Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Wednesday January 25 2017, @09:51AM   Printer-friendly
from the we-don't-negotiate-with-terrorists dept.

Apparently it's the library's turn to pay a fine.

Libraries in St Louis have been bought to a standstill after computers in all the city's libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims.

Hackers are demanding $35,000 (£28,000) to restore the system after the cyberattack, which affected 700 computers across the Missouri city's 16 public libraries. The hackers demanded the money in electronic currency bitcoin, but, as CNN reports, the authority has refused to pay for a code that would unlock the machines.

As a result, the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday January 25 2017, @10:57AM

    by Anonymous Coward on Wednesday January 25 2017, @10:57AM (#458453)

    ... how do you manage to get ALL your systems (providing different services over various locations) infected? And... backups?

  • (Score: 0) by Anonymous Coward on Wednesday January 25 2017, @02:28PM

    by Anonymous Coward on Wednesday January 25 2017, @02:28PM (#458491)

    Contrary to the "private" sector, the government's failure means that it gets rewarded even more resources by decree.

  • (Score: 2) by hendrikboom on Wednesday January 25 2017, @02:41PM

    by hendrikboom (1125) Subscriber Badge on Wednesday January 25 2017, @02:41PM (#458495) Homepage Journal

    The article doesn't say the backups are infected. I hope they have some.

    Nor does it say what security hole was used to break into the system. The article does say what kinds of techniques are typically used for ransomware.

    Whatever it was, I hope they fix it when they restore the systems.

    • (Score: 0) by Anonymous Coward on Wednesday January 25 2017, @03:09PM

      by Anonymous Coward on Wednesday January 25 2017, @03:09PM (#458503)

      What are you talking about? Their incompetence right there in the summary:

      the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks.

      • (Score: 2) by hendrikboom on Wednesday January 25 2017, @11:06PM

        by hendrikboom (1125) Subscriber Badge on Wednesday January 25 2017, @11:06PM (#458709) Homepage Journal

        They have 700 computers. That alone might take weeks.

        If they haven't backed up their entire membership base, it would be hopeless to restore it in muerely a few weeks. Even so, I imagine there will be trouble knowing who has borrowed or returned specific books after the last backup.

    • (Score: 0) by Anonymous Coward on Wednesday January 25 2017, @04:59PM

      by Anonymous Coward on Wednesday January 25 2017, @04:59PM (#458527)

      The hole was probably some stupid patron looking at some shady website and got hit with malvertising. Once inside the network, it spread through with ease. At least the library I did some IT work for didn't have proper firewalls in place between public access computers and the rest of the system. Of course, not all libraries are like that and some I know are probably overparanoid, including having the public access computers on their own network running Windows in an immutable VM on Linux updated hourly.

      • (Score: 2) by Grishnakh on Wednesday January 25 2017, @06:12PM

        by Grishnakh (2831) on Wednesday January 25 2017, @06:12PM (#458562)

        You can't expect random people off the street to be savvy about not visiting sites with malvertising. You can't even expect experienced users to avoid that all the time. The way you avoid this is through proper IT practices: 1) install an ad-blocker (this means don't use IE), and better yet (and in addition of course) 2) run Linux. You don't need Windows to give people free web browsing. They don't need to run any kind of software except the web browser, and Linux does this just great.

        • (Score: 2) by butthurt on Wednesday January 25 2017, @10:45PM

          by butthurt (6141) on Wednesday January 25 2017, @10:45PM (#458696) Journal

          Adobe has ironically named its DRM system "Adobe Access."

          https://www.adobe.com/uk/products/adobe-access.html [adobe.com]

          On Linux, support for it exists only in the "system" or "standalone" Flash player:

          Flash Player is integrated with Google Chrome. Google Chrome's Pepper Flash Player plug-in doesn't support Adobe Access on Linux. Therefore, you can have issues viewing rich media content using Google Chrome latest version on Linux.

