[GCARC] ARRL Ransomware Attack Bulletin (background info)
Vinnie Sallustio
yankees_1996 at hotmail.com
Fri Aug 23 14:12:50 EDT 2024
Yeah, but then their premiums will shoot through the roof.
Vinnie Sallustio
Sent via the Samsung Galaxy S23
________________________________
From: W3AB <w3ab at yahoo.com>
Sent: Friday, August 23, 2024 11:20:24 AM
To: Vinnie Sallustio <yankees_1996 at hotmail.com>
Cc: Joseph Dinovi <wa2gfk_jd at verizon.net>; Agustin Neron Properties LLC <ab2e at comcast.net>; Tony Starr <tstarr1450 at gmail.com>; gcarc at mailman.qth.net <gcarc at mailman.qth.net>
Subject: Re: [GCARC] ARRL Ransomware Attack Bulletin (background info)
I believe they stated that insurance will pay, not the membership.
___
Sent from my two-way wrist watch
73 de W3AB/George
On Aug 23, 2024, at 05:56, Vinnie Sallustio <yankees_1996 at hotmail.com<mailto:yankees_1996 at hotmail.com>> wrote:
They are going to pass off the cost onto members.
Vinnie Sallustio
Sent via the Samsung Galaxy S23
________________________________
From: gcarc-bounces at mailman.qth.net <gcarc-bounces at mailman.qth.net> on behalf of Joseph Dinovi via GCARC <gcarc at mailman.qth.net>
Sent: Thursday, August 22, 2024 8:21:52 PM
To: Agustin Neron Properties LLC <ab2e at comcast.net>; Tony Starr <tstarr1450 at gmail.com>
Cc: gcarc at mailman.qth.net <gcarc at mailman.qth.net>
Subject: Re: [GCARC] ARRL Ransomware Attack Bulletin (background info)
Agreed. how can they not be caught in this day and age?
On Thursday, August 22, 2024 at 07:16:01 PM EDT, Tony Starr <tstarr1450 at gmail.com> wrote:
I am astonished that they would even consider paying such a ransome,
especially if "their ransom demands were dramatically weakened by the fact
that they did not have access to any compromising data." Something does not
make sense about that. That the league was even targeted in the first place
makes no sense. It's not like they are a high value target. But I guess
they are, if they paid the damn thing. One thing is for sure, if I was in
charge I would have paid them not one thin dime, on principle alone. In
fact, even if they did have "compromising data", I would have still given
them a hearty GFYS message, just because they deserved no more. But I
guess that's why I am not a CEO. OPM I guess. 73 for now.
de K3TS
On Thu, Aug 22, 2024 at 1:26 PM Agustin Neron Properties LLC via GCARC <
gcarc at mailman.qth.net> wrote:
Thanks Dennis,
Luckily the paid $1 million ransom was covered by insurance!
But imagine....paying that out to these criminals!
4 years ago I got hit with a ransomware attack. Still don't know how it
got me, perhaps a website I accidentally clicked on planted the ransomware
(even though I have 2 well-known programs to prevent that).
Anyway, I didn't pay it, since I had a recent backup.
I did destroy the infected hard drive and took the opportunity to upgrade
to a new SSD drive at the time.
Still going strong!
73 Darrell AB2E
On 08/22/2024 1:16 PM EDT ddole1 at aol.com <ddole1 at aol.com> wrote:
Darrel,
Thanks for sharing. It's an amazing story. it's also probabaly more than
about time the league had an IT Committee reporting to the Board.
Dennis
K2SE
On Wednesday, August 21, 2024 at 06:10:15 PM EDT, Agustin Neron
Properties LLC via GCARC <gcarc at mailman.qth.net> wrote:
Hi all,
from ARRL
73
Darrell AB2E
"
ARRL IT Security Incident - Report to Members
Sometime in early May 2024, ARRL’s systems network was compromised by
threat actors (TAs) using information they had purchased on the dark web.
The TAs accessed headquarters on-site systems and most cloud-based systems.
They used a wide variety of payloads affecting everything from desktops and
laptops to Windows-based and Linux-based servers. Despite the wide variety
of target configurations, the TAs seemed to have a payload that would host
and execute encryption or deletion of network-based IT assets, as well as
launch demands for a ransom payment, for every system.
