Ransomware Attackers Get Short Shrift From Zambian Central Bank

Zambia's central bank said it refused to pay ransom to a group known as Hive that was behind a cybersecurity breach that caused minimal damage to its systems. From a report: "All of our core systems are still up and running," Greg Nsofu, information and communications technology director at the Bank of Zambia, told reporters in Lusaka, the capital. "Not much sensitive data has actually been shipped out." Only some test data may have been leaked, he said. "Knowing that we had protected our core systems, it wasn't really necessary for us to even engage" in a ransom conversation, Nsofu said. "So we pretty much told them where to get off." The central bank said May 13 that it had suffered a suspected cyberattack, which disrupted some information technology applications on May 9, including its website and bureau de change monitoring system.

Sad Day . . .

[tgeek]

. . . when an organization properly addresses cybersecurity beforehand, it's "news".

Re:

[Valgrus Thunderaxe]

Journalism in the US is dead. Vice is actually starting to look like some voice of sanity.

Re:

[aaarrrgggh]

I would say it is a great day. Rather than feel helpless when the cyber bullies come for you, you can actually prepare and not be impacted significantly.

Re:

[tgeek]

Don't get me wrong, I'm as happy as I care to be for the Bank of Zambia and it's customers. My point is it's sad that this is the EXCEPTION rather then the rule.

Maybe

[Jason Earl]

Although if I was trying to cover up the theft of all of my customer data I might also publicly announce that the attackers got some test data.

From the article it is clear that they were breached enough so that they experienced some observable downtime. With a good recovery plan getting back online in a hurry probably isn't too onerous a task. That does not mean, of course, that the bad guys didn't get all of the customer data. It's entirely possible that this is just bravado and sensitive customer da

Re:

[arglebargle_xiv]

It's an interesting data point though, confirming that Zambia is better at cybersecurity than most US corporations, or large chunks of the US government.

Well, you find smart people everywhere

[gweihir]

These people obviously have a clue what they are doing and were prepared. Not too hard to do, you just need to see reality and monitor the threat landscape and, you know, be competent.

Re:

[Kokuyo]

Like being competent was easy.

I'm not sure there exist enough competent IT people to protect all IT systems on the planet even if management and finances wasn't a factor.

Re:

[gweihir]

I do agree to that. But that just means we have too many IT systems on the planet and these are too hard to secure. Some companies may have created or at least massively contributed to this situation with their business strategies and the rest was asleep at the wheel and bought the "cheaper" and more "compatible" solutions, never realizing they were a trap. Running IT systems with incompetents is getting exceptionally expensive by now. And in addition, bad treatment and bad career options and lack of respec

Re:

[aaarrrgggh]

True, but when the alternative is simply not trying there is a pretty wide range of responses. Targeted web exploits are one of the few things that really requires extreme measures; most of the other perimeter issues are manageable.

Big deal

[TwistedGreen]

I'd do the same thing is some script kiddies hacked my test server and demand ransom, lol.

Re:

[technothrasher]

I actually had that happen to me. I was running with pretty loose security on a throwaway $2/month VPS I was using to do some testing, and I got a spectacularly menacing notice that a ransomware gang had captured my critical "test123" database and were going to release the sensitive data to the public if I didn't pay them some non-remembered fraction of a bitcoin. Yeah, uh, ok, go ahead and release it.

And then what happened?

[muh_freeze_peach]

How were the affected systems recovered? Did they just pull the plugs and toss them in the bin and buy new ones? Surely if they got on their network they probably got hooks in there somewhere.