Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Avoiding the Ransomware Mistakes that Crippled Atlanta
Newest First  |  Oldest First  |  Threaded View
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/17/2018 | 8:32:25 PM
Re: System failures
You can tell they really thought that out. :-)
Take Care,

Margaret

 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/17/2018 | 3:17:56 PM
Re: System failures
Stupid as stupid does ----- and why did Hartsfield Airport in Atlanta  have both primary and secondary power cables router through the same underground tunnel only a few feet from each other when a fire broke out taking about both primary AND REDUNDANT POWER ?????   Because nobody thought it could happen!!!
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/13/2018 | 4:53:49 PM
Re: System failures
I agree to use it as a comparison for server failure. The recovery is going to be the same. What is wrong with the City of Atlanta? We as a group know it pretty much the standard best practices. I can't believe the City of Atlanta is that stupid. Now they have outsiders public and private wanting money to solve their problems. They really need to put on their big boy pants and solve it themselves. They will never be ready for the next server failure or attack. Much of the problem needs to solved from within.

I just want to take moment to thank everyone on the posting of this article. I glad we have people still with solid foundation for systems and security.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 12:10:51 PM
Re: System failures
A better comparison can be made with Merck which was hit hard by WannaCry in 2016.  I remember from all the chatter on the web that they discovered their recovery protocols were about nill!  Which hurt them big time.  YOU have to be able to recover whether from ransomware or drive failure or electrical power outage (Hello, DELTA/).  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 10:34:24 AM
Re: System failures
WOW!!!   LIKE I DON'T KNOW THAT?????   I used it as a comparison for server failure.   And the existance of a recovery plan which, from whati can see, does NOT exist in Atlanta.
mugsprt
50%
50%
mugsprt,
User Rank: Strategist
4/13/2018 | 10:17:37 AM
Re: System failures
9-11 had nothing to do with the City of Atlanta. Many of the mistakes were due to the security and the protection of data. I have worked on the inside temporarily. They have a tendency to have shadow IT departments. They are not unified in IT structure of who has control. NO IT GOVERNANCE and no incident response plan. Someone should have been aware of current possible threats like ransomware in general. Who let the media loose with a screen shot of how to contact the cybercriminals is totally stupid because the media contacted cybercriminals for an interview of questions and they asked for money. The security manager should have handled this quietly with the mayor. Controlled and gave the media constructive information. Handle it in the same fashion as the hospitals did before. If the mayor decided not to pay the $51,000 in Bitcoin. Make a plan. Take the infected systems off the network, restore from backup and recover any workstations the same way. Then have meeting with the stakeholders like the mayor and IT director to develop a plan for going foreward. SAMSAM is usually done by phishing attack using an attachment. Time for end user training along with strengthing your security armor. No one can be bullet proof in IT security but you can have a heathly security appetite. 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/13/2018 | 8:49:33 AM
System failures
17 years ago one morning in September, my data center crashed.  Dropped 103 floors to the ground when the South tower collapsed on THAT DAY.   I was 101st floor so mad eit out though many others did not.  In some ways a Ransomware attack CAN be equivalent to a total system failure.  You had better have a good disaser recovery plan in place and tested!!!!  Upgrading hardware and patching is a NORMAL IT FUNCTION.  It is what the IT staffers are PAID to do and testing a plan is icing on the cake.  It had better be done too because when needed, nobody thinks straight at 2AM rebuilding a server array.   The difference is the exfiltration of data but otherwise they are the same event in many ways.  From what I have heard, THERE WAS NO PLAN and they are rebuilding from ground up.  Horrible.  $3 million in costs to consultants.  
mugsprt
100%
0%
mugsprt,
User Rank: Strategist
4/12/2018 | 1:14:57 PM
Problems is not legacy boxes and out dated applications
I agree with the article to a certain point. Even the oldest software should have been updated. Why? The IT management did not update the software nor move the data to an updated secure platform. Supposedly the City of Atlanta has Cybersecurity manager is also the blame. There is no IT governance to audit the systems and apps to develop risk factors, then resolve them. I BLAME THE PEOPLE. There should be resignations being handed in and termination notices being handed out. The Mayor of Atlanta should be handing down orders to clean this mess up once and for all. I would feel bad for the people let go but there is a huge system to get a security net around and right now they have a lot of companies try to sell the City of Atlanta that they have all the answers.  OUTDATED APPLICATIONS CAN BE PROTECTED. OLD OPERATING SYSTEMS CAN BE HARDED. Read the 2018 Data Base Incident Report from Verizon. Ransomware is climbing on companies or organizations. EASY MONEY. Ransomware sold as service on the dark web. Ransomware is not going away, it will only increase. Now I expressed my opinion. The City of Atlanta will never have updated IT security defense and reasonable protection until they get rid of all the snake oil dealers trying to sell them the latest and greatest cybersecurity package and develop a real cybersecurity plan with a person in charge with the city of Atlanta interest in mind.

Margaret Grigor MCSE,MCSA,CSA,CASP


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41392
PUBLISHED: 2021-09-17
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
CVE-2020-21547
PUBLISHED: 2021-09-17
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.
CVE-2020-21548
PUBLISHED: 2021-09-17
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.
CVE-2021-39218
PUBLISHED: 2021-09-17
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger ...
CVE-2021-41387
PUBLISHED: 2021-09-17
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.