SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
The City of New Bedford, in Massachusetts, has found a way to deal with ransomware without paying: shoring up defenses, restoring from backups, and rebuilding systems.
The attack on the American city's systems was identified on July 5, after employees noticed unusual network activity upon returning from the July 4th holiday, Mayor Jon Mitchell explained in a press conference on Wednesday.
"We haven't seen any interruption in municipal services at all," said Mitchell.
The city's Management Information Systems (MIS) staff identified the presence of the file-scrambling RYUK nasty, a sophisticated form of ransomware, and through prompt action managed to limit its impact.
Supposedly named for a character in the manga series Death Note, RYUK can find and encrypt network drives, and delete volume snapshots to prevent the use of Windows System Restore in the absence of external backups.
[...] Mitchell attributes the relatively minor impact of the infection to luck, skill and the city's IT architecture.
The luck element has to do with the fact that the malware intrusion began over the July 4th holiday. Holidays and weekends are apparently a common time to launch ransomware attacks because IT staff tends to be scarce and less vigilant then; but in this case the holiday also ensured that many of the city's desktop PCs were powered down, which limited the ransomware's ability to spread.
The prompt action of the MIS staff on the morning of July 5th to defensively disconnect systems, according to Mitchell, helped reduce the impact of the infection.
-- submitted from IRC
(Score: 4, Insightful) by c0lo on Sunday September 08 2019, @12:05AM (1 child)
The luck element is that the malware authors are still after the low hanging fruit.
For example, if a malware stays dormant and undetected for, say, a month and goes massively virulent after, high chances are your backups will contain it too. In such a case, the cost of a system restore from backup may go up** enough to justify a reasonable ransom.
** organize a quarantine, restore in a quarantine, disinfect, then actually restore the system
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by canopic jug on Sunday September 08 2019, @03:58AM
That will be the next phase. Right now it is more profitable to just take the low hanging fruit and hit quickly, cash out quickly. Later, when more work is required they will use a different strategy.
We have seen the shifts in the evolution of other Windows malware, where it alternates from time to time between spreading quickly and spreading slowly. Again, as said many times before, the root problem is a Windows infestation. That needs to be solved first, but it is more severe and harder to solve than it looks. It may look on the surface as a technical problem but when you have a Windows infestation you actually have a staffing problem, usually going up several layers into management. Making even a dent in that takes a Herculean effort of will and planning. Given that one of the key side effects of using Windows in the infrastructure is a state of perpetual crisis, that planning just will not and, indeed, cannot happen. Some external force must be applied first, to break that crisis state or at least become a dominant stimulus long enough to elicit the right reflexive action.
Money is not free speech. Elections should not be auctions.