This serious incident was an act of organized crime. The highly
coordinated and executed attack took place during the early morning hours
of May 15. That morning, as staff arrived, it was immediately apparent that
ARRL had become the victim of an extensive and sophisticated ransomware
attack. The FBI categorized the attack as “unique” as they had not seen
this level of sophistication among the many other attacks, they have
experience with. Within 3 hours a crisis management team had been
constructed of ARRL management, an outside vendor with extensive resources
and experience in the ransomware recovery space, attorneys experienced with
managing the legal aspects of the attack including interfacing with the
authorities, and our insurance carrier. The authorities were contacted
immediately as was the ARRL President.
The ransom demands by the TAs, in exchange for access to their
decryption tools, were exorbitant. It was clear they didn’t know, and
didn’t care, that they had attacked a small 501(c)(3) organization with
limited resources. Their ransom demands were dramatically weakened by the
fact that they did not have access to any compromising data. It was also
clear that they believed ARRL had extensive insurance coverage that would
cover a multi-million-dollar ransom payment. After days of tense
negotiation and brinkmanship, ARRL agreed to pay a $1 million ransom. That
payment, along with the cost of restoration, has been largely covered by
our insurance policy.
From the start of the incident, the ARRL board met weekly using a
continuing special board meeting for full progress reports and to offer
assistance. In the first few meetings there were significant details to
cover, and the board was thoughtfully engaged, asked important questions,
and was fully supportive of the team at HQ to keep the restoration efforts
moving. Member updates were posted to a single page on the website and were
posted across the internet in many forums and groups. ARRL worked closely
with professionals deeply experienced in ransomware matters on every post.
It is important to understand that the TAs had ARRL under a magnifying
glass while we were negotiating. Based on the expert advice we were being
given, we could not publicly communicate anything informative, useful, or
potentially antagonistic to the TAs during this time frame.
Today, most systems have been restored or are waiting for interfaces to
come back online to interconnect them. While we have been in restoration
mode, we have also been working to simplify the infrastructure to the
extent possible. We anticipate that it may take another month or two to
complete restoration under the new infrastructure guidelines and new
standards.
Most ARRL member benefits remained operational during the attack. One
that wasn’t was Logbook of The World (LoTW), which is one of our most
popular member benefits. LoTW data was not impacted by the attack and once
the environment was ready to again permit public access to ARRL
network-based servers, we returned LoTW into service. The fact that LoTW
took less than 4 days to get through a backlog that at times exceeded over
60,000 logs was outstanding.
The board at the ARRL Second Board Meeting in July voted to approve a
new committee, the Information Technology Advisory Committee. This will be
comprised of ARRL staff, board members with demonstrated experience in IT,
and additional members from the IT industry who are currently employed as
subject matter experts in a few areas. They will help analyze and advise on
future steps to take with ARRL IT within the financial means available to
the organization.
We thank you for your patience as we navigated our way through this. The
emails of moral support and offers of IT expertise were well received by
the team. Although we are not entirely out of the woods yet and are still
working to restore minor servers that serve internal needs (such as various
email services like bulk mail and some internal reflectors), we are happy
with the progress that has been made and for the incredible dedication of
staff and consultants who continue to work together to bring this incident
to a successful conclusion.
Copyright © 2024 American Radio Relay League, Incorporated. Use and
distribution of this publication, or any portion thereof, is permitted for
non-commercial or educational purposes, with attribution. All other
purposes require written permission.
