City of Atlanta's IT gear thoroughly pwned by ransomware nasty IT systems used by the City of Atlanta, in the US state of Georgia, have succumbed to a ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk. At a press conference held on Thursday afternoon, Atlanta Mayor Keisha Lance Bottoms said the …
@101
They probably do have a backup.
Best case scenario is this:
They have to flatten and re-image every computer effected, you just can't be sure otherwise, then data is restored from backups. That's not an instant process.
worst case is no backups.
What happens more frequently than people admit though is a wonderful middle ground.
These attacks work because they are quick and they encrypt remote files (files in shares the user has access to) *first* before they do the local stuff. They only pop up with the demand when finished.
Now what has happened is some low level grunt has been dispatched because 5 or 10 people have said something along the lines of "my shortcuts have stopped working" or "my documents have gone". This means it's done and dusted and they are only noticing because stuff they have saved locally on their desktop stops working, or they have shortcuts to documents that now no longer work.
Before it is understood what has happened the poor soul is trying to appease someone and "get their documents back, this HAS to be done now". To do this they have just connected the backup drive(s) to a server and logged on. OK, I doubt they are using USB drives to backup here, but you'd be amazed just now many places do.
Guess what this does?
That's right. Your most recent backup is now encrypted. It takes seconds, and it's done while your user profile is loading.
This is the exact time someone still fielding calls and checking emails twigs is desperately trying to reach techie #1 on their mobile to "just check" they aren't connecting backup drives because of the fuss finance made an hour ago regarding missing spreadsheets.....
Step 1 is to stop the infection from getting worse. Restoring data into an infected environment just wastes CPU cycles as the restored data is encrypted.
Only after you get your environment clean can you start doing the recovery activities. If you have one of the Ransomware variants that put your systems into an unbootable condition you will be reimaging systems or performing BMR recoveries, both of which are slower and more labor intensive than restoring data.
Reimaging Windows machines is particularly painful, as you will likely have to install numerous patches that aren't part of the base image - how many Tuesdays old is it? Then of course you need to make sure your security software is up to date (or pick a new one...).
What a mess - there are a lot of people who aren't going to have lives outside of the office for a while down in Atlanta. Many of whom had no ability to avoid this situation.
You would think that a city with a combined population of over 5.5 million people would have a more capable, proactive IT staff.
Why?
Personally, i'd expect an ITIL enviroment. 5-10 clueless geeks on the minimum wage. 1 embittered ex first line helldesk veteran managing them, half a dozen second line techs being paid about half the market rate for 2nd line techs (and therefore of dubious quality) and one or two third line techs being paid decent amounts who keep the place going. Maybe with a grizzled greyhaired ex tech as manager.
Plus about a dozen managers for the above, all of whom are political appointees from the employer with no technical knowledge and who are not competent to be making technical decisions, but who have all of the authority for making the decisions.
Those in charge use fancy lingo picked up at seminars they use to push each individual resume and paint how each is a professional, all while obtaining 200k paychecks at your expense. None have worked for profit, only as moochers with unlimited tax funds. I bet you look at the staffing model, the annual unlimited budget spends, and how each staff member is allowed apple tablets, expensive cellphones, full blown non controlled laptops, and free mobile wifi. All the while the suggestions from the real IT are unheard, ignored, and avoided because they don't want change. How long has Virtual been out? I am willing to bet they spend more money a year than three similar sized service companies on NEW junk and Old ways. Just to look Good...... Happy job hunting you idiots
This is a bit rich, considering that most people are being forced by the various Governments of the world to use their online services or face massive hassle.
Anyway, I don't understand how this screw up could be putting the personal information of employees and citizens at risk.
The data has been encrypted, most likely by someone with elevated privileges (because they are important and needs it on their single account) hitting every network share with the virus.... not stolen
The people who have the private key don't have access to the data itself.
They will take their march to the sea! In fact, didn't Tecumseh and his men turn north and battle their way back to DC? This is too funny. Sherman's march to the sea has always been one of favorite subjects, not only in history, but also in school period. And given the shite that I received from the so called Veteran's Services in Atlanta(Not the hospital, they treated me great!), I hope they get hacked too!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
