Ransomware Attack Disrupts Massachusetts Ferries (therecord.media) 35
A ransomware attack has caused delays and disruptions at Steamship Authority, the largest ferry service in Massachusetts, and has disrupted ferry transports between mainland US and the Martha's Vineyard and Nantucket islands. From a report: The attack took place earlier today, according to a series of tweets posted on the company's official Twitter account. Steamship Authority said the incident impacted its land-based IT systems and that ships are not impacted. "There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality," a Steamship Authority spokesperson said.
"Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process. Customers are currently unable to book or change vehicle reservations online or by phone. Existing vehicle reservations will be honored at Authority terminals, and rescheduling and cancellation fees will be waived," it added. The company has asked travelers to come prepared with cash on hand as "availability of credit card systems to process vehicle and passenger tickets, as well as parking lot fees, is limited."
"Scheduled trips to both islands continue to operate, although customers may experience some delays during the ticketing process. Customers are currently unable to book or change vehicle reservations online or by phone. Existing vehicle reservations will be honored at Authority terminals, and rescheduling and cancellation fees will be waived," it added. The company has asked travelers to come prepared with cash on hand as "availability of credit card systems to process vehicle and passenger tickets, as well as parking lot fees, is limited."
Russia or China? (Score:1)
Who is the designated villain this week?
Re: (Score:2)
Parking lot attendants ticketing cars that can't pay.
Re:Russia or China? (Score:5, Insightful)
It depends on your political alignment.
If you a Conservative, then it was from China, because those are communist.
If you a Liberal, then it was from Russia, because those are fascist.
Both countries seem to fall on the extreme range of the political spectrum with a strongman leader, where its citizens are careful to criticize. Both are large countries, and would like to dethrone the United States as the Top Superpower. So they will become the Top Superpower.
Seeing the United States having a government unwilling to create rules and regulations towards how modern businesses need to run in an attempt to maximize profit, with a slim to no safety net, and at the same time, its populous demanding a high quality of life, where they all want modern things. Has created a nice loophole in our IT Infrastructure for attack. As a lot of people and businesses demand such technology, while at the same time there is little to no regulations towards using such technology safely and correctly, it means they are a lot of places open to attack.
Re: (Score:2)
And here I am without any mod points. Please accept my sincere thanks.
Most ransomware attacks are Russian in origin (Score:2, Informative)
It depends on your political alignment.
If you a Conservative, then it was from China, because those are communist.
If you a Liberal, then it was from Russia, because those are fascist.
Most ransomware attacks are Russian in origin. Don't think I've heard of any major attacks from the Chinese, regardless of political orientation. Chinese malware is mostly spying.
https://blog.truesec.com/2021/... [truesec.com]
https://techxplore.com/news/20... [techxplore.com]
Both countries seem to fall on the extreme range of the political spectrum with a strongman leader, where its citizens are careful to criticize. Both are large countries, and would like to dethrone the United States as the Top Superpower. So they will become the Top Superpower.
Well, both those statements may be true, but that's not why the Russians are doing the Ransomware attacks. The ransomware is because the Russian economy fell into the toilet after the disintegration of the Soviet Union, and Russia has a lot of cleve
Re: (Score:3)
Who is the designated villain this week?
Same as it was last week, moronic / uncaring upper IT management / company management that allows insecure systems to sprout everywhere.
Re: (Score:2, Interesting)
moronic / uncaring upper IT management / company management
Implementing routine backups does not require approval from "upper management".
Routine backups cost almost nothing. A 2TB HDD costs $40. Get two so you can alternate.
There was certainly incompetence at the top, but mainly because they failed to recognize incompetence at the bottom.
Putin says it's them (Score:4, Informative)
Putin says that Russia is taking actions against the United States ahead of the upcoming summit, while Russia has 100,000 troops massed it the Ukraine border.
According to Putin, they are showing the United States that Russia can hurt the US, showing strength before the summit.
Re: (Score:1)
the Ukraine border.
Which by pure coincidence just happens to be on the Russian border, you know, on their own territory?
Re: (Score:3)
YOU NEVER PAY YOU CUCKING FUNTS!!!
Well, they did. As a result, now it's open season for American companies. Pass the popcorn.
Re: (Score:2)
They almost always apy - that's why ransomware has grown into the industry it is today. CP isn't an Outlier here.
Again we ask: How did this happen? (Score:1)
What systems were affected? I'm assuming Windows.
How did the attack occur? Was it a drive-by, trojan, email, web site, something else?
We never get any information that can help prevent these attacks. It's so frustrating and the "authorities" are not helping.
Re:Again we ask: How did this happen? (Score:4, Informative)
Someone clicked something they shouldn't have in an email they got, they same way 99 out of 100 ransomware cases are caused.
Re: (Score:1)
Human Engineering.
Don't allow users to run programs that aren't installed by IT professionals. Scan all or better yet, block all attachments from outside email.
Do those two things, and you'll nail just about all vectors.
Re: (Score:3)
Most of our technology is based on the days when the internet was only for Academics. Allowing for each university to share with the other university. If something went down or got hacked, (which happened a lot) it wasn't that big of a deal. And normally the person who got hacked got a good laugh out of it.
RDP and email are most of them, dumb passwords (Score:2)
Email-borne threats are big, of course.
Exposed RDP is probably bigger than email-borne threats.
Dumb passwords are right up. Either defaults and stuff like "admin", or "CompanyName2021!".
Re: (Score:2)
I wonder how many of these attacks are done by insiders.
If you know the passwords and vulnerabilities, it would be easy to launch an attack and make it look like an outsider.
Just don't drive your new Ferrari to work the next week.
Re: (Score:2)
In my organization, we could tell. We can see what someone does every step of the way, so we can see the difference between using your own credentials vs hacking.
In the case of a ransomware, which requires administrative credentials:
If we see Bill login to Bills machine with Bill's password, then login to Bill's account on the admin credential vault with Bill's 2FA, retrieve Bill's admin credential, then start deploying ransomware on the databases Bill has access to, we're going to take a good look at Bill.
Re: (Score:2)
Let me put this another way.
Suppose you like to watch football.
Your 12yo son has access to your coax and HDMI connections on your TV.
So your son decides he and his friends are going to simulate your favorite team playing a game. They get dressed up in their football uniforms and play, pretending to be your favorite professional team. How long do you think you'd be fooled?
We watch professional hackers every week, like some people watch football. We know who the teams are, and we know the difference between p
Re: (Score:3)
In my organization, we could tell.
Sure, but organizations like yours are not being hit by these attacks.
The organizations being hit don't even have frick'n backups. So it is unlikely they are taking any of the other precautions either.
Bill is going to prison.
Nope. Bill is going to quit his job and go work for the Ferry company instead.
Re: (Score:2)
> The organizations being hit don't even have frick'n backups
You have a valid point.
Though, only recently I asked the question "have we tested restoring the domain controllers (Active Directory)? They did not give the right answer. :)
We've tested it twice now, only because I made that finally happen. The backup system we have is less than ideal because managers from the IT department bought it, based on a slick sales presentation, without involving IT-Sec. Which is particularly annoying because I used to
Re: (Score:2)
Nailed it. That’s how a woman infected my old job. We told her not to open zip attachments but she did anyhow. The email was even addressed from herself to herself. She had to open the zip file and then still say yes to executing the vbs script. A while later she asked why all her desktop shortcuts said LOCKY. I had nothing to do with IT there so don’t look at me for security or policies.
Re: (Score:2)
Don't be so quick to blame the victim. I've been hoodwinked by a phishing email before. I won an auction on eBay. A few hours later, I got an email from eBay about a problem with shipping, which asked me to login to my eBay account to confirm my address, and provided a convenient link. I clicked it and logged in, then immediately realized what I might have done. Logged out, logged in directly to eBay using a different computer, and changed
Re: (Score:2)
That's because "normal people" and "the authorities" have nearly zero clues about how computers work.
Check the security sites in a week or two (Score:2)
The general audience news sites won't typically have that information because they are reporting a ransomware event that's happening right now, today. That information isn't typically known and released while the attack is ongoing.
We'll get that information later. For the details, check the security related sites, not ABC News, BBC, Faux news, or Coumo News Network.
Re: (Score:2)
Very difficult problem (Score:2)
Insurance companies ... (Score:5, Insightful)
must stop paying out for any costs associated with ransomware - this might persuade companies to defend themselves properly.
Insurance companies could have a role (Score:2)
They could require compliance to decent standards in order to be insured. Leaving companies unable to get insurance against all cyber attacks is unfair - some really aren't the company's fault.
There needs to be a wider debate about paying ransoms; one idea might be that paying is done on the basis of sacking the head of IT unless he can demonstrate compliance with a certain standard. A smoking gun of a request for more resources for cyber security that the board rejects should also be a reasonable defence :
the USA should shut down the WWW (Score:3)
Re: (Score:3)
So you propose... fences?? Yeah, that works. Belarus is trying that right now - go join them.
I initially read this as... (Score:2)
On re-reading, I am much less concerned.
Massachusetts residents, furry or not, will simply drink-beer-in-place until things are resolved.