Slashdot Mirror
Atlanta City Government Systems Down Due To Ransomware Attack (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.
I'm pretty Microsoft will charge more AND some data will be lost on many many computers. I don't think they have full disk backup on every computer, plus all the time wasted before everything is back online.
Misconfigured group policy and AD privileges leading to one infectee having the ability to encrypt everyone on the network. What are the odds they even have backups for these systems?
WTF.
They might not even decrypt anyway.
Just restore from your excellent backups. Everybody loses a day of productivity, and the courts should have paper records anyway.
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
Only like 10-50% success rate with an average number paid about twice that amount. It's not worth the gamble.
Restore from backup and start using remote Linux sessions for your important data.
Custom electronics and digital signage for your business: www.evcircuits.com
Can you do the same for the state of California? kthxbye
9 outta 10 a user caused this after opening something they should've.
The millennial that doesn't like most of the stuff designed for millennials.
We all know this means they are running Windows.
How many more critical systems have to fall victim to this malware/ransomware bullshit before Windows systems are banned for use in anything critical? Even just the greater likelyhood of that happening to Windows systems should render them unacceptable to use.
In a lot of ways, this complete system shutdown is much worse for everyone than a database being stolen which is the worst case for UNIX backends.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
There are two answers to this question.
1) Nobody. Everything was done by committee, so there is no one person to blame, and no one person to take the fall. This is very common in Public Sector domains, there is nobody TO fire, because no one person is responible for anything. The people at the top are insulated from their boneheaded decisions as the push the blame down the chain. Those down the chain are all in committees that decide everything.
2) The guy at the Bottom, who was only doing what he was told and allowed to do, but nobody likes. He'll get reassigned to another department because they can't really fire him(her), because the process to fire someone is so bad that nobody actually goes through the whole process ever.
That's why nobody is getting fired.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
... "Oh, let's pretend I click on this link ... what will happen next and what will happen after that? The endgame is ransomware? FLAG ON THE PLAY, CALL IT!"
It little behooves the best of us to comment on the rest of us.
Can you do the same for the state of California? kthxbye
yes because you just love to see destruction, loss and death, it's the only thing left that gives you a boner
Courts do not routinely have paper records these days. The federal courts have been electronic since 2004, starting with one court docket in 1996. Illinois, for example, has been mandatory since 2016. Georgia has some e-filing in its courts. Courts simply do not have the space to store the paper any more.
"At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue .. We are confident that our team of technology professionals will be able to restore applications soon."
haaaaaAAAAAAAARRRRR!!!
It's a feature of Windows, not a bug.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
You're correct when you say they might not decrypt. That said, a few points:
1.) Many people doesn't understand that their desktop is not part of what is covered by the backup system. Usually, the level of understanding is inversely related to the importance of the data they work with.
2.) Many people will deliberately store important files outside of what is covered by the backup system. Usually, the likely hood of intentionally bypassing backups is inversely proportional to the importance of the data they work with.
3.) Many people will avoid using company supported systems such as Sage, Great Plains, Outlook/Exchange scheduling, *SharePoint setup in favor of their own home-grown Excel monstrosities. It is absurd the lengths many people will go to avoid working with shared systems. They do this because it doesn't work to their tunnel visioned personal requirements or because the system honestly and objectively sucks, or something in between. Maybe they don't have time to learn how to do thing a new way that will save time. They don't have time to learn because they waste so much time doing things the hard way.
4.) A person who lets the infection inside the castle walls is NOT going to report it out of fear for their job.
People do these things because they believe they are easier, as a means of control and as a way to create job security. Most people are loyal to friends and family but not to customers or their employers. The loyalty shown to customers and employers is because it is required in return to the thing they ARE loyal to: the paycheck.
Yes, assuming the servers have good backups, restore and move on. Most backup systems aren't excellent because they can't quantify if or to what extent they are or can account for points 1, 2, 3 and 4. What if the ransomware was time-bombed so your backups are also messed up. How far back do you need to go? How far CAN you go back in time? Either way, you still have to deal with points 1, 2, 3 and 4.
'Restoring the servers and moving on' completely ignores the human factor. Ransomware, scareware, fishing, whaling and most other successful techniques leverage human factor - they turn off the thinking, logical brain and turn on the fight or flight lizard brain.
*SharePoint was used as an example only because the name is recognizable. In no way was referencing it meant to suggest it is actually increases productivity by providing easier collaboration between coworkers, simplification of workflows, or increased efficiency of information sharing.
Why would you believe Wikipedia on something like this?? On things that aren't emotional, they can be alright, though even there they have the reputation of censoring expert opinions in favor of someone else, or just deciding the entire topic isn't interesting enough.
I think we've pushed this "anyone can grow up to be president" thing too far.
Nobody cares? Didn't you notice that reports say the payroll system was infected?
I think we've pushed this "anyone can grow up to be president" thing too far.
I think you misunderstand the difference between a web site and an operating system.
