Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Lake City Employee Fired Following Ransom Payment
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/8/2019 | 4:20:01 PM
RE: Lake City Employee Fired Following Ransom Payment
I agree with you, I was thinking could there be a better way to resolve this issue.

Think about this, we have implemented software that takes an image of a 50-70GB HD (running on NVMe and USB 3.1) where we were able to image the system in about 5-8 minutes. We then took the NVMe disk with the iso for the imaging startup, then booted up the iso (started the application or in certain instances, we would leave it running) in the cloud. We then would point the software to the data iso and recreate the server using this imaging software, cloud, virtual machine or physical machine - minutes to restore) without ever leaving our desk, we pointed the ELB, F5 or Citrix Netscaler to this virtual cloud machine and we were back up and running.

For one-offs, I do think your solution worked great, but if the client is in another state, then that may be somewhat difficult; especially if they live states over (maybe FedEx would work), but it was just a thought.

T
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/8/2019 | 3:08:11 PM
RE: Lake City Employee Fired Following Ransom Payment
AND a very good thought - a wide range of alternative technical guidelines of course - the main thing is that a backup and restore scenario DOES WORK if well thought out and tested well in advance.  At 2am, when restoring a server, one is not THINKING right so testing allows familiarity and documentation to be compiled.  And FAR better than paying ransom.
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/5/2019 | 8:56:58 PM
RE: Lake City Employee Fired Following Ransom Payment
Nice, would you consider putting the server (Web, DB) in the cloud and replicate the server ever so many hours, this could be an option when performing the recovery task. Just a thought.

VMware DR Design Scheme
bwilkes8@gmail.com
50%
50%
[email protected],
User Rank: Moderator
7/3/2019 | 10:53:00 AM
RE: Lake City Employee Fired Following Ransom Payment
Sweet!!!!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/3/2019 | 10:32:57 AM
RE: Lake City Employee Fired Following Ransom Payment
THANKS - i know from experience.  In 2014 before moving to Georgia, I supported small and local businesses and other entities.  One 501C3 museum was hit by Cryptolocker in January - just like that, server gone and all data encrypted.  I had a dedicated system for each client with tested backup and restore protocols so I picked the Dell computer up - put it into car and drove to my client.  System had SAME NAME as server so all data instantly available when I turned server down.  Only active directory was not available of course.

I then restored data to the server offline, and in 3 hours had 98% restoration of data - only one computer lost the desktop.  NOT BAD indeed. 
bwilkes8@gmail.com
50%
50%
[email protected],
User Rank: Moderator
7/3/2019 | 10:04:31 AM
RE: Lake City Employee Fired Following Ransom Payment
Having previously worked at a company where we were hit with ransonware, before I was tasked with backups, I can say you do have a vaild point.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
7/3/2019 | 9:45:56 AM
RE: Lake City Employee Fired Following Ransom Payment
EVER notice that in every single one of the ransomware events posted on this page, NO ONE EVER use a backup and restore option.  REBUILD EVERYTHING is a waste of effort.  I suspect, though, that NOBODY HAS A BACKUP AND RESTORE PLAN in the first place. 
bwilkes8@gmail.com
50%
50%
[email protected],
User Rank: Moderator
7/3/2019 | 9:41:16 AM
RE: Lake City Employee Fired Following Ransom Payment
1. Firing the Director is an interesting call.  The Director possesses the institutional knowledge necessary to facilitate a restructuring.

2. The Mayor is going to be rich once he incorporate the layers of security necessary for this to never happen again.

3. It's interesting that recovery from backup would cost more than paying the ransom.  Hopefully they're relooking their backup solution and periodical test procedures as well.
iani540
50%
50%
iani540,
User Rank: Apprentice
7/2/2019 | 8:18:38 PM
Unintelligible grammar
What does "advised a more cost-approach to retrieve the key." mean? Did you mean "cost-effective approach"?  If so, what exactly did that involve? A combination of bad proof-reading and lack of information leave us with no information about who was fired, and what for.
paul.mcaninch@btlaw.com
50%
50%
[email protected],
User Rank: Apprentice
7/2/2019 | 3:44:38 PM
Good Luck
Lake City mayor Stephen Witt says city manager Joe Helfenberg made the decision to terminate an employee. Helfenberg is revamping its entire IT department to overcome the incident and set up a system to ensure it doesn't happen again. 

 

I wish him a lot of luck.  If he really can "set up a system to ensure it doesn't happen again." he's going to be a rich man.
Page 1 / 2   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14885
PUBLISHED: 2020-01-23
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...
CVE-2019-17570
PUBLISHED: 2020-01-23
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue...
CVE-2020-6007
PUBLISHED: 2020-01-23
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
CVE-2012-4606
PUBLISHED: 2020-01-23
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
CVE-2012-5340
PUBLISHED: 2020-01-23
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.