Connect with us

ZDNET

Kaseya denies paying ransom for decryptor, refuses comment on NDA

Published

on

Software company Kaseya has denied paying a ransom for a universal decryptor after days of lingering questions about how the tool was obtained. 

On July 21, the company announced that a universal decryption tool had been obtained “from a third party” and that they were working with security company Emsisoft to help victims of the sprawling ransomware attack. 

On Monday, Kaseya released a statement denying rumors that they paid a ransom to REvil, the ransomware group that launched the attack. REvil initially released a ransom demand of $70 million but reportedly lowered it to $50 million before their entire operation went dark on July 13.

“We are confirming in no uncertain terms that Kaseya did not pay a ransom — either directly or indirectly through a third party — to obtain the decryptor,” Kaseya’s statement said. 

“While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment.”

The statement goes on to address reports suggesting that their “continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks.” 

Kaseya attack

According to the statement, Emsisoft and Kaseya’s Incident Response team worked through the weekend providing the decryptor to some of the 1,500 victims affected by the attack, which included a major supermarket chain in Sweden, Virginia Tech University and the local government computers in Leonardtown, Maryland

The company said it is encouraging any victims to come forward, adding that the tool “has proven 100% effective at decrypting files that were fully encrypted in the attack.”

While the news of a universal decyptor was welcomed by hundreds of affected victims, some noted that there was a non-disclosure agreement that Kaseya was forcing companies to sign in exchange for the decryptor. 

CNN confirmed that Kaseya was requiring the non-disclosure agreement in order to gain access to the decryptor. Kaseya spokesperson Dana Liedholm and multiple cybersecurity companies involved told ZDNet they were unable to comment on the non-disclosure agreement. 

Former White House Chief Information Officer and cybersecurity expert Theresa Payton said non-disclosure agreements after attacks are more common that one would think but noted that “asking for an NDA from victims is not an everyday, every incident practice.” 

“When a cyber incident impacts multiple victims in a supply chain attack, sometimes the legal counsel will ask victims to sign an NDA to ensure that the fix for the problem does not get disclosed publicly,” Payton said. 

Payton added that the reasons behind asking for a non-disclosure agreement are not always nefarious and urged companies to consult their lawyers before signing anything. 

“If the reason behind the NDA is to ensure that the 3rd party that provided the key is not disclosed and the manner in which the decryption is made available is not disclosed, then the NDA makes a lot of sense,” Payton told ZDNet. 

“We don’t want to tip our hands publicly to the cyber operatives behind any of the ransomware syndicates. We need to keep the nefarious cyber operatives guessing. If the NDA is not for that reason and is instead a legal maneuver to avoid lawsuits that is disappointing. Given the large impact, it is understandable why their legal counsel might recommend the NDA for legal protections.” 

Mark Kedgley, CTO at New Net Technologies, said it was an extremely rare set of circumstances considering Kaseya is both the exploited vendor and the provider of the decryption kit. 

He added that the NDA “will help diminish further analysis and discussion of the attack.” 

“While you could see this would be desirable for Kaseya, it won’t further the cyber security community’s understanding of the breach,” Kedgley said. 

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/kaseya-denies-paying-ransom-for-decryptor-refuses-comment-on-nda/#ftag=RSSbaffb68

ZDNET

Industry once again warns Australian government about falling behind in tech

Published

on

The Australian Academy of Science has published a policy primer calling for the federal government to place emerging digital technologies higher up the priority list.

“Australia risks falling behind as a technologically-driven nation unless we recognise emerging digital technologies as a central, independent sector in its own right, warranting investment in the core aspects of research, innovation, and workforce development,” the organisation wrote.

In the policy primer [PDF], the government-endorsed, not-for-profit organisation warned that Australia could potentially lag behind global peers, saying other nations such as Canada, France, the UK, and the US have placed more resources towards prioritising digital technologies as a strategy to bolster competitiveness.

Australia’s digital innovation earnings relative to its GDP was almost four percentage points lower than the OECD average of 11.2%, the organisation said.

To address this, the organisation put forward three recommendations that it believes would help Australia’s digital technology capability and innovation keep pace with other countries.

The recommendations are to elevate emerging digital technologies as a national science and innovation priority; include research and innovation in emerging digital technologies in the 2021 Research Infrastructure Roadmap; and recognise emerging digital technologies as an independent growth sector.

The Australian Academy of Science added that more investment is needed towards improving the digital literacy of Australians. Referring to RMIT University’s digital inclusion index, it said Australians with lower income, employment, and education have increasingly fallen behind in this area.

Kaspersky APAC managing director Chris Connell has also pushed for stronger promotion of security awareness and digital education saying that government needed to work more closely with industry to achieve this.

“We’re facing security challenges that put a strain on cybersecurity resources. Investing in cyber talent and promoting security awareness and digital education are the keys to success in building cyber resilient digital societies and economies,” Connell said.

“We need to move from the ‘needs’ to actually delivering on this — if we don’t, and the way the world is changing, there will be more and more risk moving forward.”

