Carnival hit by ransomware attack

[NCTribeFan]

HAL's website was down all day Saturday and their phone lines have also been out (and are still out).  They now have a little blurb at the top of their website saying that the phones are out due to technical difficulties.  Apparently, same thing at Princess (according to someone on the HAL board).

 

My TA & I have been trying to reach HAL since Saturday afternoon.

[jimbo5544]

8 hours ago, DGP1111 said:

 

 

Jimbo, I definitely don't want to reply on behalf of the original poster, but I can say I won't be surprised either IF the offending branch of that corporate family tree is CCL  It is my personal impression that they've not retained the brightest bulbs on that particular IT team.  

If they can continually screw up (or ignore) the easier stuff . . . falling victim to ransomware shouldn't be a shocker.

 

Hopefully the ransom requested was a huge supply of Guy's Burgers . . . and they'll get those delivered, allowing us all to go back to entering info for our future cruise vacations with less serious concern.

 

.

My past life was IT, I headed IT for a financial institution.  Data security started as about 10 percent of my responsibility and ended at about 85 percent.  I know all about what happened.  My point of the post is no matter how secure a company thinks they are, there are always holes.  These are very creative and nefarious organizations that have some of the best IT minds working for them.  It becomes an evolutionary process, new hack, new control. 

 

It happens a lot and to the biggest organizations in the world. At some point, which ever company it was will have to release the specifics, this is law in many states.  We will then see how deep it runs.  I like your view on the end result, but I fear it will be much greater, lets hope you are right.

[quattrohead]

They will find more data breaches and issue a press release in the next financial quarter....all the big companies do this to soften the blow both bad press and financial wise.

I am guessing it has affected the whole of Carnival corp.

 

Carnival and Princess use the same DNS servers, HAL mostly the same and the UK sites are totally different DNS.

Edited August 18, 2020 by quattrohead
more info

[sunonfire]

Here is the information from another source.

 

https://cruiseradio.net/cruise-line-warns-personal-info-may-have-been-hacked/

 

[bitemyfly]

Typically ransomware attacks are after one thing - payment. Pay or your data , systems will become useless.

they have already gained  root in your systems , converted  Or encrypted your files And demand payment for the keys or else all is lost.
As a side note they may seek certain PII data.

 Typically theses attacks are not that sophisticated in the scheme of attacks out there.  

I’m sure CLL is a level 1 pci merchant ( typically over 6 million transactions per year) , as a level 1 they  are required to meet standards , and have certain audits done in certain frequency -Quarterly at a minimum . This reduces risk but does not make it bulletproof .. being a level one  there systems should be properly segmented .
they are also required to have a chief information security officer ( Cisco), typically a dedicated team of infosec.  professionals .

all this must be maintained 24/7 regardless of sailing and revenue stream .. if you slack off , you become a target .

there is plenty of week targets out there , so hackers tend to look for week targets rater then wasting their time penetrating hard ones. 
Poor architecture have led to systems having to be built from scratch in previous attacks. Successful attacks have been seen in regional non for profit hospitals and smaller cites, often they lack the sophistication, the expertises ( contracted  to the lowest cost bidder) And constant attention.

    . 

[Jobeth66]

12 hours ago, autofan said:

This is why corporations and government entities should do a daily backup.  You tell the hacker that has locked you out where to go.  Wipe your hard drives and reload.

 

Yeah, it doesn't work that way generally - the hacker rooted their software into the system a LONG time ago, and just activated it.

 

Wipe & restore from backup?  They'll just re-activate it, and raise the demand.

[marynjohn]

19 hours ago, john91498 said:

When was the attack? Aug 15th.

When did the CFO/IT guy resign? Aug 15th

CFO isn't technology, is it?  I thought Financial.  But, don't worry, the CTO will be leaving soon.

[DGP1111]

9 hours ago, jimbo5544 said:

 . . .  I like your view on the end result, but I fear it will be much greater, lets hope you are right.

 

OK, if they run a hard bargain, throw in a piece of the very best "investor quality" Park West artwork. 😃 😃

 

.

[BlerkOne]

6 hours ago, Jobeth66 said:

 

Yeah, it doesn't work that way generally - the hacker rooted their software into the system a LONG time ago, and just activated it.

 

Wipe & restore from backup?  They'll just re-activate it, and raise the demand.

 

Hopefully they closed whatever sewer the vermin came in from, so that wouldn't be possible.