Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ransomware Completely Shuts Down Ohio Town Government (techcrunch.com)

Posted by BeauHD on from the control-z dept.

An anonymous reader quotes a report from TechCrunch: In another interesting example of what happens when you don't manage your backups correctly, the Licking County government offices, including the police force, have been shut down by ransomware. Although details are sparse, it's clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up. Wrote Kent Mallett of the Newark Advocate: "The virus, accompanied by a financial demand, is labeled ransomware, which has hit several local governments in Ohio and was the subject of a warning from the state auditor last summer. All county offices remain open, but online access and landline telephones are not available for those on the county system. The shutdown is expected to continue at least the rest of the week." The county government offices, including 911 dispatch, currently must work without computers or office phones. "The public can still call 911 for emergency police, fire or medical response," wrote Mallett.

17 of 106 comments (clear)

  1. So in Licking.... by surfdaddy · · Score: 2

    ...things are not still Ticking!

    1. Re:So in Licking.... by rtb61 · · Score: 2

      Actually technically speaking they are, this is really a high risk game, across international boundaries, it is extremely problematic. They will find a while bunch of agencies from around the world go after them and the penalties could be quite dramatic. Really, really, not a good idea, there will be a severe price to pay.

      --
      Chaos - everything, everywhere, everywhen
  2. Good idea for progressing on secessionist movement by Anonymous Coward · · Score: 2

    If all it takes is a bit of ransomware to shut down government then the secessionist movement of New Hampshire has been doing it all wrong. For those who don't know about the migration of principled libertarians (ie no violence, theft, fraud, or coercion then there is no crime, and government shouldn't be using these things against peaceful people either) to New Hampshire and want more freedom and liberty in our life time then you need to check into this movement. Those who have moved to New Hampshire have a dream of independence for the region. There is a limit to how much government can be shut down once we gain control of the state due to the federal governments existence. For instance copy"right" violates people fundamental rights not to be interfered with given that there is no violence, theft (ie nothing is lost when a copy is made), fraud, or coercion in the case of copy"right" infringement. If you don't like the tyrannical police state and nanny state we live in check out the liberty migration movement (we don't need a majority, just an active minority in order to outnumber the opposing views, and the majority in NH are already not registered democrat or republican)t: http://www.freestateproject.com/ http://forum.shiresociety.com/ http://www.freekeene.com/ http://www.freetalklive.com/

  3. Don't blame all employees by omnichad · · Score: 2

    If it's hitting central servers and shutting everything down, it's probably a weak RDP password with port 3389 wide open. That's what the last ransomware I saw involved.

  4. Re:Automatically fired by Anonymous Coward · · Score: 2, Informative

    No. Only everyone working in IT should be fired.

    How about whomever overrode the IT department with regards to security?

    "Nah, that makes it too hard to do our jobs. Just use one shared admin account that is always logged in on all machines, so we can just do whatever we need to..."

  5. That presumably all-seeing NSA by Applehu+Akbar · · Score: 4, Interesting

    Can a new administration with no concern for political correctness finally turn the NSA loose on finding ransomware perpetrators? Since we in here have decided that their Internet surveillance efforts are omnipotent, they should be able to trace a surveilled Bitcoin payment back to them. Then we hire local talent for "wet work" in killing them off in some eye-catching manner, dissuading others from entering the business.