While the Australian Academy of Science did note the federal government’s recent digital economy strategy and modern manufacturing strategy were a “welcome signal”, it gave the caveat that government still needed to recognise the importance of building scientific capability behind the digital economy, both from an investment and narrative point of view.

“The national narrative and strategy for Australia’s digital economy needs to address the fundamental importance of building and maintaining scientific capabilities in emerging digital technologies to drive investment and build sovereign capability and capacity,” it wrote.

Following a similar theme, the Australian Information Industry Association (AIIA) a few weeks ago expressed concerns that the federal government was not placing enough resources into commercialising emerging technology, such as quantum computing.

“We are in a position of thought leadership and in some ways, we do lead the way. But our concern is that based on global trends, if we don’t take the steps necessary to maintain our position, and we’re not taking those steps, then we will in fact lose our leadership position, lose our resources, lose our IP, lose our skills, and our thought leaders,” AIIA CEO Ron Gauci said at the time. 

Related Coverage

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/industry-once-again-warns-australian-government-about-falling-behind-in-tech/#ftag=RSSbaffb68

Continue Reading

ZDNET

Industry once again warns Australian government about falling behind in tech

Published

on

The Australian Academy of Science has published a policy primer calling for the federal government to place emerging digital technologies higher up the priority list.

“Australia risks falling behind as a technologically-driven nation unless we recognise emerging digital technologies as a central, independent sector in its own right, warranting investment in the core aspects of research, innovation, and workforce development,” the organisation wrote.

In the policy primer [PDF], the government-endorsed, not-for-profit organisation warned that Australia could potentially lag behind global peers, saying other nations such as Canada, France, the UK, and the US have placed more resources towards prioritising digital technologies as a strategy to bolster competitiveness.

Australia’s digital innovation earnings relative to its GDP was almost four percentage points lower than the OECD average of 11.2%, the organisation said.

To address this, the organisation put forward three recommendations that it believes would help Australia’s digital technology capability and innovation keep pace with other countries.

The recommendations are to elevate emerging digital technologies as a national science and innovation priority; include research and innovation in emerging digital technologies in the 2021 Research Infrastructure Roadmap; and recognise emerging digital technologies as an independent growth sector.

The Australian Academy of Science added that more investment is needed towards improving the digital literacy of Australians. Referring to RMIT University’s digital inclusion index, it said Australians with lower income, employment, and education have increasingly fallen behind in this area.

Kaspersky APAC managing director Chris Connell has also pushed for stronger promotion of security awareness and digital education saying that government needed to work more closely with industry to achieve this.

“We’re facing security challenges that put a strain on cybersecurity resources. Investing in cyber talent and promoting security awareness and digital education are the keys to success in building cyber resilient digital societies and economies,” Connell said.

“We need to move from the ‘needs’ to actually delivering on this — if we don’t, and the way the world is changing, there will be more and more risk moving forward.”

While the Australian Academy of Science did note the federal government’s recent digital economy strategy and modern manufacturing strategy were a “welcome signal”, it gave the caveat that government still needed to recognise the importance of building scientific capability behind the digital economy, both from an investment and narrative point of view.

“The national narrative and strategy for Australia’s digital economy needs to address the fundamental importance of building and maintaining scientific capabilities in emerging digital technologies to drive investment and build sovereign capability and capacity,” it wrote.

Following a similar theme, the Australian Information Industry Association (AIIA) a few weeks ago expressed concerns that the federal government was not placing enough resources into commercialising emerging technology, such as quantum computing.

“We are in a position of thought leadership and in some ways, we do lead the way. But our concern is that based on global trends, if we don’t take the steps necessary to maintain our position, and we’re not taking those steps, then we will in fact lose our leadership position, lose our resources, lose our IP, lose our skills, and our thought leaders,” AIIA CEO Ron Gauci said at the time. 

Related Coverage

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/industry-once-again-warns-australian-government-about-falling-behind-in-tech/#ftag=RSSbaffb68

Continue Reading

ZDNET

Westpac has blocked 24,000 abusive messages in payments

Published

on

Westpac said it has managed to block some 24,000 transactions that were deemed as abusive payments.

In its environment, social, and governance strategy update, the bank also noted it required 19,000 customers to change the language they used in transaction descriptions before their payments could be accepted and processed.

The bank added it issued more than 800 warning letters and account suspensions and reported more than 70 customers to authorities for abusive payments.  

The bank announced earlier in the year it would not tolerate any messages containing abuse being sent in transaction descriptions. Terms considered inappropriate by the bank range from swear words through to domestic violence threats.

“We want to create a safer digital banking experience for our customers and send a clear signal that abusive messages in payment transactions will not be tolerated,” Westpac general manager of customer solutions Lisa Pogonoski previously said.

To contain such behaviour, the red and black bank rolled out a new tool enabling customers to report abuse and harassment received in the payment transaction description for inbound payments.

The bank also deployed technology to monitor outgoing payments sent through its online and mobile banking platforms, which blocks certain transactions containing inappropriate or offensive language in real-time.

