Ransomware Incident Leaves Some Johannesburg Residents Without Electricity (zdnet.com) 67
A ransomware infection at an electricity provider in the city of Johannesburg, South Africa's biggest city and financial capital, has left some of its residents without power. From a report: The ransomware infection impacted City Power -- a provider of pre-paid electric power for Johannesburg residents and local companies. The malware encrypted the company's database, internal network, web apps, and official website.
Email hygiene (Score:3)
Re: (Score:2, Insightful)
It is highly likely. They typical attack vector is almost always an HTML email with a clickable link that goes to a web page that runs malicious javascript in the browser that downloads and runs the executable.
Doing away with HTML email would solve the problem, as would doing away with JavaScript. Doing away with either would be 95% effective, and doing away with both would be 100% effective.
Neither HTML (Web Pages over SMTP) not JavaScript in the browser serve any purpose OTHER than malice intent.
Re: (Score:1)
It is highly likely. They typical attack vector is almost always an HTML email with a clickable link that goes to a web page that runs malicious javascript in the browser that downloads and runs the executable.
Doing away with HTML email would solve the problem, as would doing away with JavaScript. Doing away with either would be 95% effective, and doing away with both would be 100% effective.
Neither HTML (Web Pages over SMTP) not JavaScript in the browser serve any purpose OTHER than malice intent.
I couldn't have said it better myself.
Re: (Score:2)
Neither HTML (Web Pages over SMTP) not JavaScript in the browser serve any purpose OTHER than malice intent.
I think you're trolling about javascript in the browser, but anyway... Email clients don't do javascript and javascript on the web is mostly used for legit purposes. For example: scrollable maps, collapsible sections of web pages, and content refreshes in parts of web pages. Up to the early 2000s, you needed to do full page refreshes because javascript didn't have the necessary functionality yet.
Re: (Score:1)
In my last job - TS clearance - there were two computers on my desk. One was outward facing and hooked to the WWW, and the other was part of the TS network, and never the twain shall meet. Why are critical infrastructure computing assets online at all?
Re:Email hygiene (Score:4, Insightful)
PHB can't pay for that.
Re:Email hygiene (Score:5, Insightful)
Re: (Score:2)
Nope. The right question to ask the head of IT is: "What do you do if all your shit gets encrypted by ransomware?". "How will you recover", not "How will you prevent this?" Because you won't...
Right, backups, we get it. User permissions, firewalled vlans, etc; DNS forwarding to block connections to known bad domains, etc;
This isn't a new phenomena.
The thing that amazes me though is that still in this day and age we leave email as open as it is to this attack.
Re: (Score:2)
Re: (Score:1)
Re: Email hygiene (Score:1)
Utility provider plugged into a public network? (Score:1)
Not very clever ...
Johannesburg South Africa Power Market (Score:2)
Not familiar with the power market in South Africa. Is the "residents without power" because the e-commerce bits to buy/sell power units were impacted by the infection thus causing the power loss because the customer could not purchase power units?
Re: (Score:2)
Seems that way. But it doesn't matter which department fucked up - any critical public utility should have military grade security around its systems. Clearly the people running this one didn't get the memo.
Re:Johannesburg South Africa Power Market (Score:4, Insightful)
Seems that way. But it doesn't matter which department fucked up - any critical public utility should have military grade security around its systems.
Or, you know... backups .
Re: (Score:2)
I think it's more simply stated - some people prepay for power, like you prepay for a phone. So you put $5 in your account, and when you use $5 worth of electricity, it gets cut off. Or some do it with time as well - you pay $5 to get power for a week.
The problem
Just restore offline backups (Score:1)
Should be back up and running quickly
Re: (Score:2)
Some hacks are clever / evil enough to corrupt backups for a long time before destroying their encryption keys.
Re: (Score:2)
So why do we believe one country over the other? (Score:1)
Didn't Venezula just claim the same thing?
Re: (Score:3)
No they claimed that it was an EMP. In this case, I can easily see it. Over here in Canada, there were power providers that offered the similar service back ~20 years ago. It was mainly used by PUC's that operated in areas where there was a history of repeated missed payments. These type of systems had to call in to the local PUC in order to process the payments, if they couldn't call in you couldn't get your electricity.
Re: (Score:2)
We, as those who are here in South Africa, believe it because we can see there is no general blackout and those on billed connections still have power, and those on prepaid with sufficient credit on the meter still have power.
The worst thing is it happened just before the general monthly payday, so people on tight budgets with few credits left are screwed even though they now have the money to pay for the next month.
Re: ANONYMITY PROBLEM OF INTERNET (Score:1)
Need international effort to stop this (Score:2, Insightful)
IMHO the potential risk / damage of increasing ransomware and cyber terrorism greatly exceeds that of things like child porn and drug trafficking. I'd like to see international law enforcement divert resources to this problem before it gets too large.
We don't expect individuals to build unbreachable physical barriers around their homes and businesses, instead we rely on law enforcement stopping most break-ins / thefts. We should expect the same for cyber threats. One of the features of an advanced society
Re: (Score:1)
We don't expect individuals to build unbreachable physical barriers around their homes and businesses, instead we rely on law enforcement stopping most break-ins / thefts.
Law enforcement rarely stops most or even some break-ins or thefts. They tend to act after-the-fact, more like janitors who deal with cleanup after a spill, and occasionally they get their man. If you believe you are protected, that is an illusion.
Many businesses don't just rely on law enforcement; they have better security than homes, like antitheft/antivandal glass, alarm systems, shuttered or barred windows, bollards to prevent a vehicle from ramming down the doors, things like that. Some businesses even
Re: (Score:2)
That's why I think that national intelligence agencies should be primarily responsible for finding and nullifying ransomware agents. Classify it as an act of war and punish accordingly.
Re: (Score:2)
One of the features of an advanced society is that it doesn't require individuals to defend themselves from attacks.
And one of the features of advanced individuals is that they prepare for unexpected eventualities. Maybe we should promote both. Security is good for lots of reasons. We're not talking about houses where you'd have to armor and guard everyone's domicile, we're talking about software which is written once, and distribute to many people at little cost. It's reasonable to protect people in both ways.
Crticial infrastructure (Score:1)
How long until a disaster happens? (Score:4, Insightful)
Re: (Score:2)
One day a critical piece of infrastructure will get ransomwared and people will be killed.
Power is critical for people who need a CPAP, or an oxygen generator. An unfortunate number of those people seem to not have battery backup, but even the people who do have portable battery-operated units still need to recharge them.
How many... (Score:2)
How many f*kg headlines do there have to be before admins LEARN that they need to have (tested!) Disaster Recovery plans in place for things like this??
Re: (Score:2)
Is it the admins who need to learn, or the managers who control the budget?
Easy to be smug (Score:4, Interesting)
Re: (Score:2)
With all the power of the NSA/CIA/etc have demanded, why are they powerless to find those responsible and bring them to some sort of justice?
A few jerk hackers being dragged/renditioned into the city square would probably do more to curtail this crap than a million calls for better backups and more care with your emails.
Re: (Score:1)
Then you're doing backups wrong. Seriously, if you can't find one good copy of data to restore for a fairly fast-acting threat like ransomware, then there's some parameter of your backup policies that needs to be drastically readjusted. I could maybe see something like that for an advanced infection with a long fuse timer or something, but that's not what we're talking about here. And even in that case, you should at least be able to get your critical data out of the backups, even if you have to nuke the
The Stakes Continue to Rise (Score:1)
How much longer before we're reading news stories about deaths resulting from ransomware?