Slashdot Mirror

← Back to Stories (view on slashdot.org)

Alaskan Town Finds Solace in Typewriters Following Last Week's BitPaymer Ransomware Infection (bleepingcomputer.com)

Posted by msmash on from the whatever-works dept.

Catalin Cimpanu, reporting for BleepingComputer: On Monday, officials from Matanuska-Susitna (Mat-Su), a borough part of the Anchorage Metropolitan Statistical Area, said they are still recovering from a ransomware infection that took place last week, on July 24. The ransomware infection crippled the Borough's government networks and has led to the IT staff shutting down a large swath of affected IT systems. [...] Officials said they were planning to clean and reinstall 650 desktop computers and servers located on the parts of the Mat-Su network believed to be affected. [...] "Without computers and files, Borough employees acted resourcefully," said Mat-Su Public Affairs Director Patty Sullivan last week. "They re-enlisted typewriters from closets, and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings." Mat-Su IT Director Eric Wyatt identified the "virus" as the BitPaymer ransomware earlier this week, the report said.

22 of 111 comments (clear)

  1. ...no payment made... by ole_timer · · Score: 3, Informative

    ...from what I understand no payment was made...backups were ok, even if a year old

    --
    nothing to see here - move along
    1. Re:...no payment made... by geekmux · · Score: 2

      ...backups were ok, even if a year old

      At the speed of business today, year-old data is not a "backup". That's a fucking time capsule.

      And if that DR plan is "OK", then I have to question why this organization wasted money upgrading their typewriters years ago...

    2. Re:...no payment made... by Anonymous Coward · · Score: 4, Interesting

      My understanding is that all systems, including backups, were under the same domain controllers. The domain controllers were compromised and all reachable systems (including current backups) were encrypted. The year old backup sounds like someone found an old tape backup archive.

    3. Re: ...no payment made... by Train0987 · · Score: 2

      Say what? Utility bills? Water meter readings? Sewage stats? Accounts payable? Payroll?

      That's what your municipal gov't does.

  2. Maybe switch to Linux by Tough+Love · · Score: 4, Interesting

    Maybe switch to Linux. How many more times does this need to happen before somebody gets a clue?

    --
    When all you have is a hammer, every problem starts to look like a thumb.
    1. Re:Maybe switch to Linux by ole_timer · · Score: 4, Interesting

      ...not really...https://linux-audit.com/linux-and-the-rise-of-ransomware/

      --
      nothing to see here - move along
    2. Re:Maybe switch to Linux by Train0987 · · Score: 2, Funny

      The typewriters were more useful than Linux.

    3. Re:Maybe switch to Linux by Anonymous Coward · · Score: 3, Insightful

      don't hire morons that can barely open microsoft word to be your "it staff".

      train your mouse jockies and paper pushers, and treat them well enough so your office staff doesn't turn over every 6 months requiring you to train new worker bees constantly.

      problem solved.

      linux is cheaper, period. unless you absolutely cannot live or function without a windows-exclusive title. and think real hard before you choose windows.. do you *really* **REALLY** need that particular application or will something else work, or perhaps even work better.. you just never though to actually look for alternatives??

      don't believe the microsoft shills (including the government entities being paid by microsoft to 'switch back') and sponsored research 'studies'.... they're entirely bullshit.

    4. Re:Maybe switch to Linux by Anonymous Coward · · Score: 2, Insightful

      I don't think Linux would help to fix stupid... Windows can be made pretty secure, linux can be made very insecure. Regular users should be locked down without the ability to install applications regardless of the OS. If they need to ability to install apps, it should be on a separate machine outside of the firewall.

    5. Re:Maybe switch to Linux by Train0987 · · Score: 3, Insightful

      This is a local government we're talking about. What are the costs to retrain every employee? What are the costs for all the new hardware that doesn't have Linux drivers? What are the costs to rewrite the water-billing software, payroll software, work order system, etc, and then integrate them all together? How many Linux gurus are willing to take the pay cut to work at the same rate as a Windows guru?

