Sunday, March 24, 2019

Prepare for more! Ransom is not the strategy here. If this goes much more wide-spread, who benefits?
Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’
It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.
Hexion and Momentive, which make resins, silicones, and other materials, and are controlled by the same investment fund, were hit by the ransomware on March 12, according to a current employee. An internal email obtained by Motherboard and signed by Momentive’s CEO Jack Boss refers to a “global IT outage” that required the companies to deploy “SWAT teams” to manage.
… “Everything [went down]. Still no network connection, email, nothing,” they said in an online chat on Thursday.
Boss’s email said that the data on any computers that were hit with the ransomware is probably lost, and that the company has ordered "hundreds of new computers.”
… News of this attack shows that the hackers behind the LockerGoga ransomware may be more active than previously thought.
Until today, there were only two known victims of LockerGoga, a relatively new type of malware that infects computers, encrypts their files and ask for a ransom. The first known victim was Altran, a French engineering consulting firm that was hit in late January. Then earlier this week, the Norwegian aluminum giant Norsk Hydro revealed that it had been hit by a ransomware attack. A Kaspersky Lab spokesperson said that they have knowledge of more victims around the world.
… Joe Slowik, a security researcher at Dragos, a cybersecurity company that focuses on critical infrastructure and who has studied the malware, said that LockerGoga does not appear to be very good at its purported goal: collecting money from the victims. In fact, as the ransom note shows, and unlike other popular ransomware, victims have to email the hackers and negotiate a price to get files decrypted, making it harder for the criminals to scale their earnings.
“It’s a piece of very inefficient ransomware,” Slowik told Motherboard in a phone call.
It may be inefficient at collecting money, but it’s apparently good enough to slow down multinational companies in both Europe and the United States.




Oh. That’s what it’s for.
What Privacy is For
Privacy has an image problem. Over and over again, regardless of the forum in which it is debated, it is cast as old-fashioned at best and downright harmful at worst – antiprogressive, overly costly, and inimical to the welfare of the body politic. Privacy advocates resist this framing but seem unable either to displace it or to articulate a comparably urgent description of privacy’s importance. No single meme or formulation of privacy’s purpose has emerged around which privacy advocacy might coalesce. Pleas to “balance” the harms of privacy invasion against the asserted gains lack visceral force.
The consequences of privacy’s bad reputation are predictable: when privacy and its purportedly outdated values must be balanced against the cutting-edge imperatives of national security, efficiency, and entrepreneurship, privacy comes up the loser.
… As Part II discusses…
Privacy shelters dynamic, emergent subjectivity from the efforts of commercial and government actors to render individuals and communities fixed, transparent, and predictable.
… So described, privacy is anything but old-fashioned, and trading it away creates two kinds of large systemic risk, which Parts III and IV describe.




Interesting language?
Nigeria's 2019 Data Protection Regulation: A Fair Scale For Privacy And Commercial Rights?
On January 25, 2019, Nigeria's National Information and Technology Development Agency (NITDA) issued the Nigeria Data Protection Regulation 2019 (the Regulation). The Regulation took effect on same date. In the fashion of the European Union's Global Data Protection Regulation 2018 (GDPR), the Regulation seeks among other things, to safeguard the rights of natural persons to the privacy of their personal data by, among other measures, regulating transactions involving the collection, use and exchange of personal data. In this brief, we take a cursory look at the Regulation and some of its imperatives for businesses that deal in the personal data of those that the Regulation seeks to protect.
… The rights of Data Subjects include the following:
  1. Data Subjects have the right to know their rights. The rights of the Data Subject are required to be made known to him before his personal data is processed. In this regard, the Data Controller must ensure that the means through which personal data is being collected has a conspicuous and understandable privacy policy.




Clearly, Scott Adams gets Trump logic.


No comments: