Posted on 09/06/2019 8:00:57 AM PDT by DUMBGRUNT
Hackers infecting the computer systems of the city of New Bedford, Massachusetts, with ransomware wouldn't settle for anything less that than $5.3 million to decrypt the data. The ransom was too high and they got a big fat nothing in return.
...The infection did not spread to other machines due to Management Information Systems (MIS) staff's response to contain the data encryption process from spreading by disconnecting servers and shutting down workstations on the network.
The city tried to negotiate for $400,000, which was in line with payments from other cities hit by ransomware attacks.
Creating backups and storing them off the main network is a good way to prevent significant losses and lower the downtime caused by a ransomware attack.
(Excerpt) Read more at bleepingcomputer.com ...
Each evening he would upload from tape.
Now on the Amazon cloud.
He claimed that 80%+ of companies that lose their data are out of business in two years.
$5 mil would fund a hell of an IT department.
Interesting stats. I know my former work colleague who was responsible for our CAD network said he could not sleep at night without knowing that a full tape backup had been completed by two different systems. Literally - this was before the internet was widespread and he had a terminal with a dial-up modem at home that he’d use to log into the backup sites to make sure the daily backup had been completed successfully. My bet is that modern day IT managers don’t take quite as much personal responsibility.
At least this story did not turn out to be an ad for PC-Matic ;-)
$5 mil would fund a hell of an IT department.
And maybe enough for shock collars to properly train the lot of them.
The company I’d worked for maintained a ‘sneaker network’ between accounting and the rest of the world.
All the cables were glued in place, unused ports filled with hot glue, some keys were also filled with glue.
One of the partner’s father is BIG, BIG in the industry and he wrote the specs for the system.
I tend to doubt such a system is possible in today’s world?
My bet is that modern day IT managers don’t take quite as much personal responsibility.
And not just the tapes.
Each key exec kept duplicate components of the company server.
Every couple of months a practice run rebuilding the system.
IIRC he said they lose one days data, and could be back in business.
I suspect a fair amount of this govt-related ransom attacks are done by insiders - almost a perfect crime; you are the IT guy, you install the ransomware and cover your tracks, you report the problem to your non-IT bosses and suggest the only way out is to pay the (non-traceable) ransom - voila!
I always wonder why so much of an organization’s network is connected to the internet. Considering the risk, it seems portions could be intranet only with separate work stations that have outside connection if internet research or communication is needed.
Any systems experts out there that can tell me what is wrong with my thinking on this? Thanks.
Cheaper just to throw away and get new
Any systems experts out there that can tell me what is wrong with my thinking on this?
Not my line of work, but as noted in #4 my employer maintained a sneaker network. And I doubt that is still a viable approach?
Anything that involved money had ZERO connections, everything stayed in one room.
I used to back up the hard drives nightly and drive them to a local bank to lock them in a safe deposit box.
This was in the early 90s.
L
I started keeping an exabyte (DAT) tape duplicate backup of my company’s entire network at home back in 1991. TWO, actually, A and B, alternating and bringing the other on the train each day during my commute. Eventually disaster struck, and I used Retrospect to revive the data on all systems in one evening. It’s a great idea.
I imagine it would depend on the business model. I’m in IT and the company I work for would be crippled if everyone that works here didn’t have both internet and intranet access. Years ago we were hit by 3 of these attacks. 2 of them even involved the same user and yet they still refused to fire him.
The weakest point in any network will always be the users and no amount of security preparedness will make up for that. I can tell you how most of these infections occur.
At the time we had a modern, powerful and expensive firewall. It had a weakness though. It could not scan compressed email attachments. Our new firewall can. For that reason I requested that we block these types of attachments but it was determined by those with no IT knowledge that it was better to take the risk rather than teach our users and customers how to use FTP or Drop Box.
In every one of these cases an email was sent to an employee with a compressed attachment. The employee wouldn’t noticed the mangled English in the subject or body of the email. They would pay no attention to the fact that it was sent by someone we don’t do business with, nor would they notice the address was obviously (to IT anyways) spoofed. They would unzip the attachment and run it, also failing to notice that the file type was an executable.
The application would immediately start compressing every file it could find on the employees computer or any other files the employees computer had access to on the LAN. Their computer would start acting funny pretty quickly and they would call IT.
We would disconnect their computer from the LAN and go about restoring everything touched from backups, which were run nightly. We we’re back up and running in an hour or two and everyone would just lose half a days work.
Stupid is supposed to hurt...
The weakest point in any network will always be the users and no amount of security preparedness will make up for that.
My brother the MIS guy called it, PBKAC.
But I seldom heard him blame his people, the owners yes, occasionally.
At our work, the accounting computers were not connected to the internet. Same.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.