In other updates, Westpac highlighted that in relation to its Customer Outcomes and Risk Excellence (CORE) program, it has completed 104 out of 327 planned activities designed to uplift the bank’s management and governance of risk. These included upgrading its transaction screen software and settings, identifying data points and establishing automated reconciliations and checks, using analytics to improve detection, and improving risk reporting through a new insights platform.

For the first half the 2022 financial year, Westpac highlighted tech expenses increased AU$40 million, attributing part of the rise was relating to the CORE program. This was off the back of a profit increase, posting AU$3.4 billion.  

IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:

  • National Sexual Assault, Domestic Family Violence Counselling Service on 1800 737 732
  • MensLine Australia on 1300 789 978
  • Lifeline on 13 11 14
  • Kids Helpline on 1800 551 800
  • Beyond Blue on 1300 22 46 36
  • Headspace on 1800 650 890
  • In an emergency or if you’re not feeling safe, always call 000

MORE FROM WESTPAC

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/westpac-has-blocked-24000-abusive-messages-in-payments/#ftag=RSSbaffb68

Continue Reading

ZDNET

Westpac has blocked 24,000 abusive messages in payments

Published

on

Westpac said it has managed to block some 24,000 transactions that were deemed as abusive payments.

In its environment, social, and governance strategy update, the bank also noted it required 19,000 customers to change the language they used in transaction descriptions before their payments could be accepted and processed.

The bank added it issued more than 800 warning letters and account suspensions and reported more than 70 customers to authorities for abusive payments.  

The bank announced earlier in the year it would not tolerate any messages containing abuse being sent in transaction descriptions. Terms considered inappropriate by the bank range from swear words through to domestic violence threats.

“We want to create a safer digital banking experience for our customers and send a clear signal that abusive messages in payment transactions will not be tolerated,” Westpac general manager of customer solutions Lisa Pogonoski previously said.

To contain such behaviour, the red and black bank rolled out a new tool enabling customers to report abuse and harassment received in the payment transaction description for inbound payments.

The bank also deployed technology to monitor outgoing payments sent through its online and mobile banking platforms, which blocks certain transactions containing inappropriate or offensive language in real-time.

In other updates, Westpac highlighted that in relation to its Customer Outcomes and Risk Excellence (CORE) program, it has completed 104 out of 327 planned activities designed to uplift the bank’s management and governance of risk. These included upgrading its transaction screen software and settings, identifying data points and establishing automated reconciliations and checks, using analytics to improve detection, and improving risk reporting through a new insights platform.

For the first half the 2022 financial year, Westpac highlighted tech expenses increased AU$40 million, attributing part of the rise was relating to the CORE program. This was off the back of a profit increase, posting AU$3.4 billion.  

IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:

  • National Sexual Assault, Domestic Family Violence Counselling Service on 1800 737 732
  • MensLine Australia on 1300 789 978
  • Lifeline on 13 11 14
  • Kids Helpline on 1800 551 800
  • Beyond Blue on 1300 22 46 36
  • Headspace on 1800 650 890
  • In an emergency or if you’re not feeling safe, always call 000

MORE FROM WESTPAC

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/westpac-has-blocked-24000-abusive-messages-in-payments/#ftag=RSSbaffb68

Continue Reading
Esports4 days ago

Here are all of CS:GO’s Operation Riptide skins

Esports3 days ago

How to start a Private Queue in CS:GO

Esports2 days ago

Can You Play Diablo II: Resurrected Offline?

Esports3 days ago

How to complete all week one missions in Operation Riptide

Esports4 days ago

Valve reveals CS:GO Operation Riptide, featuring private queue, short competitive games, new deathmatch modes, and more

Esports2 days ago

Failed to Enter Game, Character Could Not be Found: How to Fix Error in Diablo II: Resurrected

Esports5 days ago

All Fashion Week Timed Research, Finding Your Voice Special Research, and event-exclusive Field Research tasks and rewards in Pokémon Go

Esports4 days ago

Pokémon UNITE APK and OBB download links for Android

Esports3 days ago

CS:GO Riptide Case: Full List of New Skins

Esports4 days ago

Some players unable to claim Pokémon UNITE mobile pre-registration rewards due to new error

Esports2 days ago

Valkyrae says YouTube is working on gifted members and a feature similar to Twitch Prime

Esports4 days ago

5 Best Counters to Vex in League of Legends

Esports3 days ago

Initial reactions to the Worlds 2021 group draw: How does each team stack up against the field?

Esports2 days ago

Valkyrae says YouTube is working on gifted members and a feature similar to Twitch Prime

Esports24 hours ago

Fall Guys achieves Guinness World Record for most downloaded PlayStation Plus game ever

Esports2 days ago

Best Stats for the Druid in Diablo II: Resurrected

Covid195 days ago

Fintech Apps Sees a Surge in Downloads Amidst the Pandemic

Esports2 days ago

Microsoft’s The Initiative brings on Crystal Dynamics to help develop its Perfect Dark reboot

Blockchain3 days ago

United States Infrastructure Bill Brings Cardano Billionaire to Washington.

Blockchain4 days ago

Bitcoin & Ethereum Options Expiry on September 24th, What Does This Mean for the BTC and ETH Price?

Trending