Slashdot Mirror
Ransomware Infects All St Louis Public Library Computers (theguardian.com)
An anonymous reader quotes a report from The Guardian: Libraries in St Louis have been bought to a standstill after computers in all the city's libraries were infected with ransomware, a particularly virulent form of computer virus used to extort money from victims. Hackers are demanding $35,000 (£28,000) to restore the system after the cyberattack, which affected 700 computers across the Missouri city's 16 public libraries. The hackers demanded the money in electronic currency bitcoin, but, as CNN reports, the authority has refused to pay for a code that would unlock the machines. As a result, the library authority has said it will wipe its entire computer system and rebuild it from scratch, a solution that may take weeks. On Friday, St Louis public library announced it had managed to regain control of its servers, with tech staff continuing to work to restore borrowing services. The 16 libraries have all remained open, but computers continue to be off limits to the public. Spokeswoman Jen Hatton told CNN that the attack had hit the city's schoolchildren and its poor worst, as many do not have access to the internet at home. "For many [...] we're their only access to the internet," she said. "Some of them have a smartphone, but they don't have a data plan. They come in and use the wifi." As well as causing the loans system to seize up, preventing borrowers from checking out or returning books, the attack froze all computers, leaving no one able to access the four million items that should be available through the service. The system is believed to have been infected through a centralized computer server, and staff emails have also been frozen by the virus. The FBI has been called in to investigate.
...sounds like they have valid backups, so this should be considered a "success" story more than anything else.
Still, I do wonder if the admins were practicing valid security, how anything could have infected the entire system.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
As a St. Louisan, I'm glad they're not paying. It sounds like there are some serious issues while they restore their systems, but it sounds like they do have backups. It will take awhile to clean up the mess, but I applaud them for not giving in to the criminals responsible for this. Although many articles aren't clear about this, the library did have backups to restore from, so despite the security breach, someone knew what they were doing well enough to avoid paying the ransom demands. Good for St. Louis not giving into these demands.
If they are just machines for public web browsing, there i3s no data to ransom. Just reinitialize them. Firefox works great on Linux BTW and you have a much smaller attack surface.
It takes a special kind of asshole to attack a library; a place where people go to learn and access the internet. Why go after one of the poorest resources and attack those that have the least to give? Go after the fucking fortune 500 companies but not a fucking library. One only hopes that anonymous could turn the tables on these slimy thieves.
That's not really it at all.
Decision-makers at the top of organizations love Windows. They love Microsoft. They love all of the pretty graphs and charts and menus that make it look easy to administer a system or network. The problem is, they often start to think that they actually know how to do just that once they've been through the marketing experience meetings where the people from the vendor with a lot of knowledge make it look so simple, or else they hire people that do a very convincing job of sounding like they know what they're doing but don't. Worst, those people (either the bosses or the ignorant hirees) may be convinced that they know what they're doing far beyond reality.
Now, I will give it this much, sometimes the GUI tools can be useful. It's much easier to plot how network traffic is being passed among multiple interfaces to the WAN or to the ISP across multiple NAT firewalls with a GUI graph than it is on a text console. On the other hand, actually figuring out what's going on is often a function of the console, rather than of the GUI.
Do not look into laser with remaining eye.
Why would you bother? If you're maintaining your images properly then you probably have a fresher, more up-to-date image for that particular model PC than what's on it anyway, so if you're going to spend so much time rolling-back you may as well instead deploy fresh. These are public terminals, by and large, user data on the local disk shouldn't be a factor at all.
Even for those users who have their own PC for themselves, if you're providing network storage and if the use of that network storage has been your corporate policy, then content lost on the local disk is their problem, not yours. Obviously try to be polite but don't commit to restoring data that was not properly saved.
Do not look into laser with remaining eye.
Second - St. Louis' libraries almost certainly can't afford to pay even one of these mutts. Libraries were once magnificent places where people went to read and borrow dead-tree media (a.k.a., books, although periodicals and reference works were also available there). While libraries have become the one publicly available free-as-in-beer places to get internet access, their core mission of providing free access to reference, literary and other materials was not directly impacted by this. One could still walk into a library, look up a desired text in the card catalog and physically access a nearly exploit-proof repository of knowledge and information. They don't have budgets for IT security which would prove to be exceedingly difficult to provide on hundreds of publicly accessible computers, nor do they have a mandate to provide electronic services.
Third - and this ties back to second - libraries in general don't have a budget for public IT. They can't afford the expertise to implement FOSS when the vast majority of the people who will maintain and use the provided services are not trained to use it. Even on their web presence, ease of implementation (which probably contributed to this problem) equals lower TCO for them.
These are public terminals, by and large, user data on the local disk shouldn't be a factor at all.
From TFA, it affected their servers as well. The system that allows patrons to borrow books and other items went down. So did access to all of the thousands of digital items the libraries offer. Re-imaging the public PCs should be simple enough, but restoring access might be hard if the systems that connect the libraries to the internet are down (gateways, firewalls, DHCP and DNS servers, etc)
Breakfast served all day!
Because many companies require the use of specialized software that ONLY runs on Windows. Look at any industry, and you will find that software. The only companies that can do without windows are the ones that only use web browsers and email.
While the MSA has 2.9 million, St louis proper only has 316000. Those libraries serve the residents of the City, not the entire MSA. The communities of the MSA have their OWN libraries.
16 for 316000 is actually a fairly high ratio.
I used to run an OPAC. I kept the front end on a IBM-RS6000 H70, the database on a H-80, and proxies and workers on a HMC with various flavors of hardware.
It served +100 different libraries, and had a unique holdings over 10 million (that means not counting the same holding twice if you had 2 copies (or more) of it.)
Transaction Backups happened every hour and were written to WORM media.
Databases were backed up with transaction logs every 4 hours to mag tape then ejected until needed.
Complete backups were done once a week by quescesing the database, breaking the RAID 5 + 0, backing up the cold DB while restarting the hot DB. Once the cold backup was complete, the RAID was hot re-synced to the online set.
Disaster recovery was using the cold backup tape (which was a full boot tape, one of the reasons I _like_ RS6000's is you can boot from a backup), then re-running the transaction until it was all current.
Circulation systems did not have RW disks, they booted from a Linux live CD with the OPAC already open.
The run-of-the-mill systems for patrons ran windows. I didn't worry about those as I only ran the Unix/AIX/Linux side but they had image deployment systems. A tech could reimage a machine in under 2 minutes, and I guess they could have remote commanded a re-image, since they did every year anyway.
The system was since pulled down and converted to SaaS with an outside vendor. Seems they didn't want to pay for people and licenses.
And thus it is written - why Microsoft? Because it's cheap and easy to find some stumble bum that can pretend to run your shit. He might even keep it going - at least until it all falls down.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
For one thing, even without administrative access to a computer, ransomware with full access to an employee's user account can do a lot of damage. For another, administrative access might be the result of a cost-benefit analysis that concluded that avoiding the cost of paying employees to sit and produce no value for the company while waiting for the IT department to complete a review of each application or device driver that each employee requires to do his or her job outweighs the risk of being the next ransomware victim.
When I was a kid growing up, the school district used Follett MS-DOS based software. The IBM PS/2 Model 95 server was both an application server and a fileserver and ran Novell 3.12, and the clients were IBM PS/2 Model 25s, 286 PCs with no local storage, which were booted to MS-DOS 5.0 with Microsoft Client for Networks DOS client, which would boot from floppies that the librarians would use each morning, mount the share read-only to open the application, then the application would connect over IPX/SPX to the Novell server to transact. The only problem was that if a client PC was messed up the librarians had problems getting that client PC to come back up. As a high school student I figured out that each boot floppy was personalized, so if one attempted to boot a client with a floppy that had booted a machine already running it would cause a conflict (something like the Novell equivalent of a hostname) so it was simple, I wrote a number on the side of each client PC, and a matching number on each of the floppy diskettes, and the librarians would only use that disk for that PC.
That system worked pretty well for a long time. Then the district IT department replaced that PS/2 server with an NT box, left it broken for almost three months during the school year, and only fixed it when I as a student threatened to fix it. They went to complain to the school administration and were told that I would have that administration's permission to do just that if they couldn't. It was fixed a week later.
Do not look into laser with remaining eye.
LOL, block Word documents. That would be fun to explain to your userbase, and management.
I'm doing fine with Latex thank you very much.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Because many companies require the use of specialized software that ONLY runs on Windows. Look at any industry, and you will find that software. The only companies that can do without windows are the ones that only use web browsers and email.
My industry (chip design and manufacture) runs pretty much with specialized software that only runs on Linux. You can ask for a windows version, but the sales guy would look at you funny.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
make it look easy to administer a system or network
Sounds good up until that point. Decision makers at the top of organizations don't give a rats ass how easy something is to administer -- they hire people to do that for them.
They just want something that works. And they know they can pay somebody to fix it when it doesn't work. Yes, they "paying" part is important! These are people whose entire lives revolve around money and they intrinsically don't trust anything that's free.
And then there's the fragmentation issue. Should they use Redhat or Suse or Yellowdog (wait what?) or Ubuntu or Kubuntu? What's the difference? Explained in phrasing that makes sense to somebody with a degree in Political Science?
Then do you use OpenOffice or LibreOffice or StarOffice? Wait do we still like StarOffice? Why or why not? Will we still like LibreOffice in 3 years? If I pick OpenOffice and I send a doc file to my lawyer, will he see it properly when he loads it up in Word? Or will it have those slight font and margin differences that add up to a completely screwed up layout over the course of an entire document? Will it have them next year when Microsoft releases Office 730? Who do you call to yell at when it doesn't work right? Who do you pay to fix it?
Sure the FOSS crowd can tout their technological superiority and make untested (though likely true) claims of better software security, but they fail horrifically in any sort of business benefits when you get high enough up the org chart that you're dissociated from the technical aspects (and even somewhat from the licensing cost aspects) and are more concerned with the bigger questions of how your business will benefit (even if many of the answers you get from marketroids are misleading or outright false.)
That part should be easy to explain to those types. "Those are several vendors competing for the same market, so if things go wrong you can switch between them without having to completely retrain your tech people. If you start having problems with Windows too bad - Microsoft is the only provider".
Singularity: a belief in the "God" idea with the "demiurge" relation inverted.