Fwd: Re: Hi Jake, it's me Ceci

[Jake Ross]

Does this sound legit? I should've started at $250/hour and dropped down to  $200/hr. 

---------- Forwarded message ----------
From: "Cecilia Adams" <ceci...@hagadoneprinting.com>
Date: Dec 22, 2016 7:26 AM
Subject: Re: Hi Jake, it's me Ceci
To: "Jake Ross" <ja...@cakesecurity.com>
Cc:

Thank you Jake for this valuable information. The hacker has email from "india" but that could be a hoax too.

I have forwarded your email to the President and Controller yesterday. I will let you know what they decide.

Merry Christmas,

Ceci

Cecilia M. Adams
AR/Credit & Collections
Hagadone Printing Company

274 Pu’uhale Road

Honolulu, HI 96819
Off:  (808) 852-6322
Fax: (808) 841-0094

Email: ceci...@hagadoneprinting.com

www.hagadoneprinting.com

CONFIDENTIALITY NOTICE: This e-mail may contain confidential information. Do not read this e-mail if you are not the intended recipient. If you have received this transmission in error, please notify us immediately by replying to the e-mail or by telephone at (808) 847-5310 and destroy the original transmission and any attachments without reading or saving the transmission in any manner. Thank you.

On Wed, Dec 21, 2016 at 3:07 PM, Jake Ross <ja...@cakesecurity.com> wrote:

Ceci, 

I'll preface this conversation with the fact that I do not know anything specific to your case. Everything below is generalized based on my experiences. The playbook is generally the same but not every criminal follows it line by line. 

The objective of ransomware to spam a bunch of people with the hopes that someone will click on a link to allow them access. They gain access by exploiting a vulnerability. Vulnerabilities are fixed every day with patches we don't always get to them in a timely manner. Once they get access they encrypt files that you may need. If you pay the $100k, they will give you they key to decrypt your files.

1. Determine the scope- How many machines are affected? Did other users get the same email? Did anyone else open it? 

2. Identify the ransomware type- Ransomware is based off of math. Good guys can reverse engineer the encrypted files and make a decryption key of their own. Upload the encrypted files to find out. If a key is available use it to get your stuff back. 

https://www.nomoreransom.org/crypto-sheriff.php

3. Restore from backup- If you have good backups, restore them to clean machine and call it a day. 

4. Report it- No one knows the real numbers of ransomware attacks because not everyone reports it. Typically its publicly traded companies that don't want to reduce shareholder confidence and see prices drop. I would encourage your company to report it. https://www.ic3.gov/media/2016/160915.aspx

5. Wipe the machine- Assume the bad guys have done other things to the machine. Securely wipe the machine and reload it. 

6. Post Mortem- Talk about this incident and how it could have been prevented. Talk to your users and make sure everyone understands. 

Check out the blog post for more information. http://blog.cyberhui.org/2016/08/tech-tip-tuesday-no-more-ransom.html

I hope this helps. Let me know if you need anything else. 

Good Luck, 

Jake

 

On Wed, Dec 21, 2016 at 1:51 PM, Cecilia Adams <ceci...@hagadoneprinting.com> wrote:

Thanks for your advice. Please send me a list of things to do so I can pass it on to our President and Controller.

Ceci

Cecilia M. Adams
AR/Credit & Collections
Hagadone Printing Company

274 Pu’uhale Road

Honolulu, HI 96819
Off:  (808) 852-6322
Fax: (808) 841-0094

Email: ceci...@hagadoneprinting.com

www.hagadoneprinting.com

CONFIDENTIALITY NOTICE: This e-mail may contain confidential information. Do not read this e-mail if you are not the intended recipient. If you have received this transmission in error, please notify us immediately by replying to the e-mail or by telephone at (808) 847-5310 and destroy the original transmission and any attachments without reading or saving the transmission in any manner. Thank you.

[Derek Watkins]

Sounds legit to me. 

Sent from my iPhone. Please excuse typos and brevity.

--
You received this message because you are subscribed to the Google Groups "xCND" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xcnd+uns...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Derek Watkins]

This may be helpful to pass along to leadership as well.

https://www.us-cert.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_Document-FINAL.pdf

Sent from my iPhone. Please excuse typos and brevity.

On Dec 22, 2016, at 8:50 AM, Jake Ross <jake...@gmail.com> wrote:

[Joseph Petrocelli]

Looks good. Who'd you get to write the email?

[Jake Ross]

A former coworker from referentia asked for help at her new job. In hindsight I should've made more general statements and pushed for the paid gig. I was worried about liability but I think I can write up bs contract to remove some risk.

To unsubscribe from this group and stop receiving emails from it, send an email to xcnd+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "xCND" group.

To unsubscribe from this group and stop receiving emails from it, send an email to xcnd+unsubscribe@googlegroups.com.