You are welcome to look at the talkback but please consider that this article is over 2 years old before posting.
Forum - View topicNEWS: NHK Report: Toei Animation Hack Was Ransomware Attack
|
Goto page 1, 2 Next Note: this is the discussion thread for this article |
| Author | Message | |||
|---|---|---|---|---|
NJ_
 Posts: 3015 Location: Wallington, NJ |
|
|||
|
Ouch!
IIRC, this was the same kind of attack that affected Capcom two years ago which led to a lot of stuff getting leaked. |
||||
|
||||
|
FrodoGate222
Posts: 105 |
|
|||
|
I wonder if this has affected the development of One Piece Film Red?
|
||||
|
||||
|
DRosencraft
Posts: 665 |
|
|||
|
Yeah, once stuff was getting delayed by weeks it was clear that there were only two real possibilities; someone went in and deleted stuff, or access was being blocked as in a ransomware attack. As is always the case, someone likely got an email they thought was legit, clicked a bad link, and boom goes the dynamite. It's unlikely we will ever know for sure if they managed to root out the ransomware, or just paid off the attackers. Either way, this is likely costing them a bunch and created massive headaches.
|
||||
|
||||
Hoppy800
 Posts: 3331 |
|
|||
|
Case closed
Toei should keep offline backups of finished episodes next time, also tell your employees not to click every email they see. |
||||
|
||||
|
Ruhrpottpatriot
Posts: 61 |
|
|||
|
Of course you need a backup, the 3-2-1 rule always applies, but offline backups, unless they are on tape, are usually a waste of money (spinning rust ages pretty fast if not used). Just get a decent cloud provider like Azure, AWS or whatnot to store your encrypted data and rsync a delta each day and full backup each weekend. Automatically of course with a special account that nobody has access to. With that employees can only read from backup and you loose a week's work at most in the absolute worst case. Encryption keys can the be stored offline and airgapped on tape or on thumb-drives (but since flash is notoriously unreliable just go tape).
This knowledge is pretty much data security 101, but companies still try to save money and then everybody whines when things go down the drain. |
||||
|
||||
|
ximpalullaorg
Posts: 396 |
|
|||
Offline backups are never a waste of money IMO (even with the downside of not using tapes), especially if for any reason the access to cloud providers is cut off (and this can and will happen). Not to mention, misconfigurations in AWS, Azure, etc that end up in data being exposed (or worse) are nothing new. Without any idea of how Toei's systems are set up and which policy is being used it's difficult to say how it happened (though personally I wouldn't surprised if it was more social engineering than say, a mail) and what can be done to avoid another situation like this. |
||||
|
||||
|
Ruhrpottpatriot
Posts: 61 |
|
|||
A decent cloud provider will have an SLA with downtimes of 24 or 48h on average at the minimum. Even if if at some point takes longer you still have a local backup. That's what the "2" in 3-2-1 stands for: Three copies for each data, two backups (one remote and one local) and one working copy. It also doesn't matter if you can't reach your cloud provider during the attack. Your data you pull from remote is going to be encrypted again anyway and after that, that one or two days's not going to matter much, if at all. Offline storage is more dangerous anyway as there's really no way to make disks read only. Even if you could, you'd have to make them writeable and plug them in to the system to backup your data and that's precisely the problem. No ransomware attacks immediately. It can slumber for days, weeks if not months and then encrypt when you plug in your external drive(s). And if the attacker is somewhat clever, they don't encrypt immediately and only when the drive is almost full to get the maximum out of it. After all, they don't care for episodes aired already, but those very close to being aired. For you as IT-Sec you now have the problem, that you don't know when and if you're going to be attacked. You don't know what's the target. So the only (as in: most secure) solution would be to store only one episode on each disk, which is a huge waste of money, disks and storage space. Anything else has the potential to destroy weeks of work. And that doesn't even factor in the laziness of humans. What if an employee doesn't want to go to storage to check out a new disk an plug in an old one? No security against that. Cloud storage on the other hand, has automatic syncs for a few folders (which you can easily monitor for weird data) and then can pack disks to the brim at the remote servers. No humans involved that make errors and no storage space wasted. And then there's the issue of restoring your data. If you plug in your backups too early you risk your offline storage getting encrypted, too. If you pull from cloud, since your user has only read access you don't risk anything.
Well... yeah. Duh! But the same can be said for any network configuration. So stop using networks and the internet altogether? Probably not. |
||||
|
||||
|
Nate148
Posts: 471 |
|
|||
|
Not shocked.
|
||||
|
||||
|
TheMorry
Posts: 658 |
|
|||
|
Despite that i hate hacks and I'm sorry for them i really wished that awfull DB super cgi fugly movie got lost.
|
||||
|
||||
|
Penrhos
Posts: 168 |
|
|||
|
The company I work for is spending a fortune on immutable backup solutions because of the risk from ransomware.
Just having 321 backup strategy isn't good enough anymore. Some ransomware targets backups first or may wait long enough for all your backups to have been encrypted before triggering the ransom demand. Plus there's always the issue of how much data leaks out undetected while the threat vector is active. Firewalls. Antivirus, patching, education & uncorruptable backups are the only protection. |
||||
|
||||
TarsTarkas
 Posts: 5839 Location: Virginia, United States |
|
|||
|
Lot of companies think it is far cheaper to take the risk and pay up if they get attacked, than to pay the cash for the cyber protection and recovery in advance. Or they think it is something they can pay the lowest (cheapest) price for. And not implementing the most basic of cyber awareness training for their employees.
|
||||
|
||||
Covnam
 Posts: 3669 |
|
|||
|
Ah, that makes sense. I guess they didn't have good redundancy measures in place =/
|
||||
|
||||
|
Ruhrpottpatriot
Posts: 61 |
|
|||
It's good enough if you do it right. Just taking 3-2-1 as the number of backups isn't enough. But also the original rule never said it was. At least one backup must be offsite and those backups be immutable. But -- again -- that's data protection 101. There's really no need to spend a fortune on that, but you also shouldn't cheap out on. |
||||
|
||||
|
vgiannell5
Posts: 86 |
|
|||
I'm sure is has. They just haven't announced it just yet. |
||||
|
||||
|
Cutty Mink
Posts: 26 |
|
|||
As someone who has been in web hosting and systems administration for a decade, I agree. Not only that, but there are affordable solutions for hourly or multiple time per day backups. There's absolutely no reason Toei should have lost more than a few hours of work. |
||||
|
||||
 |
All times are GMT - 5 Hours |
|
|
|
Powered by phpBB © 2001, 2005 phpBB Group