Author Topic: Hackers hold a city hostage!  (Read 2828 times)

0 Members and 1 Guest are viewing this topic.

Offline windsmurf

  • Frequent Contributor
  • **
  • !
  • Posts: 626
  • Country: us
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31346
  • Country: au
    • EEVblog
Re: Hackers hold a city hostage!
« Reply #1 on: May 27, 2019, 10:17:16 am »
Hacks like that will only grow in popularity.
And it seems they aren't being greedy and setting the level at something that they know they might pay just to make the hassle go away.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 2801
  • Country: si
Re: Hackers hold a city hostage!
« Reply #2 on: May 27, 2019, 10:28:34 am »
Yeah the reasonable sum of money makes it easier for them to pay up, get this mess over with and get back to business. So the hack was probably done with profit as the goal.

Tho i wonder if these bitcoins are any more difficult to spend since places accepting payment could see they came from this transaction if the city makes the transaction id public. That is  ignoring the part about the police likely watching the flow of it to try and find the person behind this.
 

Offline EEVblog

  • Administrator
  • *****
  • Posts: 31346
  • Country: au
    • EEVblog
Re: Hackers hold a city hostage!
« Reply #3 on: May 27, 2019, 11:11:13 am »
Tho i wonder if these bitcoins are any more difficult to spend since places accepting payment could see they came from this transaction if the city makes the transaction id public. That is  ignoring the part about the police likely watching the flow of it to try and find the person behind this.

They must have a way to launder the bitcoins.
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 11191
  • Country: us
  • DavidH
Re: Hackers hold a city hostage!
« Reply #4 on: May 27, 2019, 05:04:01 pm »
Hacks like that will only grow in popularity.
And it seems they aren't being greedy and setting the level at something that they know they might pay just to make the hassle go away.

Doubly so when the security firms which provide ransomware solutions do so by just paying the hackers:

https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

They must have a way to launder the bitcoins.

That is not difficult to do.  The people who get caught did not bother.
 

Online madires

  • Super Contributor
  • ***
  • Posts: 5243
  • Country: de
  • A qualified hobbyist ;)
Re: Hackers hold a city hostage!
« Reply #5 on: May 28, 2019, 09:54:31 am »
In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc: https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html

Doesn't Baltimore install patches? Nearly two years ago Microsoft published the patch for EternalBlue, even for out-of-support XP.
 

Offline orion242

  • Supporter
  • ****
  • Posts: 745
  • Country: us
Re: Hackers hold a city hostage!
« Reply #6 on: May 28, 2019, 05:32:22 pm »
Doesn't Baltimore install patches?

Patches were as current as their backups apparently.

Epic fail.  Hopefully a few people lose their jobs
 

Offline rrinker

  • Super Contributor
  • ***
  • Posts: 2030
  • Country: us
Re: Hackers hold a city hostage!
« Reply #7 on: May 28, 2019, 06:50:23 pm »
 Unfortunately the only people likely to lose their jobs over this are some low level people, not the people actually responsible for making the decision not to patch - or just being so ignorant as to not think about patching at all. Which, being a government job, is all too likely a scenario.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 2801
  • Country: si
Re: Hackers hold a city hostage!
« Reply #8 on: May 28, 2019, 07:50:52 pm »
Unfortunately the only people likely to lose their jobs over this are some low level people, not the people actually responsible for making the decision not to patch - or just being so ignorant as to not think about patching at all. Which, being a government job, is all too likely a scenario.

Or not knowing why it should be patched at all, even tho it works just fine right now. The people that make the decisions probably have no clue about technology.

This is the sort of people that push for a law to force companies running messaging apps with end to end encryption to hand over the users chat logs. Then being explained that that's impossible according to mathematics and then responding with "Well they should hand over the logs anyway". If they could do that, whats the point of having encryption in the first place?
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 11191
  • Country: us
  • DavidH
Re: Hackers hold a city hostage!
« Reply #9 on: May 28, 2019, 08:50:17 pm »
Doesn't Baltimore install patches? Nearly two years ago Microsoft published the patch for EternalBlue, even for out-of-support XP.

While it may not apply in this case, Microsoft has gained an appalling tendency to include feature updates with their patches which break things leading to a justified distrust in patching any system unless absolutely required.
 

Offline SparkyFX

  • Frequent Contributor
  • **
  • Posts: 629
  • Country: de
Re: Hackers hold a city hostage!
« Reply #10 on: May 28, 2019, 10:19:41 pm »
If it is important, it needs backups.
Support your local planet.
 

Offline orion242

  • Supporter
  • ****
  • Posts: 745
  • Country: us
Re: Hackers hold a city hostage!
« Reply #11 on: May 29, 2019, 12:32:26 am »
Think of their IT department and mix in electronic voting.  Insert train wreck here...
 

