Arthur T Knackerbracket has found the following story:
The City of New Bedford, in Massachusetts, has found a way to deal with ransomware without paying: shoring up defenses, restoring from backups, and rebuilding systems.
The attack on the American city's systems was identified on July 5, after employees noticed unusual network activity upon returning from the July 4th holiday, Mayor Jon Mitchell explained in a press conference on Wednesday.
"We haven't seen any interruption in municipal services at all," said Mitchell.
The city's Management Information Systems (MIS) staff identified the presence of the file-scrambling RYUK nasty, a sophisticated form of ransomware, and through prompt action managed to limit its impact.
Supposedly named for a character in the manga series Death Note, RYUK can find and encrypt network drives, and delete volume snapshots to prevent the use of Windows System Restore in the absence of external backups.
[...] Mitchell attributes the relatively minor impact of the infection to luck, skill and the city's IT architecture.
The luck element has to do with the fact that the malware intrusion began over the July 4th holiday. Holidays and weekends are apparently a common time to launch ransomware attacks because IT staff tends to be scarce and less vigilant then; but in this case the holiday also ensured that many of the city's desktop PCs were powered down, which limited the ransomware's ability to spread.
The prompt action of the MIS staff on the morning of July 5th to defensively disconnect systems, according to Mitchell, helped reduce the impact of the infection.
-- submitted from IRC
(Score: 5, Insightful) by hwertz on Saturday September 07 2019, @04:37PM (5 children)
They missed step 0 in avoiding ransomware: Don't run Windows!
I'm serious, there's no good reason to run Windows on virtually any system. I'm running Ubuntu with "gnome flashback" desktop. Keep Windows the hell off there and you have control of your system rather than Microsoft; you won't get viruses and spyware; it's easy to use; and if you have the ol' budget problems you can keep those older systems as long as you want (Ubuntu has bloated over the years but still has about 1/2 the system requirements of Windows 10 or 7 for that matter.) Wine has gotten VERY good at running Windows software if you really do still have something that needs it. If you have some legacy something or other that needs 95 or XP, it is actually more likely to run under Wine than to run under 7 or 10.
But good on them for having proper backups and such.
(Score: 2) by captain normal on Saturday September 07 2019, @06:50PM (1 child)
Hum...and systemd makes ubuntu act a lot like windows....
When life isn't going right, go left.
(Score: 2) by PartTimeZombie on Sunday September 08 2019, @09:36PM
No it doesn't. Systemd is great.
(Score: 2, Insightful) by fustakrakich on Saturday September 07 2019, @09:00PM
*foo! smells like an ad*
Lack of attention and small user base are its saving grace. And Ubuntu would never be my first choice.
La politica e i criminali sono la stessa cosa..
(Score: 2) by epitaxial on Sunday September 08 2019, @12:53AM
This all boils down to operator error. The exact same thing could happen with poorly configured Linux distros.
(Score: 2) by progo on Monday September 09 2019, @02:54PM
You don't just decide at the top that we're going to quit using Windows and then it happens. It's a long, slow process.
(Score: 1, Flamebait) by legont on Saturday September 07 2019, @05:01PM (2 children)
What they do will be way more expensive than simply paying and will not work. They may become a more difficult target for awhile, which simply means that others will be hit.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 3, Insightful) by HiThere on Saturday September 07 2019, @08:02PM (1 child)
Whether it will be more expensive or not is questionable, but it's something they should have been doing anyway. It solves a lot more problems than just ransomware.
OTOH, you're right. Unless they were specifically targeted this will have no effect on the perpetrators. They probably won't even be aware that some fish slipped off the hook. The one that benefits is the fish.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 3, Insightful) by legont on Sunday September 08 2019, @01:39AM
I work for a company with more than a billion IT budget. Security issues are not solved even though a shitload of money is spent.
Some little local shop? Forgetaboutit.
Like with any addiction, the first step is to realize that what we are doing is not going to help us. One got to admit that one is sick first. He is not on the way to cure until he admits that he is hopelessly sick. The solution for the security issues are way way bigger than a poor admin making backups.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 5, Informative) by bzipitidoo on Saturday September 07 2019, @05:11PM (9 children)
Wonder what the Computer Security for Dummies book recommends?
1: Stop using MS Windows! Especially, stop using ancient, crappy versions such as Windows ME.
2: Make and keep regular backups. (They actually did that.)
3. Use passwords, and not stupidly weak passwords.
4. If it doesn't need to be connected, don't!
5. Don't dis your IT staff.
Passwords don't have to be a total pain, they just have to be good enough to beat automated scripts.
