[www.cnbc.com]

“Twenty-three Texas towns have been struck by a “coordinated” ransomware attack, according to the state’s Department of Information Resources.

Ransomware is a type of malicious software, often delivered via email, that locks up an organization’s systems until a ransom is paid or files are recovered by other means. In many cases, ransomware significantly damages computer hardware and linked machinery and leads to days or weeks with systems offline, which is why it can be so costly to cities.

According to a weekend update by the Texas DIR, the attacks started Friday morning and though the locations aren’t named, “the majority of these entities were smaller local governments.”

Texas Governor Greg Abbott ordered a “Level 2 Escalated Response” on Friday following the incident, according to a statement from Governor’s Office deputy press secretary Nan Tolson. This response level, determined by the state’s Department of Emergency Management, is part of a four-step response protocol, and is one step below the highest level of alert, level 1 or “emergency.”

[www.cnbc.com]

---

Saint Cloud, Minnesota, where the weather is wonderful even when it isn't.

We heard yesterday that Georgia has been hit with a number of ransonware demands that amounted to a number of hundreds of thousands of dollars (paid). So, the governor just signed something that requires virtually all state employees to go through training at least twice a year. Our college started using a really dumb scenario-based training a year or so ago that takes a half-hour to go through and didn't teach me anything-maybe it helps those who don't live with a techie. But, it was a pain in the patoot. Twice a year will be twice as much of a pain.

Tell the bosses that there are no ransomware or virus problems with macOS or Linux Mint OS PCs.

---

_____________________________________

I reject your reality and substitute my own!

Don't these government IT people know they have to back up all data, redundantly, all the time? I don't see why anyone would pay ransom if they could just wipe their computers, reinstall the OSes, and reload the data from backups.

/Mr Lynn

---

"Hillbilly at Harvard"
Honky-tonk Country and Bluegrass
Founded in 1948 by Pappy Ben Minnich
Saturdays 9am - 11am Eastern
WHRB-FM, Cambridge, MA
Streaming at [www.WHRB.org]
Be there!
The HAH weblog: [hillbillyatharvard.wordpress.com]

Topical weblog: [walkingcreekworld.wordpress.com]

On the river in Saxonville.

probably spear phishing. My company got burned in Europe this way last year. And our main data center got burned a couple of years ago, but we restored from backups.

Just takes one idiot clicking on a link.

Quote
JEBB
Tell the bosses that there are no ransomware or virus problems with macOS or Linux Mint OS PCs.

That applies to just about every flavor of Linux, not just Mint.

---

**************************************
MacResource User Map: [www.zeemaps.com]#

From what I hear, these Ransomware attacks can affect backups as well. At least recent ones. A backup of a compromised system is still compromised. And the further you go back, the less useful the backups no matter how clean.



Edited 1 time(s). Last edit at 08/20/2019 11:23AM by Acer.

Quote
Acer
From what I hear, these Ransomware attacks can affect backups as well. At least recent ones. A backup of a compromised system is still compromised. And the further you go back, the less useful the backups no matter how clean.

Really? Would it be hard for an anti-malware company to create a backup routine that refused to begin the backup if the primary data has been compromised?

/Mr Lynn

Quote
mrlynn

Quote
Acer
From what I hear, these Ransomware attacks can affect backups as well. At least recent ones. A backup of a compromised system is still compromised. And the further you go back, the less useful the backups no matter how clean.

Really? Would it be hard for an anti-malware company to create a backup routine that refused to begin the backup if the primary data has been compromised?

/Mr Lynn

That's where the problem lies, detecting the data having been compromised. Anti-malware recognition of the various malware is generally reactive, it detects known attacks. So any new attack has a chance of not being detected immediately.

Right. So, you have a full backup stored offsite every week. If the malware is instant, the backup can be used as is, and you've lost 1 week's work.

If the malware is delayed, before the restore, you remove the time bomb.

For more granularity, replace 'week' with 'day' above.

All this assumes a competent IT department.

---

--------------

Embarassing myself on the Internet since 1978.

Yes, hackers "seed" a targeted system well ahead of the scheduled attack. That way, "standard" back ups is compromised. What's needed is software that does a DEEP scan of backed up files; one that can detect compromised data as well as ATTEMPTS to compromise data. Much of the world is CLUELESS as to HOW to accomplish that simple sounding goal (I know I am).

I think that the IT departments of these affected cities back up their data. Rather, from what I recall reading, the hackers lock the owners out of the system. The city can replace the hardware or pay the ransom.

---

“There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in."

Quote
raz
Right. So, you have a full backup stored offsite every week. If the malware is instant, the backup can be used as is, and you've lost 1 week's work.

If the malware is delayed, before the restore, you remove the time bomb.

For more granularity, replace 'week' with 'day' above.

All this assumes a competent IT department.

That isn't how that works. You are talking about thousands of computers, dozens of physical servers, hundreds of virtual servers. Multiple network vlans and all it takes is one laptop that some user has stashed in a desk hasn't been patched to infect everything up all over again.

You can't just hit "restore" and bring an entire municipal network back a week.

---

C(-)ris
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~