Panera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees.

  • @[email protected]
    link
    fedilink
    English
    155 months ago

    So… Now the attackers have more funds to launch more attacks and they also know Panera has insufficient disaster recovery plans/backups. Good job negotiating with terrorists!

    • Orbituary
      link
      English
      1
      edit-2
      5 months ago

      That’s not how it works. I’m in this industry directly and do Incident Response every day.

      Paying the ransom only happens after an IR team comes in and remediatess, hardens, and attempts all other methods for getting the client out of the situation.

      If Panera was found criminally negligent, i.e. bad practices and not an exploit, there may be a case held or the insurance carrier forces Panera to pay the ransom and the recovery bill.

      What you’re right about is that the TA gets money. However, every time they get paid, FBI and other agencies get another piece of the puzzle to take the TA down. It’s happened a couple times this year.

      You’re not speaking from a place of experience.

      • @woodytrombone
        link
        English
        45 months ago

        I mean, there are also cases where the same company has been ransomed by multiple different TAs after paying ransoms, so it doesn’t always go down the way you described either.

        (also in the industry. not sure coming at this from the angle “I’m in the industry, your opinion is invalid” was the best choice.)

        • Orbituary
          link
          English
          15 months ago

          I actually dealt with that a couple of times. The last one had two TAs, Blacksuit and a second TA who gained access in tandem without coordination. They both executed their encryptions on the network and it spread. Some had the BH extension and some files had the other. Invariably, both sets of files were double encrypted, but it varied on which was the prominent extension.

      • @[email protected]
        link
        fedilink
        English
        1
        edit-2
        5 months ago

        I’m in this industry directly and do Incident Response every day.

        I’m not claiming to speak from experience or expertise. But let’s be honest, these incidents pay your salary, so you’re not exactly unbiased either. In fact, one could even make the argument that you have an incentive for these attacks to never fully stop (I’m not saying that).

        I understand that they may be forced to pay by government or insurance, and that it may be the cheapest option. But straight up: if no one paid these ransoms and had better mitigation strategies, they wouldn’t continue to do them.

        • Orbituary
          link
          English
          05 months ago

          These incidents require remediation. I am here to stop and thwart these things. I am not here just because I set out to profit on bad behavior.

          I can’t tell you how many times I want to throttle my clients for poor practices or bad choices. That being said, I am doing this because it’s necessary to improve overall practices across the industry.

          And you’re right, if nobody paid the ransom, it would stop… maybe. But on the same note, if nobody was a greedy asshole, there wouldn’t be attacks. If nobody had bad practices, there wouldn’t be vectors… If, if, if.

          The fact is, all of this is a thing and I do this for a living not because I set out to, but because my skillset and experiences in this industry have caused me to be very good at extracting users from these scenarios.

  • sunzu
    link
    fedilink
    45 months ago

    Cheaper than hiring proper staff to do the job.

    • Orbituary
      link
      English
      15 months ago

      See my above comment. And you’re wrong. Remediation costs millions.

      • sunzu
        link
        fedilink
        25 months ago

        There is another way to read that comment ;)

        Will “leadership” be held accountable for this fuck up?

        Asking for a friend

        • Orbituary
          link
          English
          15 months ago

          Sometimes, yeah. If leadership actively chooses to not pay for funding of security and the sysadmins have documentation proving this. I’ve seen a bunch of different complications.

          I heard about a case for a company owned by the billionaire whose name rhymes with Bark Stoobin. Those fuckers should absolutely be prosecuted…