That said, Linux also has it's holes. There are fewer of them, and more irregularly distributed, and they get patched more quickly, but they exist. It's been claimed by, IIRC, OpenBSD, that they haven't been had an exploit in decades, but I don't recall just when I read that claim. I don't think it's true anymore. Still, if security is your concern, the one of the BSDs would be your best choice. But I'll admit that I'm a Linux user.
I think we've pushed this "anyone can grow up to be president" thing too far.
SharePoint was used as an example only because the name is recognizable. In no way was referencing it meant to suggest it is actually increases productivity by providing easier collaboration between coworkers, simplification of workflows, or increased efficiency of information sharing.
Wait what? We're moving our Lotus Notes applications to SharePoint!
Noooooooooooo
In situations like the aforementioned city government offices, points 1 to 3 are addressed by complete lockdown of local workstations. First the workstations run a virtual machine image of the locked down operating system with the approved configuration and no access to local disks. All reads and writes are from and to secured offsite servers and only by approved programs. No installation of any new applications and only approved applications can run. If somehow a new application is installed, it's wiped at closing time when the virtual machine image is reset back to the initial state in preparation for the next day's business.
Ha. https://it.slashdot.org/story/...
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
That they're still running Windows XP. Or that they haven't installed patches, nor trained their users. And yeah - I pretty much guarantee it's all a Microsoft shop which means even their servers likely got hit.
I do wish we'd bring back the iron maiden, or even the rack. Those were most effective. Tarring and feathering worked well too.
Well if you're doing it right you just have their My Documents or Documents folder pointed at a file server. But that opens up its own can of worms.
When I worked for the RI Sec of State - our public computers ran a Linux distro that wiped on shut down.
Well if you're doing it right you just have their My Documents or Documents folder pointed at a file server. But that opens up its own can of worms.
Yup. For example, the first time someone takes their computer home and doesn't log not the network they panic that all their files are gone. The fix: Save everything to the desktop.
Network goes down. Solution: Save everything to the desktop
The solution isn't technical, even though that is the approach often taken. The problem is that users do not understand how backups work, how to access networks remotely, etc.; and organization do not want to spend money to actually train them as well as come up with a backup solution that actually works. Users just want to get work done and don't care where and how stuff is backed up, as long as it doesn't make their life harder when using the computer.
The lack of training goes beyond backups. I've helped friends by showing them how tehy can add page numbers to documents rather than number them one page at a time; showed them how you can merge an Excel file into Word so that it fills out the appropriate sections instead of cutting and pasting one cell at a time, etc. One person didn't even realize they could save document under a different name. Some simple things, others not so simple; but all point to a failure to realize where a problem exists. It's easy to say "they can learn" but the reality is people will find one way to do a task and continue to do it that way even if it is painful.
Sometimes you can see the train wreck coming. I was working with a company that was installing a brand new financial system. When I laid out the training requirements (which were a lot because there would be entirely new screens, process, old ways to fix errors would no longer work, changes in access, etc.) I got "We don't need all of that. It's still a facial system so it should only take a couple of hours to learn. Oh, and by the way, the help desk won't be ready by go live." I ran away as fast as I could. Last I heard they abandoned the project after much time, money and effort and the IT head got canned.
I'm a consultant - I convert gibberish into cash-flow.
Exactly. We've been hearing about "Linux on the Desktop" from before Linux was even invented. Give up nerds, we lost. Linux is for us, not for them. They get Windows cake.
The difference is the setup. A Unix-like OS will segregate by user and root is rarely needed. In a MS OS you need Administrator to do just about anything, and rarely is software standalone. Can you install Office without Administrator?
Typically, a service that you expose on the network will not have perms to write to the service storage area. So when malware comes in through the front door, it can't do much other than read storage. If there is an elevation path, well, game over. What's the chance of a service in a MS setup having a route through to admin via AD, just from the way it has been configured with AD access group rights scattered to the four winds. These days AD seems the Achilles heal of MS, not it's saviour.
Why UNIX?
And when you do get-apt you almost always use sudu.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
I've found that the most common catch-all is "It's the process, not the people". Blame the testing process, the training, poor documentation, unclear instructions and agree that we, collectively, must improve as a team. It's almost the inverse scapegoating process that happens in private industry. Same with failed projects, that we ran the ship aground is neither the captain nor the crew's fault it's a fault of our project management process. But with more experience and lessons learned we'll be smarter next time, it's like adding more process will turn poor workers into good workers. Or rather we'd not admit to having poor workers at all, they're just good workers who haven't gotten the support they need to shine. And we're sticking to that story in face of pretty damning evidence otherwise.
And it sorta works because if we refuse to point out a scapegoat what will they do? Maybe it's an inefficient department, but they need us and we're not in direct competition with anybody. If they really tried to get rid of someone for incompetence that person would probably try to air as much dirty laundry as possible, like why are you singling me out. And when you've never done any spring cleaning, there will be a lot of it... it's the consistent fuck-ups and the people who've been letting them do it over and over again.
Live today, because you never know what tomorrow brings