AGCO (MF) ransomware attack disrupts tractor sales during U.S. planting season

[kenmbz]

This one was quick to infiltrate. Replaced a few thousand machines and ton of server with virtuals to keep the business up.
Off line backups saved the day, but it cost millions. Company made the decision to do this over paying. Was not easy.
At the time all of our subcompanies were on different independent networks, limiting the damage.
Now we have more ID, FW and other hw to get in the path. Plus educating the staff helped to the point where they even report some of our mass information emails as phishing.

 

[Dmacleo]

ok I stand corrected.
sounds like you are heavy into it and with your knowledge of the vectors I apologize.
I've just seen WAY too many people trumpet the offsite backup line that get suddenly shocked about the timing vector.

edit: where news reports mentioned france/germany (production plants for many agco stuff) while not mentioning US based production I wondered about separated networks.
that is not an area I have a lot of knowledge about, I'm one of those high IQ people with no direction that likes to play around and learn stuff. this item was on my list to learn about.
time to fire up some cheap VPS units and play around I guess.
again, I apologize for the stupid assumption I made. Mea Culpa.

 

[kenmbz]

No worries, I did not want to go into too much detail. Which is where you saw some gaps, which you pointed out, correctly. So on me too.
I hope AGCO had everything backup up offline. It is painful to repair/rebuild and buy new and takes a long time with big business impacts. I feel for them and all the other companies and people hit by these sc*m of the earth.

 

[Dmacleo]

yeah I've dealt with stuff like the largest android community in world (at the time, not sure now, droidforums was admin/etc) getting hit all the time as well as some US based 2nd amendment forums getting hit. plus I ran few vpns getting multiple TB a day of traffic for droid builds.
all for free for me (I operated on donation basis) just to try to help.
all I ever heard was "but we got offisite backups" (lot of cry and whine here when I said WTF cares) and had to deal with that crap.
I state I am not well versed enough in this stuff, pay the money have this/that company involved, they all scream.
some listened, android did, some others didn't. guess which one survived?
I know my knowledge limitations and am not afraid to acquiesce and learn from others that know more than me.