Slashdot Mirror
Ransomware Completely Shuts Down Ohio Town Government (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: In another interesting example of what happens when you don't manage your backups correctly, the Licking County government offices, including the police force, have been shut down by ransomware. Although details are sparse, it's clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up. Wrote Kent Mallett of the Newark Advocate: "The virus, accompanied by a financial demand, is labeled ransomware, which has hit several local governments in Ohio and was the subject of a warning from the state auditor last summer. All county offices remain open, but online access and landline telephones are not available for those on the county system. The shutdown is expected to continue at least the rest of the week." The county government offices, including 911 dispatch, currently must work without computers or office phones. "The public can still call 911 for emergency police, fire or medical response," wrote Mallett.
Can a new administration with no concern for political correctness finally turn the NSA loose on finding ransomware perpetrators? Since we in here have decided that their Internet surveillance efforts are omnipotent, they should be able to trace a surveilled Bitcoin payment back to them. Then we hire local talent for "wet work" in killing them off in some eye-catching manner, dissuading others from entering the business.
Sadly, a typical reaction today... Fire/LockUp/Execute Everyone Even Remotely Connected to Scandal-De-Jure...FFS, most of these same commenters also want to "shrink government", "cut taxes", etc. NONE of which is going to: improve training and testing; expand, fund and enforce standards across municipalities; enhance LEO capabilities to track and prosecute attackers. But - Hey! - we get to sound awful tough!!
Wrong, town would be without protection is all that would happen with your stupid juvenile solution. Most those people can't be expected to be IT experts, and in fact this situation proves that services can exist without a computer in sight.
Wrong to say backups are a solution, you could the malware nicely backed up too.
We need to start having MASSIVE fines and petty jail time for this. training, phising warnings, attachment warnings- these things happen daily. Someone that still does this needs to be made to suffer. Then, maybe, people will take the warnings seriously. Is there a malicious negligence or depraved negligence charge we can level at them?
Because getting caught in a phishing scheme is not necessarily depraved indifference. Having to turn off an adblocker so you can get into Forbes.com is plenty enough to get you owned.
I've seen plenty of competent people get owned. Would you make a vow to commit suicide if you ever in your life got malware on your computer? I sure wouldn't.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Treason is vacuous in this context (and all others right now).
Article III, Section 3:
Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.
The Congress shall have power to declare the punishment of treason, but no attainder of treason shall work corruption of blood, or forfeiture except during the life of the person attainted.
No one in this matter is a United States citizen who has declared war against the United States. The last time that happened was the Civil War.
The United States does not have any enemies. There is no list of enemies. The last time the United States had an enemies list was World War II.
This also explains why Snowden could not be charged with treason.
It little behooves the best of us to comment on the rest of us.
County Auditor Mike Smith saw the bright side. “Apparently, our clock still works,” he told the Newark Advocate.
most of these same commenters also want to "shrink government", "cut taxes", etc. NONE of which is going to: improve training and testing; expand, fund and enforce standards across municipalities; enhance LEO capabilities to track and prosecute attackers. But - Hey! - we get to sound awful tough!!
Actually, it is not difficult to accomplish both. For example, you could shrink government substantially by implementing a national retail sales tax (lots of conservative lawmakers have proposals, so there plenty of choices) and replacing the entire IRS with something like a 10-20 person office responsible for processing sales tax receipts (this would actually be super easy since sales tax is already collected in something like 99.9% of the US). You could also eliminate entire executive departments that don't actually do anything productive (like education; seriously, the more money the federal government spends on education, the worse it gets, so we should try something different). Those two changes alone would free up considerable funding to apply to the items you list and would result in a net smaller federal government that is also leaner (as defined by doing more of what government should do, like LEO, and less of what it shouldn't, like anything not specifically listed in the constitution). And that is without even touching the sacred cows of social security and medicare.
I've had the dubious honour of dealing with and recovering from two attacks in the last two years. On both occasions we had one or more staff open a phishing email and execute the ransomware. On both occasions the ransomware successfully encrypted over 250000 files on file shares. We do have quite a reasonable level of protection in place, including 1) AntiVirus and Anti-Malware (useless in both accounts), 2) moderate level of security groups for users limiting access to only those files they require, with exception of a "temp share" which is a dumping ground for all kinds of stuff, but cleared automatically every 30 days, 3) file name/extension ACLs on windows shares that prevent files like .encrypted .EnCiPhErEd from being created on the file system 4) daily backups.
In each case, we still had to do targeted purge/restore to get the files back. We never for a second thought about paying the ransom. I restored all files within 4-6 hours, using a mixture of scripts and manual review of folders and files.
The best solution is have great back-ups... those backups should be regularly tested and monitored for success. With good backups, you can recover in a very short time frame....