Subj : Issue with URL shortener
To   : Brian Rogers
From : August Abolins
Date : Wed May 12 2021 22:18:00

Hello Brian!

** On Tuesday 11.05.21 - 09:52, you wrote:

 BR> Or you can use lynx and view the source. That may help as
 BR> well.

I'm not too overly concerned anymore about short links. It's  
been about 20 yrs now since TinyUrl launched.  Weren't they the  
first with that idea?  Anyway.. They've built a vetting process  
into them and block links that have nefarious purposes.

The only thing I won't do is click on a short link from  
unsoliced email or if something arrives from someone I do not  
know.

I have to wonder if that or a similar technique was used to be  
the vector for inviting the ransomeware that shut down the east  
coast pipeline.

Krebbs article "A Closer Look at the DarkSide Ransomware Gang
May 11, 2021" talks about the end result of that, but I wonder  
what the vector was for infection.

This is a pretty good article that examines the techinal  
tricks:

https://securityintelligence.com/posts/darkside-oil-pipeline- 
ransomware-attack/

"A favorite entry point appears to be connecting via RDP on  
port 443 typically routing via a TOR browser."

And..  I did not know that VPNs and Linux were not immune:

"The malware can attack both Windows and Linux environments,  
making enterprise servers just as `encryptable' as an  
employee's endpoint. DarkSide can also attack virtual machines  
and encrypt data on their hard drives."

Apparently all the activity of making backups is no guarantee  
that you could just ignore the ransomeware attack and just  
restore an ealier backup.  Apparently, the "attack" lurks in  
the background for an amount of time that might represent a  
typical schedule for several backups - so, when it comes time  
to use a previous backup, all those backups will have already  
have copies of the infection.
--
  ../|ug

--- OpenXP 5.0.49
 * Origin: Mobile? Join CHAT here: https://tinyurl.com/y5k7tsla (1:153/757.21)

.