      It might sound great as an academic exercise but in the real world it is not cost effective. If Linux ever did approach the market share of Windows then the Ransomware problem on Linux would grow to be just as bad.

    6. Re:Maybe switch to Linux by CaptainDork · · Score: 2

      Also: German State Plans To Migrate 13,000 Workstations From Linux to Windows

      And:

      Munich Council: To Hell With Linux, We're Going Full Windows in 2020

      --
      It little behooves the best of us to comment on the rest of us.
    7. Re:Maybe switch to Linux by Anne+Thwacks · · Score: 3, Insightful
      What are the costs to rewrite the water-billing software, payroll software, work order system, etc, and then integrate them all together?

      Probably not very much if the original systems are properly documented so you have a clear idea of what you are doing, and plenty of test data. Plus your hardware costs would probably be 1/4 what they are at present, so you could factor this as part of your "rolling upgrade plan" -you do have plans for a rolling upgrade, don't you?

      How many Linux gurus are willing to take the pay cut to work at the same rate as a Windows guru?
      Since they are probably 4 times as productive (ie believe the statistic is more like 10 times) none would need to.

      You clearly have no idea how costly it is to keep a pile of shit like Windows on the road, even without malware problems.

      --
      Sent from my ASR33 using ASCII
    8. Re:Maybe switch to Linux by Zontar_Thing_From_Ve · · Score: 2
      I can tell from your post that you have never worked for any government agency, ever.

      What are the costs to rewrite the water-billing software, payroll software, work order system, etc, and then integrate them all together?

      Probably not very much if the original systems are properly documented so you have a clear idea of what you are doing, and plenty of test data. Plus your hardware costs would probably be 1/4 what they are at present, so you could factor this as part of your "rolling upgrade plan" -you do have plans for a rolling upgrade, don't you?

      Systems won't be documented. Whatever 3rd party wrote them will make sure of that so the government will have to pay them for any future changes. And you could knock me over with a feather if what apparently is something like a county government has any plans for a "rolling upgrade" in the future. Their plan is to keep using old systems until they fall apart and they have to buy new ones.

      How many Linux gurus are willing to take the pay cut to work at the same rate as a Windows guru? Since they are probably 4 times as productive (ie believe the statistic is more like 10 times) none would need to.

      You clearly have no idea how costly it is to keep a pile of shit like Windows on the road, even without malware problems.

      In the old days, they used to say "Nobody got fired for buying IBM". Now nobody gets fired for buying Windows. Plus, people know how to use Windows. You want to run Linux? Good luck getting a bunch of non-techies to get in board with reading email via anything but Outlook. I can assure you that governments don't care how much it costs to run Windows. Plus, for what it's worth, my previous employer tried to suck up to Microsoft (they gave us a pittance of their business, but they were a customer we had) and actually wrote and published a white paper "proving" that Windows was more cost effective than Linux, which was hilarious because the majority of our business actually ran on Linux. So you can say all you want that Linux is cheaper, but some pointy haired boss will have no problem finding various papers saying otherwise.

  3. Nice to see by Rick+Schumann · · Score: 4, Insightful

    Nice to see some people in this country aren't so dependent on high technology that they can still operate without it.