________________________________
GCARC mailing list
Home: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.qth.net%2Fmailman%2Flistinfo%2Fgcarc&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364599350%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=e2L5dGv2p%2BdTeo54ZNE0rZRdC9ITDFI8qS0asHwuTkQ%3D&reserved=0<http://mailman.qth.net/mailman/listinfo/gcarc<http://mailman.qth.net/mailman/listinfo/gcarc>>
Help: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.qth.net%2Fmmfaq.htm&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364608722%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=DFvaZVc2lfs3ujQ2dFBmwaAtpPaaavjG9gSKSEeV0GI%3D&reserved=0<http://mailman.qth.net/mmfaq.htm<http://mailman.qth.net/mmfaq.htm>>
Post: mailto:GCARC at mailman.qth.net
This list hosted by: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.qsl.net%2F&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364612162%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=YUDwyCOkdoJv1xxuKJFFGxKr9sja3MridHvLi3S2O5o%3D&reserved=0<http://www.qsl.net<http://www.qsl.net/>/>
Please help support this email list: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.qsl.net%2Fdonate.html&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364615327%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=dxLWkkrNisqrA9h2rtNCI5eTvXoj2uecTv90dxEwQFo%3D&reserved=0<http://www.qsl.net/donate.html<http://www.qsl.net/donate.html>>
________________________________
GCARC mailing list
Home: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.qth.net%2Fmailman%2Flistinfo%2Fgcarc&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364618303%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=hI%2BtFtraRExJr39rVX9yWA4XcDX5nTCtAkVTwBCBaSI%3D&reserved=0<http://mailman.qth.net/mailman/listinfo/gcarc<http://mailman.qth.net/mailman/listinfo/gcarc>>
Help: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.qth.net%2Fmmfaq.htm&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364621297%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ZT3Jrzyfk7b1P5rqSbTgGCFNY%2FCbyj2ED120zkiv0vI%3D&reserved=0<http://mailman.qth.net/mmfaq.htm<http://mailman.qth.net/mmfaq.htm>>
Post: mailto:GCARC at mailman.qth.net
This list hosted by: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.qsl.net%2F&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364624256%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=KDGPZe4NOAexbZZ%2BpZpUsi4LsoRUcNBe5N2yfmOKHvI%3D&reserved=0<http://www.qsl.net<http://www.qsl.net/>/>
Please help support this email list: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.qsl.net%2Fdonate.html&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364627177%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=P%2FORABMb3oIW3JwFeiCKHjNbfi9flMczNuo5EQSlwas%3D&reserved=0<http://www.qsl.net/donate.html<http://www.qsl.net/donate.html>>
________________________________
GCARC mailing list
Home: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.qth.net%2Fmailman%2Flistinfo%2Fgcarc&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364630158%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=s0QllF5FSTiy4RrMlANuil9zyVmCszK0w8H7BGOPS2M%3D&reserved=0<http://mailman.qth.net/mailman/listinfo/gcarc<http://mailman.qth.net/mailman/listinfo/gcarc>>
Help: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.qth.net%2Fmmfaq.htm&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364633078%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2BAWDDDmioI4eFpUW3fQJLb4RsAbAbksEnUngoYlxug8%3D&reserved=0<http://mailman.qth.net/mmfaq.htm<http://mailman.qth.net/mmfaq.htm>>
Post: mailto:GCARC at mailman.qth.net
This list hosted by: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.qsl.net%2F&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364635900%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=zlss7qs1sN65YslrJAtf4xFJF%2Fr%2FkTltl7wq4w0%2BQ10%3D&reserved=0<http://www.qsl.net<http://www.qsl.net/>/>
Please help support this email list: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.qsl.net%2Fdonate.html&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364638684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9QQF9YM5VgB5ABmLi%2FUn2sI%2BRJm3%2FnSoa3Q3Fgr85R0%3D&reserved=0<http://www.qsl.net/donate.html<http://www.qsl.net/donate.html>>
________________________________
GCARC mailing list
Home: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.qth.net%2Fmailman%2Flistinfo%2Fgcarc&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364641524%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=i6Pec4U86QMiAQxfd2iwJ9%2BuSFIvrqqcEoWbZHJMCCI%3D&reserved=0<http://mailman.qth.net/mailman/listinfo/gcarc<http://mailman.qth.net/mailman/listinfo/gcarc>>
Help: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.qth.net%2Fmmfaq.htm&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364644350%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=hZHNgoS%2F3cke1tMUnStCShWzPCdwd2dQfmY%2BfW0cY%2B0%3D&reserved=0<http://mailman.qth.net/mmfaq.htm<http://mailman.qth.net/mmfaq.htm>>
Post: mailto:GCARC at mailman.qth.net
This list hosted by: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.qsl.net%2F&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364647229%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AEp0eFC%2BItjbzs2ookp%2B32AxxKAi6A7hFHmePOPeOOw%3D&reserved=0<http://www.qsl.net<http://www.qsl.net/>/>
Please help support this email list: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.qsl.net%2Fdonate.html&data=05%7C02%7C%7Cb0a2c71956ef4a70203d08dcc309a14a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638599693364650232%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ak%2FjuGsjme3qsVqa8CxbVnAuhg8ldONoigx5b3KivWs%3D&reserved=0<http://www.qsl.net/donate.html<http://www.qsl.net/donate.html>>
________________________________
GCARC mailing list
Home: http://mailman.qth.net/mailman/listinfo/gcarc
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:GCARC at mailman.qth.net
This list hosted by: http://www.qsl.net<http://www.qsl.net/>
Please help support this email list: http://www.qsl.net/donate.html
More information about the GCARC
mailing list