Atlanta City Government Systems Down Due To Ransomware Attack (arstechnica.com) 69
An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.
Re: (Score:2)
Microsoft will charge more... with less result (Score:4, Insightful)
Re: (Score:2)
Re:$51K to restore all of the city's computers? (Score:5, Insightful)
WTF.
They might not even decrypt anyway.
Just restore from your excellent backups. Everybody loses a day of productivity, and the courts should have paper records anyway.
Re: (Score:2)
Courts do not routinely have paper records these days. The federal courts have been electronic since 2004, starting with one court docket in 1996. Illinois, for example, has been mandatory since 2016. Georgia has some e-filing in its courts. Courts simply do not have the space to store the paper any more.
Re: (Score:1)
You're correct when you say they might not decrypt. That said, a few points:
1.) Many people doesn't understand that their desktop is not part of what is covered by the backup system. Usually, the level of understanding is inversely related to the importance of the data they work with.
2.) Many people will deliberately store important files outside of what is covered by the backup system. Usually, the likely hood of intentionally bypassing backups is inversely proportional to the importance of the data the
Re: (Score:2)
SharePoint was used as an example only because the name is recognizable. In no way was referencing it meant to suggest it is actually increases productivity by providing easier collaboration between coworkers, simplification of workflows, or increased efficiency of information sharing.
Wait what? We're moving our Lotus Notes applications to SharePoint!
Noooooooooooo
Re: (Score:1)
In situations like the aforementioned city government offices, points 1 to 3 are addressed by complete lockdown of local workstations. First the workstations run a virtual machine image of the locked down operating system with the approved configuration and no access to local disks. All reads and writes are from and to secured offsite servers and only by approved programs. No installation of any new applications and only approved applications can run. If somehow a new application is installed, it's wiped at
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Well if you're doing it right you just have their My Documents or Documents folder pointed at a file server. But that opens up its own can of worms.
Yup. For example, the first time someone takes their computer home and doesn't log not the network they panic that all their files are gone. The fix: Save everything to the desktop.
Network goes down. Solution: Save everything to the desktop
The solution isn't technical, even though that is the approach often taken. The problem is that users do not understand how backups work, how to access networks remotely, etc.; and organization do not want to spend money to actually train them as well as come up with a ba
Re: $51K to restore all of the city's computers? (Score:2)
Only like 10-50% success rate with an average number paid about twice that amount. It's not worth the gamble.
Restore from backup and start using remote Linux sessions for your important data.
Someone messed up big time (Score:3, Insightful)
Misconfigured group policy and AD privileges leading to one infectee having the ability to encrypt everyone on the network. What are the odds they even have backups for these systems?
Re: (Score:1)
Re: Someone messed up big time (Score:2)
More like: we don't need that, our $750,000 isilons have everything replicated.
Followed by: we don't see the need for backup storage within our organization, we built 5 systems in the last few years and nobody uses it.
Re: Someone messed up big time (Score:5, Insightful)
The pain point for ransomware is low enough that enough people pay it rather than restore from backup and/or try to recover via other means (including re-imaging).
And if you haven't had a full restore test of all critical systems, then you're already playing with fire. Nobody Ain't Got Time For That (tm) is the normal response.
I have a saying ... "Good IT is expensive. Bad IT is costly"*. If they lose more than a day's productivity on their compromised systems, they need to just pay the ransom, and learn the expensive lesson.
*This may or may not be the fault of IT. I've been in IT long enough to see IT make recommendations that are denied because "they are expensive" and I've seen bad IT. I always use risk / reward when outlining IT infrastructure costs. Sometimes the calculus is "if bad shit happens, we'll eat it".
Re: (Score:2)
The problem with that analysis is that some people will pay it, and that attacks aren't individually targeted.
OTOH, reports are that half the time they don't send the decryption key anyway.
Pay? (Score:2)
Ha. https://it.slashdot.org/story/... [slashdot.org]
Re: (Score:2)
Re: (Score:2)
Or, "We don't need backups--we have RAID 1."
Re: (Score:2)
Why would you believe Wikipedia on something like this?? On things that aren't emotional, they can be alright, though even there they have the reputation of censoring expert opinions in favor of someone else, or just deciding the entire topic isn't interesting enough.
