I used to be in charge of backups and partly responsible for disaster recovery at Delphi Automotive or whatever they’re calling themselves today while being acquired by Borg-Warner. I have three thoughts about ransomware attacks.
Any organization with data stored on computers should have a robust and tested plan for disaster recovery and data restoration. It is criminal not to. If ransomware encrypts all of one’s data, all machines should be re-imaged and restored with the latest backups which should be current until at least the day/night before the disaster. If I couldn’t do my part in that, I’d likely have been fired.
That brings me to the second thought. What are they thinking to allow the criminals back into their systems do decrypt their data?!? Once a system has been compromised the only way you can ever have faith is to rebuild it from a basic OS install up. There should be remotely operable imaging scripts for all the workstations/PCs and the servers should each have a document in hard copy, which is regularly updated to explain the procedure to rebuild the OS and reinstall the software. Whatever needs to be done needs to be done to ensure that no one compromises the systems again. It can sometimes be very hard to determine this if the machines face the internet directly. They should not. It can be just as hard to find out how the criminals got in if they used social engineering, but education can help with that.
The third concern I have is the criminals releasing or threatening to release the data to the public. What were they thinking in this day and age if they had sensitive personal information on their systems that was not encrypted?
I see gross negligence in at last some cases of ransomware I’ve read about. I have a disaster recovery and data restoration plan for the computers in my house, and the very few things that have any value against me are encrypted when not being directly worked with. Governments and large corporations can’t do the same? Seriously? I do get that the admins may not be given the manpower and budget to do the right thing, but that just pushes the negligence up the food chain, it doesn’t make it go away. If you can’t afford a disaster recovery plan, it means that you can’t afford a computer network.
From what I read in the article, one municipality said they had to pay the ransom, they just didn’t have the budget to recreate all the maps, meeting minutes, etc. That is an insane way to think about it. Those maps etc. wouldn’t cost much at all to back up, massively less than recreating them would. Less than the ransom too.
Laws and criminal penalties as a solution to future problems? Seriously? You think that, on the off chance you find them, they’re going to live in a country with officials who care and have an extradition treaty? Good luck. This was a major part of the plot in Neal Stephenson's book “Reamde” Well worth reading.
Lake City, at the end of the article, seems to have come to grips with reality, at least in time for the next attack.
What are they thinking to allow the criminals back into their systems do decrypt their data?!?
That part really struck me as well. No matter how they arranged to handle the restoration with the hackers, those systems should forever be treated as compromised.
I do get that the admins may not be given the manpower and budget to do the right thing, but that just pushes the negligence up the food chain, it doesn’t make it go away.
Couldn't agree more. I suspect that it is the insurance companies that will eventually apply the pressure that will make governments and business take data security and backups more seriously. In the last couple years that I was in the field I'd have to fill out and sign off on annual questionnaires on IT security policy from the municipality's insurance company.
The questions were pretty vague but the forms were getting longer and more detailed each year. I'm guessing they'll keep getting even more specific about the best practices that you've outlined and I wouldn't be surprised to see some kind of widespread industry standard like PCI-DSS established in order to prevent these kinds of attacks.
I had no idea insurance companies would negotiate with hackers to lower a ransom and then pay it. Almost half a million sounds like such a huge amount for a town with about 12,000 people.
I'm so curious about the backup systems these towns had in place and what the actual process was like when dealing with the hackers. I was an IT contractor for two even smaller towns (about 3,000 people each) for over 10 years. I dealt with plenty of hardware failures that required restoring files from backup but luckily I never had to deal with a ransomware attack.
I used to be in charge of backups and partly responsible for disaster recovery at Delphi Automotive or whatever they’re calling themselves today while being acquired by Borg-Warner. I have three thoughts about ransomware attacks.
Any organization with data stored on computers should have a robust and tested plan for disaster recovery and data restoration. It is criminal not to. If ransomware encrypts all of one’s data, all machines should be re-imaged and restored with the latest backups which should be current until at least the day/night before the disaster. If I couldn’t do my part in that, I’d likely have been fired.
That brings me to the second thought. What are they thinking to allow the criminals back into their systems do decrypt their data?!? Once a system has been compromised the only way you can ever have faith is to rebuild it from a basic OS install up. There should be remotely operable imaging scripts for all the workstations/PCs and the servers should each have a document in hard copy, which is regularly updated to explain the procedure to rebuild the OS and reinstall the software. Whatever needs to be done needs to be done to ensure that no one compromises the systems again. It can sometimes be very hard to determine this if the machines face the internet directly. They should not. It can be just as hard to find out how the criminals got in if they used social engineering, but education can help with that.
The third concern I have is the criminals releasing or threatening to release the data to the public. What were they thinking in this day and age if they had sensitive personal information on their systems that was not encrypted?
I see gross negligence in at last some cases of ransomware I’ve read about. I have a disaster recovery and data restoration plan for the computers in my house, and the very few things that have any value against me are encrypted when not being directly worked with. Governments and large corporations can’t do the same? Seriously? I do get that the admins may not be given the manpower and budget to do the right thing, but that just pushes the negligence up the food chain, it doesn’t make it go away. If you can’t afford a disaster recovery plan, it means that you can’t afford a computer network.
From what I read in the article, one municipality said they had to pay the ransom, they just didn’t have the budget to recreate all the maps, meeting minutes, etc. That is an insane way to think about it. Those maps etc. wouldn’t cost much at all to back up, massively less than recreating them would. Less than the ransom too.
Laws and criminal penalties as a solution to future problems? Seriously? You think that, on the off chance you find them, they’re going to live in a country with officials who care and have an extradition treaty? Good luck. This was a major part of the plot in Neal Stephenson's book “Reamde” Well worth reading.
Lake City, at the end of the article, seems to have come to grips with reality, at least in time for the next attack.
That part really struck me as well. No matter how they arranged to handle the restoration with the hackers, those systems should forever be treated as compromised.
Couldn't agree more. I suspect that it is the insurance companies that will eventually apply the pressure that will make governments and business take data security and backups more seriously. In the last couple years that I was in the field I'd have to fill out and sign off on annual questionnaires on IT security policy from the municipality's insurance company.
The questions were pretty vague but the forms were getting longer and more detailed each year. I'm guessing they'll keep getting even more specific about the best practices that you've outlined and I wouldn't be surprised to see some kind of widespread industry standard like PCI-DSS established in order to prevent these kinds of attacks.
I had no idea insurance companies would negotiate with hackers to lower a ransom and then pay it. Almost half a million sounds like such a huge amount for a town with about 12,000 people.
I'm so curious about the backup systems these towns had in place and what the actual process was like when dealing with the hackers. I was an IT contractor for two even smaller towns (about 3,000 people each) for over 10 years. I dealt with plenty of hardware failures that required restoring files from backup but luckily I never had to deal with a ransomware attack.