nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Ouch: Brit council still staggering weeks after ransomware bit its PCs

Silver badge

Councillors...

...are considering the idea put forward that Flounderland has a certain ring to it.

2
0
Thumb Up

I say kudos for a BCP that a) actually existed b) managed to maintain some semblance of front line services.

3
0
Silver badge

...and I say brickbats for a BCP that needed to be invoked because of such a trivially easy to deflect threat, with an extra side order of brickbat for not having the systems wiped and re-imaged from backup inside 24 hours. You might almost think they don't have an Ansible scripting expect on the payroll! (OK, I exaggerate - they couldn't be that useless).

5
0
Anonymous Coward

Having witnessed the aftermath of a major ransomware attack - before you throw brickbats, be aware of one thing - if the police are involved they may insist that certain machines are left untouched whilst they are reviewing them for evidence.

This process took 3 weeks in the case I witnessed and hampered the recovery efforts. Not blaming the plod as they are only doing their job, but it does make an instant recovery a lot more difficult if there are certain machines you can't touch.

1
0
Silver badge

Random, malicious, professional?

I'd have thought you could perm only two of those three.

Then again, when you're writing excuses for your own incompetence its best to chuck in the kitchen sink. I see that it was "possibly international"....c'mon guys, say it was Russia. Everybody knows Putin doesn't want those eight houses on Cleator Moor to be built.

6
0
Silver badge

Re: Random, malicious, professional?

Professional means they do it for money rather than just to show that they can

Malicious means they intend to cause damage

Random means there was no particular reason picking that rural council rather than someone else.

So yes, I think it can be all three, and probably was.

8
0
Silver badge

Re: Random, malicious, professional?

"Professional" implies a certain level of training, skill, experience and, yes, remuneration. It may also imply membership of an institution established by charter.

Doing it for money implies that you have a job.

0
0

Victim of what?

The council added that it had been a victim of a “malicious and random professional attack.”

Or rather of its own IT incompetence.

8
0
Silver badge

Re: Victim of what?

Any organisation can be hit by ransomware, it's how quickly and effectively they deal with it that shows the underlying skills and understanding their own IT department have of the tech they are using IMHO.

For this to drag on for weeks makes me think they're reliant on outsourced support in some way either for infrastructure or backups.

3
0
Silver badge

Re: Victim of what?

Any organisation can be hit by ransomware,

But most are not badly hit. I've worked for a company with 90,000+ employees across the UK, Europe and US, with about 80-90% having a laptop or desktop. The breadth of the attack surface was immense, and this was a high profile household name with around 15m customers. We were running older versions of WIndows, crappy old browsers, but through proper planning, proper controls, proper security management the company didn't get hit by ransomware or related attacks, or rather it did, but they were ineffective, or controlled at the first point of infection.

Councils and health services have no good excuses - even if you have to run old and unpatched software, there's mitigation strategies that work. Of course, their weak excuses are still much better than those for idiots like Maersk, who have the scale, money, commercial interest to avoid this type of attack, but didn't.

4
0
Silver badge

Re: Victim of what?

Were? How recent was this?

Absolutely attacks can be minimised, but that goes back to my initial point about how ICT can deal with it when it happens. I could lock down my own infrastructure far tighter than I have but that requires approval to do it and will require some money to be spent, money that many councils etc don't have to spare.

2
0
Silver badge

"Weeks"?

If they've taken everything down then weeks is plenty of time to wipe and reimage systems.

At the very worst you pay the ransomware, get the documents back, and rebuild everything.

What's going on?

4
0

Re: "Weeks"?

At a guess, lack of staff to do the re-imaging, probably lack of internal knowledge to do full rebuilds of systems and lack of working backups to restore data.

7
0

Re: "Weeks"?

No automation.

Each desktop needs re-imaging by hand (perhaps a .WIM on a USB stick or a badly implemented WDS) which needs manual intervention to complete the build.

Untested backup recovery. No one has heard of an RTO. There's no spare storage to bring up the backups on and no-one wants to just outright wipe the original machines.

An IT department that consists of 4 helpdesk and 2 'sysadmins' who've never been given the time of money to implement proper systems. Or they are shared services and other councils/departments still need their attention.

Constant internal wrangling because no-one is willing to make the bold decision in case it comes back to bite them.

8
0
Silver badge

Re: "Weeks"?

"Untested backup recovery."

or "backup to disk" - which were online and got encrypted too.

3
0
Silver badge

Re: "Weeks"?

Constant internal wrangling because no-one is willing to make the bold decision in case it comes back to bite them.

^^^^^ Pretty much says it all. And it doesn't seem to matter which country it happened in, be it government or private industry, etc. It's have the balls to make the decision and then to hold the line on that decision. But.. profits, job fear, and pressure make weaseling out of a decision preferable.

1
0
Silver badge

Re: "Weeks"?

"An IT department that consists of 4 helpdesk and 2 'sysadmins' who've never been given the time of money to implement proper systems. Or they are shared services and other councils/departments still need their attention."

I've dealt with a number of council IT departments of the years, more than I care to think about, and you just nailed it. The guys do their best with limited staff and resources on a day to day basis but they definitely DO NOT have any other resources to call on when something big happens.

One council I dealt with had the cash set aside to replace their ancient desktops just before the last financial meltdown and bought enough new desktops to replace the entire fleet, even renting a small warehouse unit to house them all while being deboxed, imaged and deployed. The financial crash happened, the deployment slowed down drastically 'till eventually not only did they have too many PCs after redundancies but barely had two people left to continue the deployment. Last I heard, the three year on-site warranty was expiring on PCs still in their original packaging.

1
0

Re: "Weeks"?

Six weeks since the press statement and still down. Wow, words fail me, it will soon be months! What's going on indeed, who are these guys!!!

0
0
Silver badge
Big Brother

Hmmm

I wonder if there is a particularly contentions planning application in progress. Not that I'm suggesting anyone would use this to slow things down a wee bit while they consolidate their position.

3
0
Anonymous Coward

Re: Hmmm

If you want to ramp up the conspiracy theory quotient then bear in mind that I think Sellafield is in Copeland!

2
0
Silver badge

If you depreciate your IT services to the point you can't even do the basics like backups then really you've been hoisted by your own petard.

Management don't like IT unless it involves shiny toys and words like transformation and digital. Workaday stuff like wires and email, nope just make it all go away and bring on the toys.

10
0
Anonymous Coward

These Ard things seem to cause no end of problems, why people keep them as pets if they are that dangerous is beyond me.

2
0
Bronze badge

NotCopingland?

2
1
Silver badge

But fear not !!

The council has been prioritising "front line services" and clamping down ruthlessly on the inflated cost of coddled back office staff and systems which do not visibly deliver value to "Hard Working Families". So that's all right then.

10
0
Silver badge

Planning Applications

There should always be "hard copy" documents for land related stuff (and the land registry itself will have a lot of info, a few local planning stuff just held by local council) so little excuse for delays there IMHO

.. Though that "hard copy" approach not infallible, if the building houses those gets burnt down (which happened to friends of mine, fortunately they had retained 17 year old piece of paper signed by council buildings inspector who had passed the work they had done (inspector was dead by time they wanted to sell property) - none of teh old paperwork ever digitized by council.

2
0
Anonymous Coward

Re: Planning Applications

No need for hardcopy although many councils still have those anyway. It's the lack of offsite backups that hurt most and increasingly some don't seem keen to use tapes as a media and rely on networked storage.

2
0
Silver badge

Re: Planning Applications

"Though that "hard copy" approach not infallible, if the building houses those gets burnt down "

That's what fireproof safes are for. They're a lot easier to implement for paper than for media too.

1
0
Anonymous Coward

Re: Planning Applications

If cheaper is better do you get what you pay for?

0
0
Mushroom

Radioactive ransomare

Isn't Sellafield in Copeland Borough Council's area?

0
0
Anonymous Coward

File-encrypting ransomware infects 'computers'

This kind of thing would never happen of people stuck to the industry standard Micrsosoft Windows

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing