Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday September 07 2019, @03:14PM   Printer-friendly
from the invest-beforehand dept.

Arthur T Knackerbracket has found the following story:

The City of New Bedford, in Massachusetts, has found a way to deal with ransomware without paying: shoring up defenses, restoring from backups, and rebuilding systems.

The attack on the American city's systems was identified on July 5, after employees noticed unusual network activity upon returning from the July 4th holiday, Mayor Jon Mitchell explained in a press conference on Wednesday.

"We haven't seen any interruption in municipal services at all," said Mitchell.

The city's Management Information Systems (MIS) staff identified the presence of the file-scrambling RYUK nasty, a sophisticated form of ransomware, and through prompt action managed to limit its impact.

Supposedly named for a character in the manga series Death Note, RYUK can find and encrypt network drives, and delete volume snapshots to prevent the use of Windows System Restore in the absence of external backups.

[...] Mitchell attributes the relatively minor impact of the infection to luck, skill and the city's IT architecture.

The luck element has to do with the fact that the malware intrusion began over the July 4th holiday. Holidays and weekends are apparently a common time to launch ransomware attacks because IT staff tends to be scarce and less vigilant then; but in this case the holiday also ensured that many of the city's desktop PCs were powered down, which limited the ransomware's ability to spread.

The prompt action of the MIS staff on the morning of July 5th to defensively disconnect systems, according to Mitchell, helped reduce the impact of the infection.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by HiThere on Saturday September 07 2019, @08:02PM (1 child)

    by HiThere (866) Subscriber Badge on Saturday September 07 2019, @08:02PM (#891068) Journal

    Whether it will be more expensive or not is questionable, but it's something they should have been doing anyway. It solves a lot more problems than just ransomware.

    OTOH, you're right. Unless they were specifically targeted this will have no effect on the perpetrators. They probably won't even be aware that some fish slipped off the hook. The one that benefits is the fish.

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Insightful) by legont on Sunday September 08 2019, @01:39AM

    by legont (4179) on Sunday September 08 2019, @01:39AM (#891137)

    I work for a company with more than a billion IT budget. Security issues are not solved even though a shitload of money is spent.

    Some little local shop? Forgetaboutit.

    Like with any addiction, the first step is to realize that what we are doing is not going to help us. One got to admit that one is sick first. He is not on the way to cure until he admits that he is hopelessly sick. The solution for the security issues are way way bigger than a poor admin making backups.

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.