Telkom / BCX affected by Ponyfinal ransomware

Anthro

Expert Member
Joined
Jun 13, 2006
Messages
2,621
Colleague's dad works at Telkom... apparently they are down (completely?) as a result of this


"PonyFinal is a Java-based ransomware that is deployed in human-operated ransomware attacks," Microsoft said in a series of tweets published today.

Human-operated ransomware is a subsection of the ransomware category. In human-operated ransomware attacks, hackers breach corporate networks and deploy the ransomware themselves.

This is in opposition to classic ransomware attacks that have been seen in the past, such as ransomware distributed via email spam or exploit kits, where the infection process relies on tricking the users in launching the payload.
 

|tera|

Master of Messengers
Joined
Mar 31, 2006
Messages
22,352
I'm still online and purring away on Telkom. So if true, it's probably specific servers/systems that are effected.
 

r00igev@@r

Expert Member
Joined
Dec 14, 2009
Messages
4,381
All those millions and millions spent on Cisco firewalls obviously does not help?
 
Last edited:

j4ck455

Executive Member
Joined
Jan 2, 2006
Messages
5,898
Sounds grammatically challenged, surely FinalPony or just Pony, or even ShartlandPony would have been better names.

Presumably it refers to the final build of ransomware called "Pony".
 

Anthro

Expert Member
Joined
Jun 13, 2006
Messages
2,621
 

irBosOtter

Expert Member
Joined
Feb 14, 2014
Messages
2,615
All those millions and millions spent on Cisco firewalls obviously does not help?
Well, you also need someone to setup the firewall correctly for it to block the download of the file, or to block the url's, most of these url's are valid though
But i'm sure in Telkom's case they probably just allow exe file downloads, most companies do it seems.
Main problem I have seen is people take laptops home and are not protected via company firewall, then the file downloads and installs on the laptop. Next day, plugs into office network, and well there you go. I have only seen cases like that, people bring it into the office from home mostly
 

r00igev@@r

Expert Member
Joined
Dec 14, 2009
Messages
4,381
Well, you also need someone to setup the firewall correctly for it to block the download of the file, or to block the url's, most of these url's are valid though
But i'm sure in Telkom's case they probably just allow exe file downloads, most companies do it seems.
Main problem I have seen is people take laptops home and are not protected via company firewall, then the file downloads and installs on the laptop. Next day, plugs into office network, and well there you go. I have only seen cases like that, people bring it into the office from home mostly
Its irrational to boxdrop a firewall without the relevant associated processes and skills. Still the vendors fault. Someone paid them and they must deliver a solution.
In most of these cases, the problem could have been mitigated by using Quad 9.
 
Top