Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday September 07 2019, @03:14PM   Printer-friendly
from the invest-beforehand dept.

Arthur T Knackerbracket has found the following story:

The City of New Bedford, in Massachusetts, has found a way to deal with ransomware without paying: shoring up defenses, restoring from backups, and rebuilding systems.

The attack on the American city's systems was identified on July 5, after employees noticed unusual network activity upon returning from the July 4th holiday, Mayor Jon Mitchell explained in a press conference on Wednesday.

"We haven't seen any interruption in municipal services at all," said Mitchell.

The city's Management Information Systems (MIS) staff identified the presence of the file-scrambling RYUK nasty, a sophisticated form of ransomware, and through prompt action managed to limit its impact.

Supposedly named for a character in the manga series Death Note, RYUK can find and encrypt network drives, and delete volume snapshots to prevent the use of Windows System Restore in the absence of external backups.

[...] Mitchell attributes the relatively minor impact of the infection to luck, skill and the city's IT architecture.

The luck element has to do with the fact that the malware intrusion began over the July 4th holiday. Holidays and weekends are apparently a common time to launch ransomware attacks because IT staff tends to be scarce and less vigilant then; but in this case the holiday also ensured that many of the city's desktop PCs were powered down, which limited the ransomware's ability to spread.

The prompt action of the MIS staff on the morning of July 5th to defensively disconnect systems, according to Mitchell, helped reduce the impact of the infection.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by bzipitidoo on Saturday September 07 2019, @05:11PM (9 children)

    by bzipitidoo (4388) on Saturday September 07 2019, @05:11PM (#891016) Journal

    Wonder what the Computer Security for Dummies book recommends?

    1: Stop using MS Windows! Especially, stop using ancient, crappy versions such as Windows ME.
    2: Make and keep regular backups. (They actually did that.)
    3. Use passwords, and not stupidly weak passwords.
    4. If it doesn't need to be connected, don't!
    5. Don't dis your IT staff.

    Passwords don't have to be a total pain, they just have to be good enough to beat automated scripts.

    As for the IT staff, it's not that IT people are going to deliberately sabotage anything. It's motivation. Constant whining about how much IT costs, wishing out loud that the organization could make do with fewer IT team members, and open suspicion and distrust that every IT proposal is featherbedding and that any problem whatsoever might be the malicious hack job of rogue insiders, along with contradictory complaints that the entire department is full of incompetents who can't even keep a calculator in working order or tie their own shoelaces, coupled with clueless statements that show the bosses have no idea how much work system administration really takes, and that they don't care, all that is demoralizing.

    IT people are more aware than most that the discipline they studied inspires great fear in the ignorant, and that consequently, many punishments for the slightest infraction are way over the top. We're the computer witches, and this is the age of computer witchery trials. For example, shoplifting a music CD will get one a fine of a few hundred dollars, while "making available" a few songs online might result in a judgment so large that selling your home isn't enough to pay for it. One is frequently faced with dilemmas, such as when to patch and upgrade systems. Do it too soon, and you might break things by applying an untested, buggy patch. Do it too often, and you've taken vital services offline too much. Wait too long, and your vulnerable systems will be exploited. IT staff absolutely must document and cover their butts, or they will be blamed for things that are not their fault.

    At least these days, we have ESR versions of a lot of things. With plenty of resources and time, building new systems that could be hot swapped or near hot swapped, very quickly, is an attractive path. But such resources are often a luxury we do not have, and one must choose which patches and updates, if any, to apply to a live system. In that case, do the bare minimum. Don't take a live system down for several minutes for a reboot, unless there is no other choice. On the other hand, systems should be tested occasionally to make sure they will reboot. Got to love the ability of an OS to hum along nicely and obliviously even though the partition table was erased several days ago. I've had occasion to regret not doing an "fdisk /mbr" command before trying to reboot. If it's an attack, it might be possible to block it at the firewall and leave the vulnerability unpatched until night or some other time of light activity. On the other hand, a significant attack can very quickly turn nasty, suspicious management into supplicating management begging to be saved as fast as possible, asking that IT drop everything and do whatever it takes to rescue the organization. A mere reboot can look real trivial when an attack is in progress.

    Starting Score:    1  point
    Moderation   +4  
       Interesting=1, Informative=3, Total=4
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 0) by Anonymous Coward on Saturday September 07 2019, @05:34PM (6 children)

    by Anonymous Coward on Saturday September 07 2019, @05:34PM (#891026)

    The problem with IT staff is they hire anyone just smart enough to find the Win key.

    • (Score: 2) by SomeGuy on Saturday September 07 2019, @05:56PM (5 children)

      by SomeGuy (5632) on Saturday September 07 2019, @05:56PM (#891033)

      The problem with IT staff is they hire anyone just smart enough to find the Win key.

      If someone's IT staff has that sort of problem, then the fault lies squarely with HR's hiring practices. Unfortunately, the modern hiring system is badly broken and corrupt. It favors people who are dishonest, usually specifically rigged to provide a fake excuse to outsource to drooling sacks of crap in India.

      • (Score: 2, Flamebait) by Ethanol-fueled on Sunday September 08 2019, @12:27AM (4 children)

        by Ethanol-fueled (2792) on Sunday September 08 2019, @12:27AM (#891124) Homepage

        The real problem with IT in real organizations is that they dont let anybody do anyfuckingthing, not even right-click. I remember downloading a no-install version of fritzing to draw schematics because at the time they were too Jewish to buy me a license of visio or cad and banned outright all open source software. So when I told IT "don't worry, I downloaded and ran it myself without your approval," they literally freaked the fuck out like ,"OH MY GOD! HOW THE FUCK DID YOU HACK OUR SYSTM?!" Got put on IT's shit-list real soon. I guess IT people are idiots, mostly, after all.