          As a workaround, enable system Flash Player in Google Chrome.

          -- https://helpx.adobe.com/flash-player/kb/enable-flash-player-google-chrome.html [adobe.com]

          Adobe is discontinuing its Flash Player for Linux as a standalone download as of version 11.2, due later [in 2012], it announced [in February 2012]. After that point, new versions of the Flash Player browser plugin for Linux will only be available as part of Google Chrome.

          Adobe will continue to provide security updates to the standalone Flash Player 11.2 on Linux for five years after its release, it said.

          --
          http://www.pcworld.com/article/250455/for_flash_on_linux_chrome_will_be_users_only_choice.html [pcworld.com]

          That deadline, if Adobe kept to its plan, will soon arrive. If security researchers bother to continue finding bugs in the Flash software, Linux users who want to consume media with Adobe's DRM will only be able to do so by running software with known vulnerabilities.

          • (Score: 1) by anubi on Thursday January 26 2017, @08:39AM

            by anubi (2828) on Thursday January 26 2017, @08:39AM (#458857) Journal

            I step on a lot of commercial websites too with these fringe special players, scripts, and the like... leaving me with the question of do I disable the blocker and take my chances, or click away from the site. Unless I am damned determined, the latter is my preferred choice.

            As far as I am concerned, any businessman having this kind of stuff on his business site is the same kind of businessman who thinks having his advertising circulars soaked in cat urine before being placed in the customer mailbox is an acceptable business practice and will actually pay for said service.

            Businessmen will pay for the damndest things these days.....

            --
            "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
            • (Score: 1) by butthurt on Thursday January 26 2017, @10:15AM

              by butthurt (6141) on Thursday January 26 2017, @10:15AM (#458866) Journal

              I'm not sure Flash, unfortunately, is yet what I'd call a "fringe" medium. Librarians may not want to tell patrons who wish to view it to get stuffed.

  • (Score: 2) by nobu_the_bard on Wednesday January 25 2017, @03:49PM

    by nobu_the_bard (6373) on Wednesday January 25 2017, @03:49PM (#458508)

    Newer ransomwares attack backups if they can. They will search for shares on the network, even if the active user doesn't have an active link to the shared files. It will attempt to interfere with Shadow Copy and other services, if it can, as well. I've seen it in real time - backups vanishing one after another as they were gobbled up (in that case, it was just the Windows copies affected - as it happened, the machine in question was virtual and had regular images taken, stored on a physically isolated server, so it turned out to not be a big deal).

    I've also heard rumors of ones that sniff network traffic to try to deduce other things they can access, but haven't seen one of these myself yet.

    You need the backups to not be directly accessible from any of the machines they relate to backing up during work hours, where possible, to be sure they aren't endangered. If you really had a well done network you could do this with just permissions settings perhaps, but you really need to be on top of things. One errant administrator session and you're wrecked.

    • (Score: 3, Insightful) by Scruffy Beard 2 on Wednesday January 25 2017, @04:42PM

      by Scruffy Beard 2 (6030) on Wednesday January 25 2017, @04:42PM (#458522)

      If it is not off-line, off-site, and verified, it is not a back-up.

      • (Score: 0) by Anonymous Coward on Wednesday January 25 2017, @11:36PM

        by Anonymous Coward on Wednesday January 25 2017, @11:36PM (#458725)

        Should be in all-caps and bold as well.

        If your copy of your stuff can't survive a fire, flood, burglary, or hack, what you have is NOT a backup.

        That the articles about this event doesn't include the names of the IT personnel responsible for the difficult-to-restore software/data infrastructure is just wrong.
        This was fundamental incompetence.

        Those chumps should be fired (and should never have been hired in the first place) and their names should be in the zeitgeist to alert any potential employers.

        Those turkeys should have jobs that involve no more responsibility/skills than one that includes asking the question "Do you want fries with that?"

        -- OriginalOwner_ [soylentnews.org]