As for the IT staff, it's not that IT people are going to deliberately sabotage anything. It's motivation. Constant whining about how much IT costs, wishing out loud that the organization could make do with fewer IT team members, and open suspicion and distrust that every IT proposal is featherbedding and that any problem whatsoever might be the malicious hack job of rogue insiders, along with contradictory complaints that the entire department is full of incompetents who can't even keep a calculator in working order or tie their own shoelaces, coupled with clueless statements that show the bosses have no idea how much work system administration really takes, and that they don't care, all that is demoralizing.
IT people are more aware than most that the discipline they studied inspires great fear in the ignorant, and that consequently, many punishments for the slightest infraction are way over the top. We're the computer witches, and this is the age of computer witchery trials. For example, shoplifting a music CD will get one a fine of a few hundred dollars, while "making available" a few songs online might result in a judgment so large that selling your home isn't enough to pay for it. One is frequently faced with dilemmas, such as when to patch and upgrade systems. Do it too soon, and you might break things by applying an untested, buggy patch. Do it too often, and you've taken vital services offline too much. Wait too long, and your vulnerable systems will be exploited. IT staff absolutely must document and cover their butts, or they will be blamed for things that are not their fault.
At least these days, we have ESR versions of a lot of things. With plenty of resources and time, building new systems that could be hot swapped or near hot swapped, very quickly, is an attractive path. But such resources are often a luxury we do not have, and one must choose which patches and updates, if any, to apply to a live system. In that case, do the bare minimum. Don't take a live system down for several minutes for a reboot, unless there is no other choice. On the other hand, systems should be tested occasionally to make sure they will reboot. Got to love the ability of an OS to hum along nicely and obliviously even though the partition table was erased several days ago. I've had occasion to regret not doing an "fdisk /mbr" command before trying to reboot. If it's an attack, it might be possible to block it at the firewall and leave the vulnerability unpatched until night or some other time of light activity. On the other hand, a significant attack can very quickly turn nasty, suspicious management into supplicating management begging to be saved as fast as possible, asking that IT drop everything and do whatever it takes to rescue the organization. A mere reboot can look real trivial when an attack is in progress.
(Score: 0) by Anonymous Coward on Saturday September 07 2019, @05:34PM (6 children)
The problem with IT staff is they hire anyone just smart enough to find the Win key.
(Score: 2) by SomeGuy on Saturday September 07 2019, @05:56PM (5 children)
If someone's IT staff has that sort of problem, then the fault lies squarely with HR's hiring practices. Unfortunately, the modern hiring system is badly broken and corrupt. It favors people who are dishonest, usually specifically rigged to provide a fake excuse to outsource to drooling sacks of crap in India.
(Score: 2, Flamebait) by Ethanol-fueled on Sunday September 08 2019, @12:27AM (4 children)
The real problem with IT in real organizations is that they dont let anybody do anyfuckingthing, not even right-click. I remember downloading a no-install version of fritzing to draw schematics because at the time they were too Jewish to buy me a license of visio or cad and banned outright all open source software. So when I told IT "don't worry, I downloaded and ran it myself without your approval," they literally freaked the fuck out like ,"OH MY GOD! HOW THE FUCK DID YOU HACK OUR SYSTM?!" Got put on IT's shit-list real soon. I guess IT people are idiots, mostly, after all.
(Score: 0) by Anonymous Coward on Sunday September 08 2019, @03:08AM
IT came to our corporate retail store because their POS POS was down, again. The IT dude started yelling "who the fuck used paper tape to splice the LAN wires?". He's the only fucktard that has ever touched the rats nest of bullshit stuffed haphazardly behind the computer. Everything was thrown behind the computer in a non-ventilated cabinet. UPS, 14.4 external modem, port switch, VT(?) switch, and the clusterfuck of wires from 4 POS terminals. (This was early 1990s before internet)
(Score: 2) by canopic jug on Sunday September 08 2019, @03:45AM (2 children)
I guess IT people are idiots, mostly, after all.
You and most people are living with at least one foot in the past. Worse, your heads are lost there. There are no IT departments any more, at least not as you wish to remember them. While the groups you complain about may call themselves IT or claim to support the businesses they are embedded in, and may even be on company payroll, they are just plain old M$ resellers.
It has been decades since actual IT departments existed where they actually worked with, not against, the other employees to facilitate their tasks or find a way to use the computer and its programs as a force multiplier. That's on purpose. By working against the real employees the resellers help the MBAs put whole institutions into crisis so that the staff merely react to the latest stimulus and are thus very easily controled, manipulated, and certainly don't allow time to plan their way out of the mess. Wheras the latter is a force multiplier which helps society advance, something which we are no longer doing. People looking ahead become so busy fighting and working around IT that they miss that IT is working fully on behalf of M$. Others just become so overloaded with the impositions from the M$ resellers that they don't have time for anything outside of a panicked crisis mode. Think The Sirens of Titan or Harrison Bergeron instead of a bicycle for the mind [youtube.com].
You see it here with the ransomware. Rather than planning ahead and deploying something robust, their attempt at an answer is to bleat about buying "the latest version" from M$. Even if they stayed with M$ toys on the desktop, the infrastructure could be something sound like GNU/Linux or FreeBSD. One of the more important parts would be to be running OpenZFS underneath for the file sharing and have no local storage. Since OpenZFS design has snapshotting built in as a side effect, even if the M$ toys then brought home an infection of ransomware, it would be just a matter of rolling back to the state of the system as of minutes prior to the infection. Better still would be to ban M$ products across the board.
Now that many businesses and governments have outsourced these resellers, they get more malware. Why? Because the resellers charge by the hour to clean the machines they themselves left vulnerable by installing M$ Windows in the first place.
M$ admins are cheap, I hear MBAs bleat. They are not, if you add in the full costs. In the Total Cost of Ownership, two factors must be included. One is the cost of migration away, or the exit cost. Including exit costs is now required in the EU for their calculations. The other cost, which is more immediately relevant, is the full cost of malware. Now that malware also includes Windows ransomware, this issue needs to be brought up again.
Money is not free speech. Elections should not be auctions.
(Score: 3, Interesting) by bzipitidoo on Sunday September 08 2019, @01:01PM (1 child)
Don't forget the weird, blind, dogmatic devotion to market forces. Free is suspect. "You get what you pay for", and that's the logic they use to justify buying Windows and other commercial software, and having to track licenses. Another thing they think is that Windows is backed by a large commercial organization, while Linux is just a hobbyists' project. Even the fact that IBM is on board with Linux isn't enough to penetrate their minds.
The US military has another screwy argument to justify buying and deploying Windows. Windows is made by an American company. Linux is made by foreigners. Therefore Windows is more trustworthy. Doesn't matter how much outsourcing to India or elsewhere MS did, or that Windows is not open source.
Working it from the other end, pointing out with details the numerous times MS has screwed their users, often fails to sway them. Can't even get an audience so you can make these arguments. MS has screwed up, many times, but never bad enough for long enough to alienate their devoted base. One MS move that does anger and alienate, is siccing the BSA on them. But MS figured out that was going too far (and they lost some court cases over the matter), and has backed away. Been a while since I heard of a BSA raid.
(Score: 2) by canopic jug on Monday September 09 2019, @06:57AM
Well, if you put it that way, especially the part about ignoring facts over dogma [learnreligions.com], M$ is more of a cult [techrepublic.com] than a business and has been for a long time. There many times when they go out of their way to lose money in exchange for gaining, or just retaining, control either of market share or mind share. That's one of the bigger reasons why it is so hard to eliminate.
Some court will some day overturn non-disparagement clauses in contracts thus enabling some of the less indoctrinated microsofters to tell what they know about the cult from the inside, if it's not too late by then.
Money is not free speech. Elections should not be auctions.
(Score: 0) by Anonymous Coward on Saturday September 07 2019, @06:29PM
«We're the computer witches, and this is the age of computer witchery trials.»
seems good enough for a Manifesto :D
CYA
(Score: 2) by c0lo on Saturday September 07 2019, @11:57PM
FTFY
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by c0lo on Sunday September 08 2019, @12:05AM (1 child)
The luck element is that the malware authors are still after the low hanging fruit.
For example, if a malware stays dormant and undetected for, say, a month and goes massively virulent after, high chances are your backups will contain it too. In such a case, the cost of a system restore from backup may go up** enough to justify a reasonable ransom.
** organize a quarantine, restore in a quarantine, disinfect, then actually restore the system
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by canopic jug on Sunday September 08 2019, @03:58AM
That will be the next phase. Right now it is more profitable to just take the low hanging fruit and hit quickly, cash out quickly. Later, when more work is required they will use a different strategy.
We have seen the shifts in the evolution of other Windows malware, where it alternates from time to time between spreading quickly and spreading slowly. Again, as said many times before, the root problem is a Windows infestation. That needs to be solved first, but it is more severe and harder to solve than it looks. It may look on the surface as a technical problem but when you have a Windows infestation you actually have a staffing problem, usually going up several layers into management. Making even a dent in that takes a Herculean effort of will and planning. Given that one of the key side effects of using Windows in the infrastructure is a state of perpetual crisis, that planning just will not and, indeed, cannot happen. Some external force must be applied first, to break that crisis state or at least become a dominant stimulus long enough to elicit the right reflexive action.
Money is not free speech. Elections should not be auctions.
(Score: 0) by Anonymous Coward on Sunday September 08 2019, @07:13PM
So, it was Windows?