        • (Score: 0) by Anonymous Coward on Sunday September 08 2019, @03:08AM

          by Anonymous Coward on Sunday September 08 2019, @03:08AM (#891153)

          IT came to our corporate retail store because their POS POS was down, again. The IT dude started yelling "who the fuck used paper tape to splice the LAN wires?". He's the only fucktard that has ever touched the rats nest of bullshit stuffed haphazardly behind the computer. Everything was thrown behind the computer in a non-ventilated cabinet. UPS, 14.4 external modem, port switch, VT(?) switch, and the clusterfuck of wires from 4 POS terminals. (This was early 1990s before internet)

        • (Score: 2) by canopic jug on Sunday September 08 2019, @03:45AM (2 children)

          by canopic jug (3949) Subscriber Badge on Sunday September 08 2019, @03:45AM (#891165) Journal

          I guess IT people are idiots, mostly, after all.

          You and most people are living with at least one foot in the past. Worse, your heads are lost there. There are no IT departments any more, at least not as you wish to remember them. While the groups you complain about may call themselves IT or claim to support the businesses they are embedded in, and may even be on company payroll, they are just plain old M$ resellers.

          It has been decades since actual IT departments existed where they actually worked with, not against, the other employees to facilitate their tasks or find a way to use the computer and its programs as a force multiplier. That's on purpose. By working against the real employees the resellers help the MBAs put whole institutions into crisis so that the staff merely react to the latest stimulus and are thus very easily controled, manipulated, and certainly don't allow time to plan their way out of the mess. Wheras the latter is a force multiplier which helps society advance, something which we are no longer doing. People looking ahead become so busy fighting and working around IT that they miss that IT is working fully on behalf of M$. Others just become so overloaded with the impositions from the M$ resellers that they don't have time for anything outside of a panicked crisis mode. Think The Sirens of Titan or Harrison Bergeron instead of a bicycle for the mind [youtube.com].

          You see it here with the ransomware. Rather than planning ahead and deploying something robust, their attempt at an answer is to bleat about buying "the latest version" from M$. Even if they stayed with M$ toys on the desktop, the infrastructure could be something sound like GNU/Linux or FreeBSD. One of the more important parts would be to be running OpenZFS underneath for the file sharing and have no local storage. Since OpenZFS design has snapshotting built in as a side effect, even if the M$ toys then brought home an infection of ransomware, it would be just a matter of rolling back to the state of the system as of minutes prior to the infection. Better still would be to ban M$ products across the board.

          Now that many businesses and governments have outsourced these resellers, they get more malware. Why? Because the resellers charge by the hour to clean the machines they themselves left vulnerable by installing M$ Windows in the first place.

          M$ admins are cheap, I hear MBAs bleat. They are not, if you add in the full costs. In the Total Cost of Ownership, two factors must be included. One is the cost of migration away, or the exit cost. Including exit costs is now required in the EU for their calculations. The other cost, which is more immediately relevant, is the full cost of malware. Now that malware also includes Windows ransomware, this issue needs to be brought up again.

          --
          Money is not free speech. Elections should not be auctions.
          • (Score: 3, Interesting) by bzipitidoo on Sunday September 08 2019, @01:01PM (1 child)

            by bzipitidoo (4388) on Sunday September 08 2019, @01:01PM (#891271) Journal

            Don't forget the weird, blind, dogmatic devotion to market forces. Free is suspect. "You get what you pay for", and that's the logic they use to justify buying Windows and other commercial software, and having to track licenses. Another thing they think is that Windows is backed by a large commercial organization, while Linux is just a hobbyists' project. Even the fact that IBM is on board with Linux isn't enough to penetrate their minds.

            The US military has another screwy argument to justify buying and deploying Windows. Windows is made by an American company. Linux is made by foreigners. Therefore Windows is more trustworthy. Doesn't matter how much outsourcing to India or elsewhere MS did, or that Windows is not open source.

            Working it from the other end, pointing out with details the numerous times MS has screwed their users, often fails to sway them. Can't even get an audience so you can make these arguments. MS has screwed up, many times, but never bad enough for long enough to alienate their devoted base. One MS move that does anger and alienate, is siccing the BSA on them. But MS figured out that was going too far (and they lost some court cases over the matter), and has backed away. Been a while since I heard of a BSA raid.

            • (Score: 2) by canopic jug on Monday September 09 2019, @06:57AM

              by canopic jug (3949) Subscriber Badge on Monday September 09 2019, @06:57AM (#891568) Journal

              Well, if you put it that way, especially the part about ignoring facts over dogma [learnreligions.com], M$ is more of a cult [techrepublic.com] than a business and has been for a long time. There many times when they go out of their way to lose money in exchange for gaining, or just retaining, control either of market share or mind share. That's one of the bigger reasons why it is so hard to eliminate.

              Some court will some day overturn non-disparagement clauses in contracts thus enabling some of the less indoctrinated microsofters to tell what they know about the cult from the inside, if it's not too late by then.

              --
              Money is not free speech. Elections should not be auctions.
  • (Score: 0) by Anonymous Coward on Saturday September 07 2019, @06:29PM

    by Anonymous Coward on Saturday September 07 2019, @06:29PM (#891048)

    «We're the computer witches, and this is the age of computer witchery trials.»

    seems good enough for a Manifesto :D

    CYA

  • (Score: 2) by c0lo on Saturday September 07 2019, @11:57PM

    by c0lo (156) Subscriber Badge on Saturday September 07 2019, @11:57PM (#891116) Journal

    3. Use passwords passphrases, and not stupidly weak passwords.

    FTFY

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford