Another Canadian uni hit by ransomware, students told to keep Windows PCs away Carleton University in Ontario, Canada, has confirmed it has been hit by a ransomware infection that crippled some of the Windows machines on its main campus. Systems at the university started to go down on Tuesday, and its IT department reported that email, network drives and the central university student portal had all …
Good that they can recover from backups, but better if you can prevent scumware from afflicting you in the first place.
We were hit once. No real damage but we had to re-image one PC and pull back a few files from shadow copies. About 30 minutes to recover. However, this was annoying enough to push us to look at ways to mitigate attacks. Analysis showed that the user had opened a link in an email that had bypassed our web and AV filters. To counter this we changed the firewall to only allow downloads from websites that have been categorised by the firewall vendor.
Next layer of defence was to implement applocker policies to prevent unknown executables from running from suspicious locations such as user profiles.
Finally, we implemented FSRM to look for known crypto malware files being written to file servers. If they are detected, alerts are generated and share permissions are set to read only. Since implementing this and trying to keep our file screen up to date with new variants, I have since found this site that keeps a comprehensive list of files to add to your file screen. https://fsrm.experiant.ca/
If all else fails, we have shadow copies, offisite delayed replicas and 2 independant backup solutions to tape and disk.
Of course there are never any guarantees, but since doing this we have had no further incidents.
"went to a user in the goods receiveable department."
even RSA got 'hacked' in a similar way, when an attachment with a payload was apparently opened [in 'virus outbreak' aka MS Outlook] by a low-level accountant that was "on the network".
general e-mail rules to avoid this:
a) *NEVER* preview in HTML
b) *NEVER* even VIEW in HTML
c) *NEVER* allow 'inline whatever' to be previewed (or even VIEWED) in an e-mail
d) *NEVER* click on a link in an e-mail. *NEVER*. [I've received fake 'unsubscribe this' links in legit-looking bulk mail that appears as if I were maliciously subscribed against my will, most recently to 'wired', which I forwarded to their abuse department instead - had I clicked, who knows what would've happened!]
HTML mail is *EVIL* and should be avoided. Doesn't matter how many cat-pic chain mails get forwarded that way. If you must see it, save the attachments, scan them, THEN view them.
This level of security requires strict I.T. policies *AND* compliance. However, if you can actually *GET* users to comply, it will save your ass at some point.
What's it cost in staff overtime to impliment all these attack mitigations?
Eh? Doesn't need overtime. Just needs some GPOs for the applocker and installing and configuring the FSRM role on the file servers. Thats the joy of AD, you can centrally manage almost anything with policies.
By linking to Ubuntu I assume that you are implying that we should rip out all our Microsoft infrastructure and replace it with Linux? Not really practical when we have multiple SQL servers, an Exchange infrastructure, numerous application servers and a farm of Citrix RDS hosts running a large number of applications with no non-Windows alternative.
Assuming I could find Linux based replacements for everything we run, I think that the amount of overtime required to replace everything would be a tad more than was required to put in the mentioned mitigations.
Personally, I am completely OS agnostic. I had used numerous flavours of xnix going back to SCO unixware. I do run some Linux servers. I just use whichever OS is suitable for the job.
I do despair when we constantly get people who run the odd Linux box or two think that you can rip out a mature enterprise infrastructure and replace it with Linux. These are tools to do a job, not a religion.
You are a very silly man. Go away.
No great mystery as to why I post anon.
My employment contract has a clause which stipulates I must not post anything damaging to the company or clients on social media or any other website.
I don't think I ever post anything negative, but to avoid any issues I just choose to always post anonymously when mentioning anything to do with work.
What is your excuse for being an idiot?
Ahem. Cartoon U is not really in the same league as say Oxford or Harvard. I am not remotely surprised.
FWIW, we once bought a group of PCs from their computer services department when I worked there.
One by one they all died, first with smoke, then with showers of sparks like roman candles out of the back of the power supplies.
Stuck with Dell after that.
That's what universities get for running Windows networks for the most dangerous most seediest users of all, students.
Morans.
Then again, Linux these days... better go back to pen & paper. PCs should not be a requirement for courses where they're not strictly necessary, and where they are, you can generally get a better education from Youtube.
If you are willing to spend three times the time necessary and can listen to the stupid music, incessant "um, ah, um" instead of lucid recitation, and ad-hoc backtracking to cover forgotten precursor information or alternative approaches without hitting first CTRL-C and then the bottle.
And that's before we get into the camera technique that has hands, heads and bodies blocking whatever it is the blithering drooler on screen is exhorting us to watch closely.
I never saw an "educational" YouTube video that couldn't be improved by deleting it. GIMP and Blender bring out the cream of the crop of dithering blither, but don't take my word for it. Grab some strong drink and go on a voyage of discovery.
The best YouTube footage comes from Russian dashcams. At least there the inevitable wreckage flying all over the place belongs to someone else.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