Offline windsmurf

  • Frequent Contributor
  • **
  • !
  • Posts: 626
  • Country: us
Re: Hackers hold a city hostage!
« Reply #12 on: May 29, 2019, 01:17:49 am »
Think of their IT department and mix in electronic voting.  Insert train wreck here...

I hear Putin laughing.   >:D
 

Offline bdunham7

  • Frequent Contributor
  • **
  • Posts: 581
  • Country: us
Re: Hackers hold a city hostage!
« Reply #13 on: May 29, 2019, 04:58:55 am »
Doesn't Baltimore install patches? Nearly two years ago Microsoft published the patch for EternalBlue, even for out-of-support XP.

While it may not apply in this case, Microsoft has gained an appalling tendency to include feature updates with their patches which break things leading to a justified distrust in patching any system unless absolutely required.

I thought Apple had a clear lead in breaking stuff with updates.   >:D
 
The following users thanked this post: Electro Detective

Offline Berni

  • Super Contributor
  • ***
  • Posts: 2801
  • Country: si
Re: Hackers hold a city hostage!
« Reply #14 on: May 29, 2019, 05:05:24 am »
I thought Apple had a clear lead in breaking stuff with updates.   >:D

In that case you have probably not used Windows 10 yet.
 
The following users thanked this post: Electro Detective

Offline rrinker

  • Super Contributor
  • ***
  • Posts: 2030
  • Country: us
Re: Hackers hold a city hostage!
« Reply #15 on: May 30, 2019, 01:34:40 pm »
 I have had no issues with Win10 updates thus far.

There have been well known attacks in the past that ALSO exploited holes that were long patched - the old IIS "Hacked by Chinese" and one of the SQL ones, both of which I logged hitting my systems at home many years ago, but not actually doing anything because I had long prior applied the patches.

But, you can't fix stupid - only guard against it. Fear of patches is no excuse for not having good backups. We had a client who used shared logins for a large subset of users - account names and passwords were commonly stuck on the monitor with a post it, too - even though this was always the same user name and the password never expired. People STILL couldn't remember this - something they used literally every day at their job. In at least one case, the password was "Password". It didn't take hackers long to infiltrate when they already had a standard account to sit in and attempt other attacks. This all ended with a massive cryptolocker attack that wiped most of their systems. Despite these serious lapses in common sense security, they DID have good backups, secured and off site. So they basically told the hackers to stuff it with their ransom demands and they rebuilt the network from the ground up, using proper security techniques this time, and restored the data. A massive project, to be sure, but at least they learned their lesson, if only the hard way.

 

Online madires

  • Super Contributor
  • ***
  • Posts: 5243
  • Country: de
  • A qualified hobbyist ;)
Re: Hackers hold a city hostage!
« Reply #16 on: May 30, 2019, 02:56:20 pm »
If users can't remember their login credentials they shouldn't use computers. >:D Maybe we need a "computer driving license", since it's easy to create disasters with any PC. All it takes is a highly skilled moron.
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 11191
  • Country: us
  • DavidH
Re: Hackers hold a city hostage!
« Reply #17 on: May 30, 2019, 03:41:59 pm »
I have had no issues with Win10 updates thus far.

I have.

1.  I start a computation which will take days and then Windows 10 helpfully reboots to apply updates wasting days of work and time.  So I restart the computation and Windows 10 does it again, and again.  This has been a repeating problem.

2.  The Windows 10 update helpfully resets the configuration of installed programs or removes them entirely.

3.  Or the update simply breaks stuff ... like being able to boot.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 2801
  • Country: si
Re: Hackers hold a city hostage!
« Reply #18 on: May 30, 2019, 04:38:03 pm »
I have had no issues with Win10 updates thus far.

I have been using Win 10 for about 3 years at work because they ran out of Win 7 licenses and a lot of the problems i had with it had to do with updates. Here are some of them:

To get me some Win7 functionality back i installed a tweaker utility that changes a bit how the task bar works. That got broke by one update and needed reinstalling

To get more Win 7 functionality back i installed Gadgets from Win 7, a different update broke that at some point and after some fiddling about it started working again.

At some point a update made my Win 10 machine wake up from sleep due to just moving the mouse by a fraction of a milimiter. I fixed that later on trough the command prompt to disable sleep wakeup for all devices exept keyboard. Now about 2 years later my keyboard doesn't wake it up anymore all of a sudden, only the power button can wake it from sleep now. I still have to go and fix that.