    1. Re:That presumably all-seeing NSA by AHuxley · · Score: 2

      Groups have considered that. The staging servers are in safe nations surrounded by layers of real people doing active counter surveillance.
      Say the NSA finds a server in Australia, Canada, NZ or the UK? Lots of support over decades so information is passed and kept very secure.
      A request is created by another US law enforcement agency to hide the NSA origins of the data found.
      Another nation creates a 12 person police team to look at the people using the server. Say 3 person police team on duty, a few shifts per day to watch the area of interest.
      The local inward looking, isolated cult like community soon notices the new vans, tracks, cars, new utility workers doing no real work or small groups of new people who just don't fit in that community. A new camera in a box on a utility pole facing a site.
      Locals will then surround, chat down and confront the undercover police teams. Once photographed teams of undercover police are not much use in that area. Local police then have to help escort the now photographed "undercover" teams out of the area.
      The server is moved only to start up in another safe area once the community works out who is of interest to that police team.
      If an attempt was made to remove the servers by using cyber methods a nations internet provider or gov network would be altered and corrupt staff doing the clean up would find traces of new NSA cyber methods in the wild and report them globally as interesting new malware.
      Most groups set up bait servers just to see what gov, mil, other groups, firms, contractors come looking and what methods they use.
      Groups have layers of counter surveillance options just by selecting a no go part of a city where every police or undercover police action is very easy to spot as it enters that part of a city. The wider local community knows every face, every car, every normal government and city worker expected to be in the area.
      Telco and local gov workers are also loyal to cult like criminal groups over generations of staff and warn of any changes to ISP, telephone networks when normal gov/police logging is requested on local phone numbers or ISP accounts.
      Bribes, infiltration gives days or hours of any local police action. More secure federal police units on the move are spotted in most nations with enough warning to escape. Hardware is lost but teams regroup with funds to set up new servers.
      The only way around such methods is satellite collection, mil grade surveillance aircraft looking at all wireless networks, or unexpected national telco upgrades that totally bypass all local staff. Teams of criminal informants recruited by federal law enforcement to try and renter their old communities hoping their stories and cover holds. Informants are a huge risk as criminal groups know their methods and hire as needed internally, not from people seeking to join.

      Staff members with insights into no go communities are a huge risk too, are they loyal or can they ever be trusted? Law enforcement and the security services in most nations are been filled with many new "translators" and "experts" many of who will report back to their own faiths, cults, criminal groups or other nations.
      Just finding a server is easy. Getting any more details is hard work. Even the new hiring practices of the police and security services now allow for surveillance to be discovered.

      --
      Domestic spying is now "Benign Information Gathering"
  6. Re:Automatically fired by GerryGilmore · · Score: 4, Insightful

    Sadly, a typical reaction today... Fire/LockUp/Execute Everyone Even Remotely Connected to Scandal-De-Jure...FFS, most of these same commenters also want to "shrink government", "cut taxes", etc. NONE of which is going to: improve training and testing; expand, fund and enforce standards across municipalities; enhance LEO capabilities to track and prosecute attackers. But - Hey! - we get to sound awful tough!!

  7. Re:Automatically fired by rubycodez · · Score: 3, Insightful

    Wrong, town would be without protection is all that would happen with your stupid juvenile solution. Most those people can't be expected to be IT experts, and in fact this situation proves that services can exist without a computer in sight.

    Wrong to say backups are a solution, you could the malware nicely backed up too.

  8. Re:Oh, for fork's sake by Ol+Olsoc · · Score: 3, Insightful

    We need to start having MASSIVE fines and petty jail time for this. training, phising warnings, attachment warnings- these things happen daily. Someone that still does this needs to be made to suffer. Then, maybe, people will take the warnings seriously. Is there a malicious negligence or depraved negligence charge we can level at them?

    Because getting caught in a phishing scheme is not necessarily depraved indifference. Having to turn off an adblocker so you can get into Forbes.com is plenty enough to get you owned.

    I've seen plenty of competent people get owned. Would you make a vow to commit suicide if you ever in your life got malware on your computer? I sure wouldn't.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  9. Re:fool me once by nobuddy · · Score: 2

    When do the staff who failed to create an adequate backup strategy, or the brass who shut down the staff who wanted to do that, be similarly fired for gross incompetence?

    this hits home. I had a remote site with critical data that had no backups. for 3 years I kept telling the CFO we need this budgeted to add backups. Always put off "till next quarter". Not even a small budget for a CD-R and manual backups. nada.

    Then it happened. Failed system, data lost. No way to recover. Somehow, all my fault. I was fired for it. Presenting my emails and disaster recovery plan requests fell on deaf ears. I was IT, it was my responsibility to prevent.

  10. Re:Automatically fired by CaptainDork · · Score: 3, Informative

    Treason is vacuous in this context (and all others right now).

    Article III, Section 3:

    Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.

    The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture except during the life of the person attainted.

    No one in this matter is a United States citizen who has declared war against the United States. The last time that happened was the Civil War.

    The United States does not have any enemies. There is no list of enemies. The last time the United States had an enemies list was World War II.

    This also explains why Snowden could not be charged with treason.

    --
    It little behooves the best of us to comment on the rest of us.
  11. Actually, the article states that... by nuckfuts · · Score: 3, Interesting

    County Auditor Mike Smith saw the bright side. “Apparently, our clock still works,” he told the Newark Advocate.

  12. Re:The worst part about this... by doesnothingwell · · Score: 2
    I worked for Ohio government offices for 15 years, you'll never find a tighter bunch of inbred boot lickers anywhere. Politic and games abound like the time: (cue the flashbackeffect), I once had the departing elected prosecutor tell me to erase the server files. I did so but commented this must be legal as it is being requested by the ruling interpreter of law for the area.

    Fast forward a week later and the new prosecutor want to know where the files are, so I told him and he was "not happy at all." I explain that ruling authority at that time ordered it so and suggest he take it up with the recently departed prosecutor, there was much posturing and sabre rattling.

    If I had resided in his local area I would probably have spent some time in a cell. I had the files on backup tape in my desk so all was forgiven. Always cover your ass.

    --
    They can have my command prompt when they pry it from my cold dead fingers.
  13. Re:Automatically fired by El+Cubano · · Score: 3, Informative

    most of these same commenters also want to "shrink government", "cut taxes", etc. NONE of which is going to: improve training and testing; expand, fund and enforce standards across municipalities; enhance LEO capabilities to track and prosecute attackers. But - Hey! - we get to sound awful tough!!

    Actually, it is not difficult to accomplish both. For example, you could shrink government substantially by implementing a national retail sales tax (lots of conservative lawmakers have proposals, so there plenty of choices) and replacing the entire IRS with something like a 10-20 person office responsible for processing sales tax receipts (this would actually be super easy since sales tax is already collected in something like 99.9% of the US). You could also eliminate entire executive departments that don't actually do anything productive (like education; seriously, the more money the federal government spends on education, the worse it gets, so we should try something different). Those two changes alone would free up considerable funding to apply to the items you list and would result in a net smaller federal government that is also leaner (as defined by doing more of what government should do, like LEO, and less of what it shouldn't, like anything not specifically listed in the constitution). And that is without even touching the sacred cows of social security and medicare.

  14. Backup/Backup/Backup/Backup/Backup by felixrising · · Score: 3, Insightful

    I've had the dubious honour of dealing with and recovering from two attacks in the last two years. On both occasions we had one or more staff open a phishing email and execute the ransomware. On both occasions the ransomware successfully encrypted over 250000 files on file shares. We do have quite a reasonable level of protection in place, including 1) AntiVirus and Anti-Malware (useless in both accounts), 2) moderate level of security groups for users limiting access to only those files they require, with exception of a "temp share" which is a dumping ground for all kinds of stuff, but cleared automatically every 30 days, 3) file name/extension ACLs on windows shares that prevent files like .encrypted .EnCiPhErEd from being created on the file system 4) daily backups. In each case, we still had to do targeted purge/restore to get the files back. We never for a second thought about paying the ransom. I restored all files within 4-6 hours, using a mixture of scripts and manual review of folders and files. The best solution is have great back-ups... those backups should be regularly tested and monitored for success. With good backups, you can recover in a very short time frame....

  15. Re:Automatically fired by apoc.famine · · Score: 2

    The problem with a sales tax is that it's inherently regressive. If you live paycheck-to-paycheck, something like 50% of your money gets taxed. (Assuming the other 50% is rent, debt payments, utilities, etc.) If you make upper middle-class or higher income, and you can bank or invest half of that, with the same ratio for the rest of it, you're getting taxed on 25% of your money.

    The more you make, the less you're proportionally taxed. So someone making $20k/year may be taxed on $10k of it, while someone making $200k (10x as much) may only be taxed on $50k of it. (5x the tax for 10x the income.)

    This is why tax codes get so crazy. If you want people to pay a proportional amount of their income in tax, you need the tax code. But that usually means that you need to tax the poor to unreasonable levels to get the money you need. So then more laws are needed to shift collections from the poor to the rich, so that you're extracting a reasonable amount from both groups. And then the rich don't like that, so they bribe (or are) lawmakers and get loopholes put in to shelter money, and, that's where we are today.

    --
    Velociraptor = Distiraptor / Timeraptor