Atlanta Still Struggles To Recover From Ransomware Attack

An anonymous reader quotes Reuters: Atlanta's top officials holed up in their offices on Saturday as they worked to restore critical systems knocked out by a nine-day-old cyber attack that plunged the Southeastern U.S. metropolis into technological chaos and forced some city workers to revert to paper... Police and other public servants have spent the past week trying to piece together their digital work lives, recreating audit spreadsheets and conducting business on mobile phones in response to one of the most devastating "ransomware" virus attacks to hit an American city. Three city council staffers have been sharing a single clunky personal laptop brought in after cyber extortionists attacked Atlanta's computer network with a virus that scrambled data and still prevents access to critical systems. "It's extraordinarily frustrating," said Councilman Howard Shook, whose office lost 16 years of digital records...

City officials have declined to discuss the extent of damage beyond disclosed outages that have shut down some services at municipal offices, including courts and the water department. Nearly 6 million people live in the Atlanta metropolitan area... Atlanta police returned to taking written case notes and have lost access to some investigative databases, department spokesman Carlos Campos told Reuters... Meanwhile, some city employees complained they have been left in the dark, unsure when it is safe to turn on their computers. "We don't know anything," said one frustrated employee as she left for a lunch break on Friday.
"Our data management teams are working diligently to restore normal operations and functionalities to these systems," said a spokesperson for the police department, adding that they "hope to be back online in the very near future."

They should all be sacked.

They should all be sacked.
Backups. Backups. Backups.
Simple. Known process.
Not done = sacked.

Re:They should all be sacked.

[Narcocide]

This is the inevitable outcome anyone could have foreseen would arise from letting people who don't care about security sell millions of computers to people who don't understand security. If there had been a backup server I guarantee it would have just been hacked too.

Re: They should all be sacked.

There's a serious lack of accountability at all levels when it comes to IT security.

One of the biggest benefits of the industry 's move to Cloud, imo, is to remove certain classes of vulnerabilities from the hands of many organizations since I don't expect real accountability to ever increase.

Re:They should all be sacked.

[PolygamousRanchKid+]

This is the inevitable outcome anyone could have foreseen would arise from letting people who don't care about security sell millions of computers to people who don't understand security.

Next to stupidity, greed is one of humans' finest traits.

Has anyone considered that this might have been an "inside job" . . . ? Like, a disgruntled city employee purposely starting the infection for a small fee from the ransomers . . . ?

It would be interesting to see if they can trace the spread back to a "patient zero".

Re:They should all be sacked.

[Z00L00K]

Never underestimate the power of human stupidity.

Anyway - this also highlights the need to really segment your data nets so that an intrusion don't propagate easily.

And backups are also important of course. CD-ROMs are decent for short term archiving, but for long term archiving we need something better. SD cards also have a little "lock" switch, but it's in reality telling the computer that the device is read only so it's not proof against extreme hacks.

Re:They should all be sacked.

[Narcocide]

The part that bugs me is that the effect is completely indistinguishable from the equally likely probability of completely accidental cross-contamination from an employee's personal USB device.

Re: They should all be sacked.

Wee todd did. Atlanta's demographic is funny.

Re: They should all be sacked.

Pure malice will do it. Since most people at work are utterly cunts, I've no doubt this was done for payback.

Re:They should all be sacked.

[hey!]

What I can't understand is why these high profile ransomware attacks haven't prompted a rush to adopt copy-on-write filesystems. It's not like ZFS is exactly new.

I understand that because of cost places like Atlanta try to run their networks with the least expertise they can get away with, but projects like FreeNAS make it really easy. I have a cheap server running at home and have background tasks scheduled to rsync changes to it. It's like it's not even there, but if I need to I can mount the NAS box and right click on a file in Windows and access the all the previous versions.

Re:They should all be sacked.

Maybe someone should stop by your house later today and wipe the data from every computer and device you own. And then we'll see if your backups cover everything you need, won't we?

Re: They should all be sacked.

If you donâ(TM)t touch my backups in my parents their safe I only lost my âDowloadsâ(TM) folder. How fucking hard is it to copy your shit to a â100,- external drive and store it at your parents, children or trusted friend?

Re:They should all be sacked.

[sacrilicious]

Never underestimate the power of human stupidity.

To fail to do so would be stupid.

Re:They should all be sacked.

[jellomizer]

Unless you are working for a government agency with bosses who don’t want to fund your department.

Backups cost money. Redundant off site hot failover systems cost more.
Please explain to the general public on why the city should have computers running in hope you don’t need to use them. When they can use that money to feed the poor.

I have done years of consulting and working across many agencies. And for nearly every agency the tech workers are not incompetent, I may disagree with their methods, but they know what they are talking about. The bosses on the other hand especially ones without technical background, see the IT departments as a cost center. So will invest the minimum necessary to keep it running. They don’t realize that their equipment is being attacked constantly and it is only matter of time until something gets across.

Current I work in healthcare and luckily management invest a lot into IT. So when spyware hit we only suffered minor damage and had it restored running with 15 minuets of missing data. After that incident we in the IT area was livid, and doubled our efforts to stop it again.

Re:They should all be sacked.

[jellomizer]

You are suggesting a Unix approach to a Windows problem.
Sure it works fine, and you will be better off in the long run and it would be cheaper too. But that isn’t was Windows was designed. You need to buy multiple thousands of dollars on a app to do this. That is often overkill for the need at hand. Because having that app on the resume looks better then a tiny little tool that does the trick.

Re:They should all be sacked.

[admin7087]

A targeted ransom attack can certainly not be prevented by a copy-on-write filesystem - or mere backups, for what it's worth.

Re:They should all be sacked.

[hey!]

If you think of security exclusively in terms of prevention you are in deep trouble.

Re: They should all be sacked.

[Type44Q]

Patient zero is the mouthbreather who specified the requirement for Microsoft products... lots of 'patient zeroes' in the corporate world... the 'B Ark' comes to mind; so does forced sterilization...

Re:They should all be sacked.

[swb]

There's so many ways storage and backups and could be leveraged to mitigate this, although I would imagine for most sites with Windows it would revolve around existing storage platform snapshots or VM backups to offline storage or in isolated security realms, not "zfs" by itself.

I have clients that run hourly incrementals of all VMs and their backup runs in an isolated security realm (firewalled, some physical network isolation and no shared or trust-related Windows security relationship).

Re: They should all be sacked.

The problem with a lot of those systems is the requirement to deduplicate on the backup server. I found that UR backup was much better due to the client app not sending the duplicate data over the network. When you have to scale up that matters. And that system saved us a lot of downtime when one of our accountants got ransom-wared. Nuke, pave, restore in a few hours.

Re:They should all be sacked.

This is the inevitable outcome anyone could have foreseen would arise from letting people who don't care about security sell millions of computers to people who don't understand security. If there had been a backup server I guarantee it would have just been hacked too.

If your backups can be corrupted by someone hacking into your server, then they aren't really backups.

Tape is still widely used for backups for a good reason. We rotate ours offsite, and our contingency plan if we do get hacked is to rebuild the backup server from scratch and restore from backup, we have 4 weekly, 4 monthly, and 8 quarterly sets of backup tapes off site, so we can go back 2 years if needed to get a good backup.

Re:They should all be sacked.

Saw it coming! Can't sack dem nibbaz no matter how blatent they plaY-THe-F0OL. What's next --- equal abortion rights for gaffots ?

Re: They should all be sacked.

[hey!]

You can have rsync only send updated blocks. Or you could simply use a COW file system mounted by iSCSI on your windows servers, if you prefer simplicity to features.

Re:They should all be sacked.

When they can use that money to feed the poor.

Feed the poor?!? What an absolute crock. The city could choose to feed the poor, but they've shown that they'd much rather buy new football and baseball stadiums for local billionaires. So the priorities are crystal clear.

Re: They should all be sacked.

[TechyImmigrant]

There's a serious lack of accountability at all levels when it comes to IT security.

