Alaskan Town Finds Solace in Typewriters Following Last Week's BitPaymer Ransomware Infection (bleepingcomputer.com) 111
Catalin Cimpanu, reporting for BleepingComputer: On Monday, officials from Matanuska-Susitna (Mat-Su), a borough part of the Anchorage Metropolitan Statistical Area, said they are still recovering from a ransomware infection that took place last week, on July 24. The ransomware infection crippled the Borough's government networks and has led to the IT staff shutting down a large swath of affected IT systems. [...] Officials said they were planning to clean and reinstall 650 desktop computers and servers located on the parts of the Mat-Su network believed to be affected. [...] "Without computers and files, Borough employees acted resourcefully," said Mat-Su Public Affairs Director Patty Sullivan last week. "They re-enlisted typewriters from closets, and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings." Mat-Su IT Director Eric Wyatt identified the "virus" as the BitPaymer ransomware earlier this week, the report said.
...no payment made... (Score:4, Informative)
silk road (Score:1)
hire mercenaries on Silk road to hunt down the ransoming thieves and bring them to justice. Start a kickstarter to pay for it.
Re: (Score:2)
They could complain to the government about it as well, but their solution would probably be to outlaw whatever cryptocurrency that the ransomer used. You know, the "Shoot the Messenger" style approach.
Re: (Score:3)
...backups were ok, even if a year old
At the speed of business today, year-old data is not a "backup". That's a fucking time capsule.
And if that DR plan is "OK", then I have to question why this organization wasted money upgrading their typewriters years ago...
Re: ...no payment made... (Score:1)
For a small muni year old data might be 90% current. Other than some local tax filings and handful of various forms and requests for which they have the long form paper records, they might not have much of real import. The loss of some meetings minutes might put them in violation of their own ordinances or something but most likely nobody will care
Re: (Score:3)
Say what? Utility bills? Water meter readings? Sewage stats? Accounts payable? Payroll?
That's what your municipal gov't does.
Re: (Score:2)
These are all thing typically done by the utility providers, and NOT the municipality itself in many areas.
Most water utilities in my neck of the woods ARE owned by the muni. There are a couple that own the electric utilities.
Re: (Score:2)
Some places have a municipality owned utility but that billing and accounting is outsourced.
Re: (Score:2)
I've lived in a number of cities where most of these utilities are provided by the municipality. Not little places, either (although Anaheim, as an example, was one of them). Seattle provides electric, sewer, water, and garbage to residences, as a big-city example. Los Angeles Department of Water and Power, a municipal entity, is one of the largest electric grids in the West, their tendrils reaching all across the state of California and parts of Nevada/Arizona gathering water and power for the City of L
Re:...no payment made... (Score:4, Interesting)
My understanding is that all systems, including backups, were under the same domain controllers. The domain controllers were compromised and all reachable systems (including current backups) were encrypted. The year old backup sounds like someone found an old tape backup archive.
That's not really a backup then (Score:3)
Re: (Score:2)
Ideally, backups should be stored offline (precisely to prevent ransomware from encrypting it) and off-site (in case the building burns down). Backing up your files to an always-accessible hard drive on a nearby system isn't much better than copying them to a second hard drive on the same computer.
Well it can at least be done smarter with the backup system having read permission to the main system but otherwise be an isolated system. Of course that's no silver bullet either if they compromise the admin and grab both logins or it's an admin gone rogue, but that's how you usually do live backup which is then shuffled to tape. Putting it all in the same domain is just a bad design no matter how you look at it.
Re: (Score:2)
Of course I have a 2nd job that rsyncs to a virtual machine in another country.
Maybe switch to Linux (Score:5, Interesting)
Maybe switch to Linux. How many more times does this need to happen before somebody gets a clue?
Re:Maybe switch to Linux (Score:5, Interesting)
Re: (Score:3)
Also: German State Plans To Migrate 13,000 Workstations From Linux to Windows [slashdot.org]
And:
Munich Council: To Hell With Linux, We're Going Full Windows in 2020 [slashdot.org]
Re: (Score:2)
...not really...https://linux-audit.com/linux-and-the-rise-of-ransomware/
From your link: "A proof of concept (PoC) is already available for Linux"
Great, a PoC. So, how many people have reported getting hit by ransomware on Linux in the last two years since that article? *cough*zero*cough* -_-
Re: (Score:2)
Re: (Score:2)
So a single piece of ransomware (that came out before the article) and is dependent on you running Magento is what Linux users need to worry about? Sounds a hell of a lot safer than Windows.