    1. Re:Nice to see by Rick+Schumann · · Score: 4, Informative

      4 out of 5 Oklahoma kids can't read an analog clock
      One in seven Britons can't read the time unless it's digital
      80% of kids can't read an analog clock
      I personally know 'youngins' who believe that analog electronics are completely obsolete and that you can't do anything useful unless you have at least a microcontroller to work with. Imagine their faces when I show them a crystal radio receiver, doesn't even use a battery, how does it even work??? xD
      Also realize that anyone born in the 90's or later can't imagine a world without the Internet and smartphones. They've likely never been to a public library and think that books only come from Amazon. They wonder how people communicated before 'social media'. If they had to call someone on a rotary-dial phone they'd be totally lost, and hearing the clicking in the receiver, they might be convinced it's broken. For that matter they might try to unplug it from the wall, certain that's just to 'charge' it, then maybe think the battery is bad when it doesn't work.
      They don't think that anyone listens to broadcast radio anymore, and has no idea that that metal thing on someone's roof is a TV antenna, or that you can actually watch TV for free in the first place.
      It's not a matter of 'stupid' so much as it is a matter of 'no experience with these things'. Some of them are stupid, however, because they were raised with so many modern conveniences that they didn't have to learn to take care of themselves as much with their own two hands and their own brain. Why learn things when you have the Internet on your smartphone? Why learn to drive a car when you can just call a ridesharing service to pick you up? Why bother to learn to cook when you can just pick something up somewhere? Why learn how things actually work, or learn how to build things from raw materials when you can buy just about anything you could imagine (and you've been convinced that if you can't buy it, you don't need it anyway)?
      I don't know if you're young or old, but (You) are not talking like you're very smart at all, friend AC.

  4. Re:Well, according to Sarah Palin... by faedle · · Score: 2

    There's always one asshole that can't help but ruin a decent joke.

  5. Re:Well, according to Sarah Palin... by greenwow · · Score: 2

    She never said that.

  6. Re:Competent network/system admins by faedle · · Score: 2

    I've been there. No competent IT person in their right mind would move up there. It's considerably north enough from Anchorage (about 50 miles) that your commute would suck (if you want to live somewhere real), and the wrong mix of "rural" to appease the people who want to live in the middle of nowhere, and .. Palmer is a shithole anyway.

  7. Re:Competent network/system admins by Krazy+Kanuck · · Score: 2

    No worries man, more for me. No person in their right mind would move to Alaska for its beauty and freedom then shack up in some hole like Anchorage.... Palmer is a bit dumpy though, but its a really insignificant part of the borough let alone the state.

  8. Back up the truck ... by CaptainDork · · Score: 2

    ... and explain how the ransomware entered the system.

    Was it email phishing or malicious website, a direct attack through an exploit?

    All this shit about moving to Linux and stuff is radical given that any weak entry points are not OS-related.

    --
    It little behooves the best of us to comment on the rest of us.
  9. There's another reason not be so reliant on tech by Solandri · · Score: 2

    Power failures. When I lived in the boonies, power failures were pretty frequent. They usually lasted a few seconds to a few minutes, so I bought UPSes and figured I was safe.

    Then one night during a storm, the power went out. My UPSes kicked in, but the power didn't come back for more than 10 minutes. So I shut down my desktop and switched to my laptop. But 45 minutes in I lost Internet (I figure the cable company's battery backups ran out). No problem, I could chill for a few hours playing games on my laptop connected to a 12V car battery I kept around for such emergencies. Right? Turns out a tree fell over and took out the main power line. It took them 3 days to repair it. No electricity meant no heat, lights, hot water, refrigeration (I ended up putting most of the food in a basket and putting that outside), or computers. What ended up saving me was an antique wood stove. I chopped up some spare wood 2x4s left over from redoing the fencing, and burned those. For 3 days that was my only way to heat the house, warm water, and cook meals. I had candles, but fortunately my supply if AA batteries for my flashlights held.

    I ended up moving soon after, but a generator was next on my shopping list if I hadn't. I moved back to Southern California with a much better appreciation of what it's going to be like when The Big One hits. I ended up buying a diesel truck with 110V AC outlets, and keep spare cans of diesel fuel in the garage (it can last for years with additives to kill biological organisms, unlike gasoline which usually goes bad after a few months). Been mulling over getting solar panels plus a battery bank installed as well; I'm just not sure if this is the house I want to continue living at.

  10. That's not really a backup then by Solandri · · Score: 2

    Ideally, backups should be stored offline (precisely to prevent ransomware from encrypting it) and off-site (in case the building burns down). Backing up your files to an always-accessible hard drive on a nearby system isn't much better than copying them to a second hard drive on the same computer.