One of the biggest benefits of the industry 's move to Cloud, imo, is to remove certain classes of vulnerabilities from the hands of many organizations since I don't expect real accountability to ever increase.

Yep. I hold my head high as a competent techy, but when it comes to my wife's business, it's cloud all the way. Pay someone else to do the storage security, serving, email and access control. It's cheaper than hiring and a lot easier.

Re: They should all be sacked.

We don't need drivers licenses, license plates, vehicular registration, etc.

I don't want to live in a world where people as dumb as you are allowed to drive unregulated and unsafe vehicles without being tested for basic driving skills.

Re: They should all be sacked.

I don't want to live in a world where people as dumb as you are allowed to drive unregulated and unsafe vehicles without being tested for basic driving skills.

Happens all the time here in California where the state is so greedy for revenue from vehicle registration and licensing fees that it seems like the only qualification necessary for having a drivers license anymore is simply being alive and that's not even mentioning all of the illegal immigrants and others in California who drive with no license, no registration and no insurance whatsoever. So government is definitely not solving the problem of unregulated and unsafe vehicles and drivers out here in California.

Re:From TFA

No - They where probably running outdated Java based web servers, that where hacked using an open source tool.

And those web servers can run on any OS, so it has nothing to do with Linux.

Danny Droptables hits Atlanta?

[deviated_prevert]

WTF? From the brief description what happened sounds like the "virus" spread instantly with a DB injection attack. A simple thing to do if vulnerable old VB6 scripted front end from 20 years ago is still shoe horned into an internet exposed db. Hell there are banks running VB6 coded garbage from 20 years ago and one wonders why we are still getting hosed. There are even a few banks here like the Bank of Nova Scotia that run backend XP desktops up until just a year ago because all of their key db software would only work with a really old activeX front end.

We complain bitterly about problems with industrial espionage and yet we still cheap out and use crapware swiss cheese .Net garbage that hackers in China and Russian can drive a truck through.

Re: Danny Droptables hits Atlanta?

I was with you until you confused VB6 and .Net so apparently you have a knowledge problem here.

Re: Danny Droptables hits Atlanta?

I think you mean Bobby Tables: https://xkcd.com/327/

Re: Danny Droptables hits Atlanta?

[deviated_prevert]

I was with you until you confused VB6 and .Net so apparently you have a knowledge problem here.

No confusion involved. A butt tonne of old VB code is also still out there working so that the look and feel of the interfaces remain static as well as antiquated data base interface requirements that do not get updated because of rewrite and retraining costs. Then the problem becomes leaving network visible vulnerabilities there ignored for a very long time just waiting for a criminal hacker to spot them. The point is how and where in the front end did the attack happen?

Dollars to donuts the attack was done through old in house server code that just sits there and is never fixed because fixing it requires changing old network facing interfaces and retraining all the end users to use the new layouts. Move one feature to a different place or method of entry and bingo you have users complaining about even a simple change like moving a selection field to a different section of an interface. This is the problem in a nutshell, form trumps function and sloppy security is the result.

What's with blaming the Russians and Chinese?

[Bruce66423]

Great post until you mentioned them. Lots of other possibilities - and unless it was government sanctioned, it's especially pointless to mention those particular nations.

Re:What's with blaming the Russians and Chinese?

[Narcocide]

Someone else suggested it first but I'd also place my bets on "disgruntled employee" as the primary threat vector. Furthermore, I'd even go so far as to postulate "a few free days to goof off without any work to do" as the motive.

Re:What's with blaming the Russians and Chinese?

But, Chi.coms husslaz and Ruskiiz muslaaz are SOOOOOOOOOOOOOOOOOOOO guilty ..... send them home with lots of glooom; and let chi.com TVz and routers rot on the docks.

Re: What's with blaming the Russians and Chinese?

Yeah, msft shill. Cant be your employers crapware.

Re: What's with blaming the Russians and Chinese?

[Narcocide]

It really can't, at this point, or they'd have at least been able to fix it by now.

