Slashdot Mirror
Ransomware Infects All St Louis Public Library Computers (theguardian.com)
An anonymous reader quotes a report from The Guardian: Libraries in St Louis have been bought to a standstill after computers in all the city's libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims. Hackers are demanding $35,000 (£28,000) to restore the system after the cyberattack, which affected 700 computers across the Missouri city's 16 public libraries. The hackers demanded the money in electronic currency bitcoin, but, as CNN reports, the authority has refused to pay for a code that would unlock the machines. As a result, the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks. On Friday, St Louis public library announced it had managed to regain control of its servers, with tech staff continuing to work to restore borrowing services. The 16 libraries have all remained open, but computers continue to be off limits to the public. Spokeswoman Jen Hatton told CNN that the attack had hit the city's schoolchildren and its poor worst, as many do not have access to the internet at home. "For many [...] we're their only access to the internet," she said. "Some of them have a smartphone, but they don't have a data plan. They come in and use the wifi." As well as causing the loans system to seize up, preventing borrowers from checking out or returning books, the attack froze all computers, leaving no one able to access the four million items that should be available through the service. The system is believed to have been infected through a centralized computer server, and staff emails have also been frozen by the virus. The FBI has been called in to investigate.
...sounds like they have valid backups, so this should be considered a "success" story more than anything else.
Still, I do wonder if the admins were practicing valid security, how anything could have infected the entire system.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
If they are just machines for public web browsing, there i3s no data to ransom. Just reinitialize them. Firefox works great on Linux BTW and you have a much smaller attack surface.
Why would you bother? If you're maintaining your images properly then you probably have a fresher, more up-to-date image for that particular model PC than what's on it anyway, so if you're going to spend so much time rolling-back you may as well instead deploy fresh. These are public terminals, by and large, user data on the local disk shouldn't be a factor at all.
Even for those users who have their own PC for themselves, if you're providing network storage and if the use of that network storage has been your corporate policy, then content lost on the local disk is their problem, not yours. Obviously try to be polite but don't commit to restoring data that was not properly saved.
Do not look into laser with remaining eye.
These are public terminals, by and large, user data on the local disk shouldn't be a factor at all.
From TFA, it affected their servers as well. The system that allows patrons to borrow books and other items went down. So did access to all of the thousands of digital items the libraries offer. Re-imaging the public PCs should be simple enough, but restoring access might be hard if the systems that connect the libraries to the internet are down (gateways, firewalls, DHCP and DNS servers, etc)
Breakfast served all day!
I used to run an OPAC. I kept the front end on a IBM-RS6000 H70, the database on a H-80, and proxies and workers on a HMC with various flavors of hardware.
It served +100 different libraries, and had a unique holdings over 10 million (that means not counting the same holding twice if you had 2 copies (or more) of it.)
Transaction Backups happened every hour and were written to WORM media.
Databases were backed up with transaction logs every 4 hours to mag tape then ejected until needed.
Complete backups were done once a week by quescesing the database, breaking the RAID 5 + 0, backing up the cold DB while restarting the hot DB. Once the cold backup was complete, the RAID was hot re-synced to the online set.
Disaster recovery was using the cold backup tape (which was a full boot tape, one of the reasons I _like_ RS6000's is you can boot from a backup), then re-running the transaction until it was all current.
Circulation systems did not have RW disks, they booted from a Linux live CD with the OPAC already open.
The run-of-the-mill systems for patrons ran windows. I didn't worry about those as I only ran the Unix/AIX/Linux side but they had image deployment systems. A tech could reimage a machine in under 2 minutes, and I guess they could have remote commanded a re-image, since they did every year anyway.
The system was since pulled down and converted to SaaS with an outside vendor. Seems they didn't want to pay for people and licenses.
And thus it is written - why Microsoft? Because it's cheap and easy to find some stumble bum that can pretend to run your shit. He might even keep it going - at least until it all falls down.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
Because many companies require the use of specialized software that ONLY runs on Windows. Look at any industry, and you will find that software. The only companies that can do without windows are the ones that only use web browsers and email.
My industry (chip design and manufacture) runs pretty much with specialized software that only runs on Linux. You can ask for a windows version, but the sales guy would look at you funny.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.