Re: (Score:2)
Re: (Score:3, Funny)
The typewriters were more useful than Linux.
Re: (Score:2)
Re: (Score:2)
Support costs for Linux tend to exceed those of Microsoft.
Re: (Score:3, Insightful)
don't hire morons that can barely open microsoft word to be your "it staff".
train your mouse jockies and paper pushers, and treat them well enough so your office staff doesn't turn over every 6 months requiring you to train new worker bees constantly.
problem solved.
linux is cheaper, period. unless you absolutely cannot live or function without a windows-exclusive title. and think real hard before you choose windows.. do you *really* **REALLY** need that particular application or will something else work, or
Re:Maybe switch to Linux (Score:4, Insightful)
This is a local government we're talking about. What are the costs to retrain every employee? What are the costs for all the new hardware that doesn't have Linux drivers? What are the costs to rewrite the water-billing software, payroll software, work order system, etc, and then integrate them all together? How many Linux gurus are willing to take the pay cut to work at the same rate as a Windows guru?
It might sound great as an academic exercise but in the real world it is not cost effective. If Linux ever did approach the market share of Windows then the Ransomware problem on Linux would grow to be just as bad.
Re:Maybe switch to Linux (Score:4, Insightful)
Probably not very much if the original systems are properly documented so you have a clear idea of what you are doing, and plenty of test data. Plus your hardware costs would probably be 1/4 what they are at present, so you could factor this as part of your "rolling upgrade plan" -you do have plans for a rolling upgrade, don't you?
How many Linux gurus are willing to take the pay cut to work at the same rate as a Windows guru?
Since they are probably 4 times as productive (ie believe the statistic is more like 10 times) none would need to.
You clearly have no idea how costly it is to keep a pile of shit like Windows on the road, even without malware problems.
Re: (Score:2)
Actually yes, I do, and I support small local governments. Tax dollars are better spent on services for the actual taxpayers, not tech experiments. That's not to say basic security should be ignored, however.
Nothing is properly documented. Most of it was written a decade or more ago and there's no political will to change it. Why should they if it still works just fine for its purpose?
In my experience the linux zealots have little experience with how the real world operates. Everything is a mental exercise
Governments are SUPPOSED to be inefficient. (Score:2)
God forbid anyone [in or working for government] design anything efficiently involving forethought.
But governments are SUPPOSED to be inefficient and ineffective.
That's because, whenever they DO get efficient, then then efficiently oppress everyone within their power an become tyrannies.
Inefficiency is a defence against this. It was even deliberately designed into the US Federal government in an effort to keep it from ballooning out of control.
Fortunately for us all, the incentive structures inherent in a
Re: (Score:2)
Why should they if it still works just fine for its purpose?
I wouldn't consider "zero security and begging for someone to scam them" and "works fine" the same thing.
Re: (Score:3)
What are the costs to rewrite the water-billing software, payroll software, work order system, etc, and then integrate them all together?
Probably not very much if the original systems are properly documented so you have a clear idea of what you are doing, and plenty of test data. Plus your hardware costs would probably be 1/4 what they are at present, so you could factor this as part of your "rolling upgrade plan" -you do have plans for a rolling upgrade, don't you?
Systems won't be documented. Whatever 3rd party wrote them will make sure of that so the government will have to pay them for any future changes. And you could knock me over with a feather if what apparently is something like a county government has any plans for a "rolling upgrade" in the future. Their plan is to keep using old systems until they fall apart and they have to buy new ones.
How many Linux gurus are willing to take the pay cut to work at the same rate as a Windows guru? Since they are probably 4 times as productive (ie believe the statistic is more like 10 times) none would need to.
You clearly have no idea how costly it is to keep a pile of shit like Windows on the road, even without malware problems.
In the old days, they used to s
Re: (Score:1)
First of all, little or no retraining would be necessary. In most Linux distros, all that anyone would have to do is get used different programs. Linux is also better at detecting hardware and has drivers for more hardware than Windows 10! And Linux has the added bonus that Linux does not overwrite working drivers with non-working ones with every update as many windows installations do. Linux also does not send all of your private personal data to a huge corporation so that they can sell it to advertise
Have some Wine (Score:2)
What are the costs to rewrite the water-billing software, payroll software, work order system, etc, and then integrate them all together?
That depends. Will they run under Wine? If so, you don't need to re-write them (or can rewrite them piecemeal as they need upgrading anyhow.)
Downside to Wine is that it emulates Windows so well that it makes the system vulnerable to some Windows malware attacks. B-b
But far from all, and you can sandbox it without too much work. B-)
Re: (Score:2)
Re: (Score:2)
The problem is your free office program isn't 100% compatible with MS Office. You'll have problems with opening files people send you and vice versa. In that situation YOU appear as the problem.
Re: (Score:2)
The problem is your free office program isn't 100% compatible with MS Office.
Nobody cares. LibreOffice is really sweet, and just like MS Office, it does way more than you really need. Gets better every release too, it's like Christmas twice a year.
Re: (Score:2)
Municipal governments have about zero budget for IT costs. Instead they would rather get windows and run the risk of getting owned instead of actually paying money for support.
Of course, it is usually even more expensive to recover from a security incident... Well, nobody as accused politicians of being forward thinking.
Re: (Score:2)
Support costs for Linux tend to exceed those of Microsoft.
Lie detector triggered.
Re: (Score:2, Insightful)
I don't think Linux would help to fix stupid... Windows can be made pretty secure, linux can be made very insecure. Regular users should be locked down without the ability to install applications regardless of the OS. If they need to ability to install apps, it should be on a separate machine outside of the firewall.
Re: (Score:2)
Re: (Score:2)
Rather ironic your sig is this when you think that all malware starts to look like a problem for Linux to solve.
My sig is about your thumb.
Re: (Score:2)
Re: (Score:2)
There are so many things that make Linux less of a malware magnet than Windows. Just picking one off the top of the pile: don't attempt to hide URLs and file extensions. It's a lot harder to accidentally install and run a program in Linux. There is also a culture of security in Linux that tends to rub off on newbies. Somebody emails you a sob story that ends with wanting you to enter your email password on a web page? Thanks, but no thanks. Got email with links to click on? Don't, not before you verify that
Re: (Score:3)
She never said that.
Re: (Score:3)
There's always one asshole that can't help but ruin a decent joke.
Nice to see (Score:5, Insightful)
Re:Nice to see (Score:5, Informative)
One in seven Britons can't read the time unless it's digital [dailymail.co.uk]
80% of kids can't read an analog clock [firstforwomen.com]
I personally know 'youngins' who believe that analog electronics are completely obsolete and that you can't do anything useful unless you have at least a microcontroller to work with. Imagine their faces when I show them a crystal radio receiver, doesn't even use a battery, how does it even work??? xD
Also realize that anyone born in the 90's or later can't imagine a world without the Internet and smartphones. They've likely never been to a public library and think that books only come from Amazon. They wonder how people communicated before 'social media'. If they had to call someone on a rotary-dial phone they'd be totally lost, and hearing the clicking in the receiver, they might be convinced it's broken. For that matter they might try to unplug it from the wall, certain that's just to 'charge' it, then maybe think the battery is bad when it doesn't work.
They don't think that anyone listens to broadcast radio anymore, and has no idea that that metal thing on someone's roof is a TV antenna, or that you can actually watch TV for free in the first place.
It's not a matter of 'stupid' so much as it is a matter of 'no experience with these things'. Some of them are stupid, however, because they were raised with so many modern conveniences that they didn't have to learn to take care of themselves as much with their own two hands and their own brain. Why learn things when you have the Internet on your smartphone? Why learn to drive a car when you can just call a ridesharing service to pick you up? Why bother to learn to cook when you can just pick something up somewhere? Why learn how things actually work, or learn how to build things from raw materials when you can buy just about anything you could imagine (and you've been convinced that if you can't buy it, you don't need it anyway)?
I don't know if you're young or old, but (You) are not talking like you're very smart at all, friend AC.
Re: (Score:2)
It's not a matter of 'stupid' so much as it is a matter of 'no experience with these things'. Some of them are stupid, however, because they were raised with so many modern conveniences that they didn't have to learn to take care of themselves as much with their own two hands and their own brain.
I have absolutely zero experience preserving food outside of a refrigerator except when we go camping or something but then it's eaten in a day or two. Always had one, I'm assuming I'll always have one. Would probably end up eating canned food, biscuits and pasta after everything in the fridge spoiled. I vaguely know that food can be pickled, cured, dried, smoked, fermented etc. but frankly I got no clue. Also I have no idea how to mend clothes or anything like that, it probably seemed like a useful skill 5
Re: (Score:2)
Re: (Score:2)
Oh sure, they'll use these things if they're a hipster. They'll be bragging later on their blog about how it was a much more authentic experience, and suddenly these things will be cool and hip again.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Nice to see some people in this country aren't so dependent on high technology that they can still operate without it.
Maybe some of the folks there discovered that they didn't need their PCs any more?
All the computing power they needed was in their cell phones.
Re: (Score:2)
Back in the mid 90s, a computer store I was at lost their network connection to the back office. Possibly a power outage though at the time there were lights on in the building. The cashiers could not figure out how to sell stuff. So they had three cashiers at each high tech register - one talking to the customer and writing out a receipt, one with a big button calculator, and one with a procedures manual behind feeding them instructions. It was probably more laughable at the time because there were store
Re: (Score:2)
There's another reason not be so reliant on tech (Score:3)
Then one night during a storm, the power went out. My UPSes kicked in, but the power didn't come back for more than 10 minutes. So I shut down my desktop and switched to my laptop. But 45 minutes in I lost Internet (I figure the cable company's battery backups ran out). No problem, I could chill for a few hours playing games o
Competent network/system admins (Score:2)
Re: (Score:3)
I've been there. No competent IT person in their right mind would move up there. It's considerably north enough from Anchorage (about 50 miles) that your commute would suck (if you want to live somewhere real), and the wrong mix of "rural" to appease the people who want to live in the middle of nowhere, and .. Palmer is a shithole anyway.
Re: (Score:3)
Re: (Score:2)
See, I like Anchorage. Then, of course, most of my life has been spent in the big cities of the West Coast (from San Diego to Seattle)... so maybe I'm a poor judge of not-hell-holes.
All that said: find me a $50k a year job in Juneau and I'm on the next flight.
Re: (Score:2)
you are correct, but I am sure since security is expensive and inconvenient its easier to ignore it. where will they find the money?!!
"This is the total of state, county and city sales tax rates. The Alaska state sales tax rate is currently 0%. The Matanuska Susitna Borough sales tax rate is 0%"
"Alaska is the only state that does not collect state sales tax or levy an individual income tax"
Re: (Score:2)
Focus On The Positive (Score:1)
I prefer to focus on the positive, as does the Mat-Su Public Affairs Director. Sure the ransomware hit wasn't supposed to happen, but what if it does anyway? Can you deny that malware frequently targets users, social behavior, and employees trying to "do the right thing" nowadays?
Thus, this stuff happens, despite all our best efforts. It's better that the users have some resilience and ingenuity when an outage occurs, rather than acting all helpless and like IT has to fix everything. Haul out those type
Re: (Score:2)
Back up the truck ... (Score:3)
... and explain how the ransomware entered the system.
Was it email phishing or malicious website, a direct attack through an exploit?
All this shit about moving to Linux and stuff is radical given that any weak entry points are not OS-related.
Re: (Score:1)
Interestingly I'm a Unix Admin and I just got upgraded from Windows 7 to Windows 10. With the upgrade I can't delete icons from my desktop (I hate having icons on my desktop) and I had to have the IT guys come over to install cygwin so I could log in to my servers.
[John]
Re: (Score:2)
Re: (Score:2)
The right answer is: for a low-volume workload like you get in small rural towns, there isn't much of a real need for modern electronics. Really, there isn't. While it might be BORING to fill out 100 trash permits a day in cursive, it really doesn't take that long, especially when you compare it to a hunt-and-peck typist who then has to print out the resulting form (and who is still going to be bored doing their job with a keyboard). Computers are not always the answer.
My hometown, while neither so small
MICROS~1 Windows strikes again .. (Score:2)
people that say switch to linux have no clue (Score:2)