I had a case where i had unsaved data when i left for the day and came back the next day to a empty desktop. It decided to do an update at night while in sleep mode without asking. Any programs that show a "Do you want to save?" dialog seamed to have gotten terminated when they refused to close so that the update could begin. This is functionally the same as getting a random BSOD that forces you to reboot. To disable updates i had to dig trough the registry and system services in order to kill it in a way that windows doesn't secretly re-enable them behind my back.

Once i came to my PC and had a completely different color theme set. When i went to select my old one i found out that its already set to it and selecting it again did nothing. Turns out i had to select a diferent theme, close the settings window, open it again and then select my old theme to get it back.

At some point i came to my PC finding the default web browser changed to Edge

At another point i noticed that Altium designer started showing multiple windows as two separate applications in the taskbar, this behavior seams to have disappeared by now.
Etc...
 

Offline eugenenine

  • Frequent Contributor
  • **
  • Posts: 822
  • Country: us
Re: Hackers hold a city hostage!
« Reply #19 on: May 31, 2019, 12:45:02 am »
This feature forced in server 2003 sp2
https://blogs.technet.microsoft.com/onthewire/2014/01/21/tcp-offloadingchimney-rsswhat-is-it-and-should-i-disable-it/

And of course any non-production server where sp2 was tested didn't have the problem because they didn't have a high load for long enough for it to show the issue.
 

Offline timelessbeing

  • Frequent Contributor
  • **
  • Posts: 804
  • Country: 00
Re: Hackers hold a city hostage!
« Reply #20 on: May 31, 2019, 03:34:59 am »
I was hit by ransomware a few years ago. It was a computer I didn't care about, but I did some research into the matter.

Never pay the hackers. Sometimes they just take the money and run (without decrypting your files). They keep their word just enough to keep people paying up. Sometimes they are unable to decrypt your files due to bugs so you get screwed anyway. There are benevolent groups who are sometimes able to reverse engineer the hacks, and make fixes. The hackers hang out in and listen to forums where people go for help.

Backup, backup, backup ...
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 2801
  • Country: si
Re: Hackers hold a city hostage!
« Reply #21 on: May 31, 2019, 05:27:56 am »
I was hit by ransomware a few years ago. It was a computer I didn't care about, but I did some research into the matter.

Never pay the hackers. Sometimes they just take the money and run (without decrypting your files). They keep their word just enough to keep people paying up. Sometimes they are unable to decrypt your files due to bugs so you get screwed anyway. There are benevolent groups who are sometimes able to reverse engineer the hacks, and make fixes. The hackers hang out in and listen to forums where people go for help.

Backup, backup, backup ...

I never had such an attack so far but i am certainly fearful of them since it could potentially cause massive damage if it can spread trough the LAN.

I backup things to a NAS server. Its a Linux machine so much less likely to get infected itself, but its shearing everything trough Samba SMB since everything else are Windows machines. The data there is more valuable than the on machines themselves. It would be useful to have some sort of protection mechanism that could detect malicious activity and kill the server. Something like deleting or modifying too many files in a given time window. The limit would have to be set reasonably high to avoid false positives so it would still be able to eat some data, but loosing a GB is better than losing a few TB.
 

Online madires

  • Super Contributor
  • ***
  • Posts: 5243
  • Country: de
  • A qualified hobbyist ;)
Re: Hackers hold a city hostage!
« Reply #22 on: May 31, 2019, 10:32:18 am »
If your PC is infected with some crypto ransomware the files on the NAS will be encrypted too. Better keep backups offline, e.g. USB disks. Also keep multiple backups of different age on different disks/tapes. If you don't detect the malware immediately it may be in the last backup, but the older backup on another disk could be ok.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 2801
  • Country: si
Re: Hackers hold a city hostage!
« Reply #23 on: May 31, 2019, 10:53:03 am »
For that reason the weekly backups from PCs are kept for the last few months, they are incremental backups so they stay stay a small size. Also allows for garbing any file from any week in case a single important file is lost due to just user error.

Keeping full copies with history of the entire NAS raid array is not as easy.
 

Offline ptricks

  • Frequent Contributor
  • **
  • Posts: 670
  • Country: us
Re: Hackers hold a city hostage!
« Reply #24 on: May 31, 2019, 11:06:54 am »
Part of the problem is how lacking some organizations are in very simple protections.
One local business allowed employees to carry work home on usb drives for use on their personal pc :palm:

The best system I think is the kind that implements two networks that are not connected in any way.
1 network has the systems that are critical with no access by anyone to ports of any kind.
2nd network connects to the internet and does email and such and runs on different hardware entirely.

Companies short circuit the process by thinking newer hardware, virtual machines, networking can keep it all safe and put it on the same systems.
I have an old laptop that runs windows xp, no infections, no update issues, and it works reliably, it hasn't been connected to a network though in years.

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf