so I might be a bit wrong)

Sources:
https://www.ato.gov.au/Individuals/Medicare-levy/Medicare-levy-surcharge/
http://www.privatehealth.gov.au/healthinsurance/incentivessurcharges/lifetimehealthcover.htm


Edit: Also your government offers a great tool to compare policies. Use this instead of gocompare, icompare or any of that crap. They only present the polices they get a commission on selling, not the complete picture.

http://www.privatehealth.gov.au/dynamic/compare.aspx

 

[reptilescorpio]

My understanding is that last year the government made some changes that meant if you were over 30 you had to start paying a loading fee of 2% for each year you DIDN'T have health insurance.

Well that sure sucks if you don't start earning big bucks before you get older then

I would have been better off sticking with 40k a year :/

 

[Rlan]

What? Super secret sudden release of game? Also for kids! And developed by Halfbrick And Krome Studios!

The world-famous fun of Fruit Ninja meets the very best in educational apps in Fruit Ninja Academy: Math Master! This is the perfect learning companion for ages 4 – 7!

Join the Fruit Ninjas in an exciting adventure through jungles, temples and ancient ruins! The curious (and hungry) pig Truffles finds himself in a sticky situation, so Katsuro and his friends must journey to find the Lost Tablets of Fruitasia to rescue him.

Different game modes test addition, subtraction, multiplication, sequences and shapes in an exciting combination of learning and exciting Fruit Ninja action. Each game is graded and encourages players to perfect their math skills to achieve a flawless result.

Meet fun new characters, watch an exciting comic book-style story, and journey across Fruitasia collecting stickers for an awesome interactive scene-maker.

Fruit Ninja Academy: Math Master is the ideal choice for parents and teachers to keep kids engaged as they enjoy the fun characters and exciting gameplay they know and love!

You can grab it right now for $4.99.. Kids safe - no analytics, no IAP.

 

[ClivePwned]

What? Super secret sudden release of game? Also for kids! And developed by Halfbrick And Krome Studios!

about damn time.

 

[Darren870]

Yeah we have it more so to to fulfill audit requirements by just taking care of the 98% or so of threats. Used with port based security (firewalls or even router ACLs) in combination with application layer firewalls (e.g. F5 ASM), a rigorous (haha) patching policy and on top of that alerting through your syslog with your [insert your log analysis tool e.g. Splunk] etc it takes care of most common threats and certainly mitigates the risk. However if someone wants in, or wants to do damage they are going to do so, and it will more than likely, happen from within. I am sure you have shaken your head a few times in your work where management has outweighed cost over risk and leaves a certain part of your infrastructure more vulnerable than it should be while over compensating another part.

Yea, I mean I would never say its not worth having one, its just like you said. If someone wants in, they will get in.

Auditors just have a stupid checklist and make sure that if you have it then that box is ticked. Every now and then you get one that "read something" and they check for that. I had one that did that a few years back when I was living in the UK. He kept going on and on about vulnerabilities that weren't even relevant since the early 2000's. No wonder he got sac'd!

Yea, I've shaken my head one too many times....constantly shaking it seems...

Well that sure sucks if you don't start earning big bucks before you get older then

I would have been better off sticking with 40k a year :/

Don't worry! The cap loading fee is 70%% ... Errr Yea
Ideally you really want to find out that balance. If you think you will ever make over 90K then you probably should get health insurance. Reason is that you want to reduce that levy. If you get it now or if you get it later then it shouldn't really matter too much. I did a long term example if you got it at 30, or if you waited till 40 and it made more sense to wait. I would post it but it pretty much is in favor of waiting until you get to like 80 and it would have made more sense to take it out at 30.

However, it depends on how big that gap is. Also if you wait you insurance company might charge you higher then what they did had you gotten it 10 yrs ago and just had the slight yearly increase.

Way to many factors really. That levy will also increase too, I wouldn't be surprised.

 

[reptilescorpio]

Yo Rlan is that on Android too? Because if you you've got yourself a sale!

Don't worry! The cap loading fee is 70%% ... Errr Yea
Ideally you really want to find out that balance. If you think you will ever make over 90K then you probably should get health insurance. Reason is that you want to reduce that levy. If you get it now or if you get it later then it shouldn't really matter too much. I did a long term example if you got it at 30, or if you waited till 40 and it made more sense to wait. I would post it but it pretty much is in favor of waiting until you get to like 80 and it would have made more sense to take it out at 30.

However, it depends on how big that gap is. Also if you wait you insurance company might charge you higher then what they did had you gotten it 10 yrs ago and just had the slight yearly increase.

Way to many factors really. That levy will also increase too, I wouldn't be surprised.

Soooo basically I should sell drugs. Seems the simplest solution.

 

[Darren870]

Yo Rlan is that on Android too? Because if you you've got yourself a sale!

Soooo basically I should sell drugs. Seems the simplest solution.

Pretty much, just keep it within the country and you should be good!!

 

[quabba]

Pretty much, just keep it within the country and you should be good!!

That's my understanding of private health too. we ended up getting it because my partner is an RN and didn't want to go to the public system, and I go to a physio for my shoulders and neck so we make decent use of the extras, maybe one day we will hit that income threshold (I doubt it).

 

[legend166]

I'm thinking of dropping my private health insurance. I only use it to claim back on contact lenses. But I wouldn't be spending $1100 a year on contact lenses. I'll probably pick it up again when I'm 30 (so in four years) if I can afford it.