Dear ransomware folks (Score:2)
psychopath loser (Score:1)
Can you do the same for the state of California? kthxbye
yes because you just love to see destruction, loss and death, it's the only thing left that gives you a boner
We tell them and tell them (Score:1)
Re: (Score:3)
There are two answers to this question.
1) Nobody. Everything was done by committee, so there is no one person to blame, and no one person to take the fall. This is very common in Public Sector domains, there is nobody TO fire, because no one person is responible for anything. The people at the top are insulated from their boneheaded decisions as the push the blame down the chain. Those down the chain are all in committees that decide everything.
2) The guy at the Bottom, who was only doing what he was told a
Re: (Score:2)
I've found that the most common catch-all is "It's the process, not the people". Blame the testing process, the training, poor documentation, unclear instructions and agree that we, collectively, must improve as a team. It's almost the inverse scapegoating process that happens in private industry. Same with failed projects, that we ran the ship aground is neither the captain nor the crew's fault it's a fault of our project management process. But with more experience and lessons learned we'll be smarter nex
Re: (Score:2)
Nobody cares? Didn't you notice that reports say the payroll system was infected?
Yet another victim.. of Windows (Score:4, Insightful)
We all know this means they are running Windows.
How many more critical systems have to fall victim to this malware/ransomware bullshit before Windows systems are banned for use in anything critical? Even just the greater likelyhood of that happening to Windows systems should render them unacceptable to use.
In a lot of ways, this complete system shutdown is much worse for everyone than a database being stolen which is the worst case for UNIX backends.
Re: (Score:2)
How many more critical systems have to fall victim to this malware/ransomware bullshit before Windows systems are banned for use in anything critical?
How many more times will this happen before I.S./I.T. directors are deemed criminally negligent for this easily preventable and predictable problem? C'mon, putting important stuff on Windows??! How many whacks with the Cluestick are necessary before these people see the blindingly obvious?
Re: (Score:2)
While that's probably correct, the process of deduction is faulty. I'd say that the basic problem is, at a guess, running Javascript. Given that most systems have some hole you can wriggle through.
Re: (Score:2)
We all know this means they are running Windows.
How many more critical systems have to fall victim to this malware/ransomware bullshit before Windows systems are banned for use in anything critical? Even just the greater likelyhood of that happening to Windows systems should render them unacceptable to use.
In a lot of ways, this complete system shutdown is much worse for everyone than a database being stolen which is the worst case for UNIX backends.
It's not really a system problem, but a people one. No matter what system you put in people will still open emails, despite constant reminders and training not to, and infect systems. If Windows went away magically tomorrow the criminals would just target what took over. It's even better if people think the new OS isn't vulnerable because that means they'll avoid taking precautions.
Re: (Score:1)
Goddammit use AI ... (Score:2)
... "Oh, let's pretend I click on this link ... what will happen next and what will happen after that? The endgame is ransomware? FLAG ON THE PLAY, CALL IT!"
Atlanta team of technology professionals (Score:2)
haaaaaAAAAAAAARRRRR!!!
RansomWare? (Score:2)
It's a feature of Windows, not a bug.
Re: (Score:2)
I think you misunderstand the difference between a web site and an operating system.
That said, Linux also has it's holes. There are fewer of them, and more irregularly distributed, and they get patched more quickly, but they exist. It's been claimed by, IIRC, OpenBSD, that they haven't been had an exploit in decades, but I don't recall just when I read that claim. I don't think it's true anymore. Still, if security is your concern, the one of the BSDs would be your best choice. But I'll admit that I'm
Re: (Score:2)
The difference is the setup. A Unix-like OS will segregate by user and root is rarely needed. In a MS OS you need Administrator to do just about anything, and rarely is software standalone. Can you install Office without Administrator?
Typically, a service that you expose on the network will not have perms to write to the service storage area. So when malware comes in through the front door, it can't do much other than read storage. If there is an elevation path, well, game over. What's the chance of a servi
Re: (Score:2)
And when you do get-apt you almost always use sudu.
Why do I get the sinking feeling (Score:2)
Re: (Score:1)
Exactly. We've been hearing about "Linux on the Desktop" from before Linux was even invented. Give up nerds, we lost. Linux is for us, not for them. They get Windows cake.