And ... LOL... I'm no Microsoft shill. If you're that bad at reading the context cues maybe you should stop telling yourself you know fuck-all about computers.

Inside job (allegedly)

[Max_W]

It could be very convenient. No further audits are possible, since all documents are gone. All is to start from zero.

Ditch Windows already.

Oh, and JBoss: wasn't it SamSam or a near cousin?

Re:Ditch Windows already.

[guruevi]

From the previous article: "working diligently with support from Microsoft to resolve the issue". So I'm assuming a Windows-based attack vector. Hey let's connect everything to Active Directory and let everything authenticate everywhere. Authorization, yeah, we authenticate everyone through Active Directory.

Re:Ditch Windows already.

From the previous article: "working diligently with support from Microsoft to resolve the issue". So I'm assuming a Windows-based attack vector. Hey let's connect everything to Active Directory and let everything authenticate everywhere. Authorization, yeah, we authenticate everyone through Active Directory.

Sounds like someone has never worked for an organization where the boss is a non-tech person but wants everything to magically work and disregards security. This type of boss wants access to critical data from anywhere without any security measure barrier. Thus, no password protection, no VPN, no firewall, no no no!

Yes and no.

Yes, they should all be sacked.

No, not the IT guys. The beancounters and managers who ignored their advice and failed to foresee the need for a proper backup management strategy for the city. IT knows this crap can happen, and IT tells Management about the need for proper backups, daily, weekly, monthly, on-site, off-site, and tape. We tell them RAID is not a backup strategy. WE tell them without backups their necks are in the noose when, not if, the shit hits the fan.

Well, 9 days ago, the fan got crushed under 16 tons of Grade-A manure. And a LOT of necks are about to get wrung. Sure, IT will get fired, they always do. But this time, everyone who was against backups is gonna go down with them. Cause its not IT's fault the city chose not to have solid backup strategies in place with the vulnerabilities of today, that fault lies solely with everyone who said it was too expensive for no return, too much time for something that didn't make money, or that "education" would be enough protection so we don't need other solutions.

Re:Yes and no.

Cause its not IT's fault the city chose not to have solid backup strategies in place with the vulnerabilities of today, that fault lies solely with everyone who said it was too expensive for no return, too much time for something that didn't make money, or that "education" would be enough protection so we don't need other solutions.

Depends. If they had any kind of audits done, how in the hell did they pass? Who performed them?

Follow the money and you'll understand why this happened. The whole reason external audits even exist is to put this kind of crap entirely back on management, not frontline IT workers.

If indeed it is the case then said auditors should be held liable and barred from any future work.

Re: Yes and no.

Are you saying that the government should intervene in employees choice on whether to back up or not? Are you pro government and anti-freedom? Where will this tyranny end? When they've taken away our stapleguns?

Re:Yes and no.

Depends. If they had any kind of audits done, how in the hell did they pass? Who performed them?

Remember the big credit card breach at Target? They were audited -- and passed -- just a couple of months earlier.

Every company -- EVERY COMPANY -- that has suffered a major breach in the last few years was audited and certified Grade A Okey Dokey a few months before the breach.

Audits are completely useless and meaningless because:

(a) The auditors are just as stupid and incompetent as the people they are auditing
(2) If the auditors start flunking people and telling their clients that they are going to have to fix their shitty broken systems --- i.e., spend a lot of money -- they will quickly lose all their business. So, everyone passes their audits with flying colors.

Re: Yes and no.

The auditors are more stupid and far less competent. You think even half-aware management is going to waste their most talented staff in an auditor seat?? No, that's where you park the deadwood that HR has made too difficult to fire.

Re:Yes and no.

Audits are completely useless and meaningless because:

(a) The auditors are just as stupid and incompetent as the people they are auditing
(2) If the auditors start flunking people and telling their clients that they are going to have to fix their shitty broken systems --- i.e., spend a lot of money -- they will quickly lose all their business. So, everyone passes their audits with flying colors.

This, this, THIS. I briefly worked for a company that provided lockbox services for a number of banks, running them on a "cloud infrastructure" that was actually a number of ancient servers sharing an even more ancient SAN with a failing RAID card. The "data center" was located in an outside-facing suite in an office building next door connected via a single WiFi antenna, with a glass entry door with a single cylinder lock, no cameras/monitoring, no environmental monitoring, no fire suppression beyond the existing sprinkler system, no mantrap (you could clearly see the racked servers and UPSs from outside), and a way underpowered generator that hadn't been started at all in at least a year. Yet, they passed their SSAE 16 Type 2 audit with flying colors.

Re:Yes and no.

[jellomizer]

Audits usually check for the bare minimum. And they may fail some aspects and pass others. So they get a good enough score to stay certified.

Re:Yes and no.

[TechyImmigrant]

>Audits usually check for the bare minimum.

Audits check for compliance -- to ISO 9000, webtrust, NIST, whatever.

The specs are useless because they can't be too prescriptive.

Re:Yes and no.

[dcw3]

It's been quite a few years since I went through an ISO 9001 audit, but I recall thinking what a load of crap it was at the time. I'm no expert on it, but what I was told was that it's primary function was to verify that you followed your processes. But, it did nothing to ensure that those processes were worth a damn. Then, what the fuck good is it? Maybe I was mislead...I've never bothered to look it up.

Re:Yes and no.

[Rastl]

It's been quite a few years since I went through an ISO 9001 audit, but I recall thinking what a load of crap it was at the time. I'm no expert on it, but what I was told was that it's primary function was to verify that you followed your processes. But, it did nothing to ensure that those processes were worth a damn. Then, what the fuck good is it? Maybe I was mislead...I've never bothered to look it up.

This. This is why ISO isn't useful for anything but PR that you have processes in place.

I worked at a bank that provided after hours call center support for banks that didn't want to staff their own. That affiliate got ISO certified as a way to sell the service.

When the ISO auditors were scheduled the departments would cherry pick who got tapped for audit and they darn well knew were the manuals were both on paper and on line. They would also go through one - just one - documented process to show they knew how to do it.

Re:Yes and no.

[Billly+Gates]

Bahahah! That's a good one. The managers will simply fire their IT and give themselves bonuses for doing so now that the troublemakers are gone. Problem solved.

We all have seen Office Space right? The bobs seem to LOVE management everytime and they seem to think they are invaluable unlike I.T. Sadly they are right as HR won't touch them as they have too much power over HR's job.

Some organizations even have a rule that only good ideas come from management and lowly employees need to shut up and take notes in the meetings not to piss them off etc.

The SOUTH Shall Rise Again!

Up out of the shithole it is!

Or maybe not.

Why is it when things go south, things get real stupid? Because it's a shithole, that's why!

Re: The SOUTH Shall Rise Again!

Atlanta isn't really the South. Atlanta is to the South as Austin is to Texas. The all-hat, no-cows cowboy.

Re:The SOUTH Shall Rise Again!

Up out of the shithole it is!

Or maybe not.

Why is it when things go south, things get real stupid? Because it's a shithole, that's why!

Send all the blacks up north and the south will become a virtually violent crime-free paradise.

Re: The SOUTH Shall Rise Again!

Nobody done told Sherman that.

kill the windows servers, and do backups

throw the windows servers in the trash.

and do backups.

Re:From TFA

[guruevi]

WannaCry on Linux, nice try troll.

my CDRS from 1990s still work

I have loads of mp3s/ data / code etc from the late 90s on CDR, they still work well.

Yes they are stored decently, but they all work, unless scratched.

Cant hurt to do multi format back ups, at least discs are EMP proof / water proof.

Re: my CDRS from 1990s still work

Idiot

Re:my CDRS from 1990s still work

[Narcocide]

The problem is the plastic those disks are made of has a minimum guaranteed life span of about 12 years. Sure, you might be able to keep them for 20 or 30 if you keep them out of direct sunlight and don't read them too much, but even then the rotational speeds they have to endure makes the risk of one shattering in the drive an inevitability over the long term. Stored in sunlight or exposed to too much temperature change and even the dye they use for the writable disks can break down, leading to data loss.

Also, I wouldn't gamble that those CDRs are "EMP proof" for anything constituting a weapon-strength EMP. Ever put one in the microwave for 10s?

OK, so it's April 1 & all, but still....

[t2callingt3]

Who can expect anyone to believe they "lost 16 years" of data? 192 consecutive months without backups? Zero offline storage? Pull the other one: it's got bells on it!

Re:OK, so it's April 1 & all, but still....

[whoever57]

Who can expect anyone to believe they "lost 16 years" of data? 192 consecutive months without backups? Zero offline storage? Pull the other one: it's got bells on it!

You are looking at this backwards. As explained by the program "Yes Minister", losing files can be very convenient:

James Hacker: [reads memo] This file contains the complete set of papers, except for a number of secret documents, a few others which are part of still active files, some correspondence lost in the floods of 1967...

James Hacker: Was 1967 a particularly bad winter?

Sir Humphrey Appleby: No, a marvellous winter. We lost no end of embarrassing files.

They should definitely regulate how businesses do

And people think having these types of people that do business as the government regulating how businesses secure data would be so wonderful. Insane!

Re:From TFA

[thegarbz]

Why not? The first thing every Linux installation does is enable interoperability with Windows networking. Wanacry very quickly spreads to SMB shares. If they are writable then a remote client can happily encrypt your shit. Or if you want, https://www.samba.org/samba/se... gives you your own Linux special flavour of Wanacry.

Now yes the GP is a troll, and it most likely wasn't the case. But security is about dealing with the possible, and just running Linux doesn't make you immune from anything, especially not user stupidity.

Re:They should definitely regulate how businesses

And people think having these types of people that do business as the government regulating how businesses secure data would be so wonderful. Insane!

Atlanta is over 80% black. A black-run city is not representative of the rest of the US. Read up about Atlanta sometime. It really is an American shithole in every conceivable way. But don't visit there. It's an incredibly dangerous place to be. Violent crime everywhere. Just like every other black-run nation and black-run city.

I don't care if that's "offensive" I care about if it's true, and it is. Only overgrown children fail to deal with reality.

Re:They should definitely regulate how businesses

LOL. Rural white-dominated areas have far more crime per capita, which is why they all live scared and sleep with AR-15's under their beds. If you want to see a real shithole, go visit rural America sometime. Just be sure to wear full body armor because the murder rate is dozens of times higher in white dominated american rural areas than anywhere else. They will shoot you if you look at them wrong.

Re:They should definitely regulate how businesses

Atlanta is over 80% black.

not true, not even close.
http://www.city-data.com/races...

I live in metro ATL. Non-issue.

It isn't like the other 4.5M people are impacted by what the 500K people in Atlanta do or their incompetent city govt.

City of Atlanta is just 500K people. Hardly the entire metro area of 5+M people. Many of those non-Atlanta govts are efficient, capable, and smart. A few county govts merge their services to save money overall. These aren't tiny rural counties. Metro Atlanta has about 20 nearby counties. Fulton is where Atlanta is.

USA = shithole

lol, this was an NSA exploit and they managed to screw themselves over with it.

So much for computers being helpful

So it finally happened that the computer has become a liability and not a time saver. Its not the computer that is at fault but rather the people who cut corners in protecting them from being hacked. Even the end users probably created their own security risks with lousy passwords or opening up suspicious emails or attachments. More of this to come as hackers see these soft targets as easy prey and too many incompetent people running the systems to do much about it.

Re: So much for computers being helpful

Yeah, they badly need this Bug riddled msft Environment. And it is their own fault if they make one false click.

After all, Linux cannot bribe as nicely as msft!

Re:"Unknown User"

[CAOgdin]

Nonsense! 100% daily backups of systems, using a suite of tools kept offline except during backups activity is ALWAYS a solution....simply because an attack starts at a particular time; anything you've kept offline prior to that time is a resource to be used to recover. Yes, there is the problem of recapturing the lost data in that time interval, but it's a LOT better than having to start redesigning software from scratch AFTER the attack has occurred!

100% daily backups, with recycling of media over a period of a few weeks is a MANDATORY requirement for every computer under my management. Since I started doing that in 2001, I have never had (nor has any client had) an unrecoverable loss of data.

The other trick is keeping data separated from executables. My mantra is "C: is for Code, D: is for Data". The idea that everything should be on the same logical drive is simply WRONG.

There are no perfectly secure systems, and perfection is a fools game. But, simple strategies, unerringly repeated over time, can make recovery from assaults (or hard-disk failure) a straight-forward solution.

Proof!

[fred911]

Stupid is as stupid does.

"Three city council staffers have been sharing a single clunky personal laptop brought in after cyber extortionists"

And no one sees this as an issue? Only in government could people exceed to this level of incompetence and still know they have jobs.

Question:

[beep54]

So has Georgia actually passed a law that will effectively make the investigation of this ransomware attack illegal? That would be both stupid and highly amusing.

Re:Question:

[dcw3]

So has Georgia actually passed a law that will effectively make the investigation of this ransomware attack illegal? That would be both stupid and highly amusing.

They don't know. All the laws were on the servers.

Re:Question:

Georgia already has a law forbidding malicious entry into computer systems.
What it does not forbid (presently) is so-called white hat researchers breaking into systems that they weren't authorized to. That's actually OK right now, so long as you don't take anything or break anything.

Georgia's proposed law is pretty much the same as what 46 other states already have: If it ain't your computer and you don't have permission, then you can't break into it, even if you say you're a "white hat" researcher.

Re:Question:

So has Georgia actually passed a law that will effectively make the investigation of this ransomware attack illegal? That would be both stupid and highly amusing.

They don't know. All the laws were on the servers.

Oddly enough that's not true. The official laws of Georgia, the O.C.G.A, are stored on lexisnexus.com.

Re:"Unknown User"

[TechyImmigrant]

My work windows machine keeps close to 100% immediate backups. As soon as I change a file, it's saved over the network and there are a few weeks of all file changes available for recovery.

An infection is identified pretty quickly, the affected machine(s) isolated and rolled back. Pretty much the only thing you can lose (unless you are really trying) is what you've just typed into the editor.

Real work is done on Linux machines we VNC into, where I understand things are more tightly backed up.

This is not hard. I'm sure they paid real money for the windows backup system and storage and I'm sure they used some good unix foo to set the Linux storage security up. But they did it, but in a large organization like a corporation or government, there is no excuse not to.
 

Re:From TFA

[Joey+Vegetables]

I'm not gonna claim that Linux servers are inherently immune to this kind of attack, but properly rotated backups (in my case daily, weekly, monthly and yearly) limit any potential impact, for Linux or any other kind of server.

Re:From TFA

[thegarbz]

but properly rotated backups (in my case daily, weekly, monthly and yearly) limit any potential impact, for Linux or any other kind of server.

Can we get a "Here! Here!" in here!

I always like to point to two examples of Wannacry which happened in the largest port of Europe:
DHL: Got hit by Wannacry: Completely ceased all delivery operations. The entire business went down for 3 days. Warehouses filled with undelivered packages.
Port of Rotterdam: Got hit by Wannacry: Picked up pen and paper and kept on processing containers at the same rate as before. IT in the background recovered and spent a bit of money on importing the paper trail back into the electrical systems, customers didn't even notice.

What you run rarely at all matters compared to how you run it.

Re:From TFA

[TemporalBeing]

Why not? The first thing every Linux installation does is enable interoperability with Windows networking. Wanacry very quickly spreads to SMB shares. If they are writable then a remote client can happily encrypt your shit. Or if you want, https://www.samba.org/samba/se... gives you your own Linux special flavour of Wanacry.

Now yes the GP is a troll, and it most likely wasn't the case. But security is about dealing with the possible, and just running Linux doesn't make you immune from anything, especially not user stupidity.

I've actually stopped setting up Windows networking by default on my Linux systems, especially my servers. It's easier to install FileZilla or WinSCP on Windows.