Sangoma Hack / Ransomware


(TheJames) #61

Alabama and California where they have offices both do too. ¯_(ツ)_/¯ I’m sure the lawyers told them it’s cool.


(Tom Ray) #62

Yeah, that is a good point. All 50 states have their own laws about how to handle, report and do notifications of data breaches. Wonder what other impact there is since there are also offices in Canada and the UK.


(Rob Thomas) #63

It looks like someone who’s claiming to be the attacker has posted on reddit with more information (which I have removed) @lgaetz who’s looking after this internally? The information contained in the message doesn’t need to be public but if anyone inside Sangomium wants to reach out to me, now would be a good time (email would be best) as this is time critical information.

(Edit: Contact achieved!)


(xp) #64

We need to do module updates on many v15 PBXes. Was planning to do so over Christmas or New Year weekend. The hack stopped me from doing this over Christmas weekend. Do we believe the tech side is in the clear enough to apply module updates? I would image that @xrobau and @lgaetz probably have some good input here too.


(TheJames) #65

https://community.freepbx.org/t/recent-system-updates/72224/4?u=jfinstrom


(Nobby6) #66

Thats the approach for general breaches, there are many other requirements in law, in particular this diddy that relates to “serious harm” and that section encompasses for breaches that are known to have taken login creds and financial information

“entities to expeditiously notify individuals at risk of serious harm about an eligible data breach unless cost, time, and effort are excessively prohibitive in all the circumstances.”

the key work here is expidtitously , which is not 28 days, unless your a sangoma fanboi that is


(Jonathan P) #67

Any updates?


#68

(Preston McNair, ClearlyIP CRO) #69

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


#70

People online stating to be part of the group that hacked Sangoma stated that they have been in contact with Sangoma since October 12th.

This could use a little more citation.


(Reinhard Stindl) #71

You are offering a “solution”, which includes switching to YOUR mirror servers. Are you serious??? Someone can get the impression that the hack is in your interest…


(Itzik) #72

Please prep a fire extinguisher before this thread is fully engulfed in flames.


(Richard Smith) #73

How is offering a free service in their interest?


#74

It was entirely predictable innuendo… the only thing surprising to me is that it took nearly a week for someone to say it. Of course it’s nothing more than bad-faith nonsense and trolling and should be ignored.


(Preston McNair, ClearlyIP CRO) #75

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


(Luke C) #76

Curios why October 13th was selected? The gang says they have been in contact since October 12th, any attacker worth their own salt, would have planted their seeds much sooner.


(Preston McNair, ClearlyIP CRO) #77

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


(Preston McNair, ClearlyIP CRO) #78

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


(Reinhard Stindl) #79

Just curious…has this ever happened…that the update servers of an open-source project have been infected and all “customer” systems (and networks) have been encrypted and locked? If somebody wants to steal money, would he choose end users of a free phone system? I have the impression that 95% of freePBX users dont want to spend money and/or have (lots of) money! Aren’t they the wrong target?


(TheJames) #80

I may be over reading in to this but it seems that if you are a former Digium/Sangoma employee your identity is fair game. They notified current employees but the rest of us can suck a lemon?