1. If you enjoy the forum please consider supporting it by signing up for a NES Membership  The benefits pay for the membership many times over.

  2. Dismiss Notice

Baltimore City Servers offline - Ransomware

Discussion in 'Off-Topic' started by allen-1, May 22, 2019.

  1. allen-1

    allen-1 NES Member

    Joined:
    Feb 23, 2014
    Messages:
    5,973
    Likes Received:
    4,992
    Location:
    GA; (CT escapee)

  2. June4th

    June4th NES Member

    Joined:
    Feb 17, 2008
    Messages:
    3,791
    Likes Received:
    2,009
    Location:
    SE MA
    Hackers doing God's work.
     
    Cur, BUMPA01603, xtry51 and 4 others like this.
  3. new guy

    new guy NES Member

    Joined:
    Dec 7, 2009
    Messages:
    19,624
    Likes Received:
    11,371
    Dumbasses should have just paid the (cheap) ransom.

    Gotta love local government incompetence.
     
  4. Dennis in MA

    Dennis in MA NES Member

    Joined:
    Feb 12, 2007
    Messages:
    13,672
    Likes Received:
    5,787
    Can you just see a East-Coast Dirty Harry type movie? "The city of Baltimore does NOT pay ransom to kidnappers!"

    Then Eastwood shows up, throws some punches, shoots 2-3 guys in the junk and gets the servers turned back on all before walking away disgusted with the whole system.
     
  5. Prepper

    Prepper NES Member

    Joined:
    Apr 12, 2007
    Messages:
    16,955
    Likes Received:
    4,915
    Location:
    NH
    Dammit.... I read this three times confused and amused, only to realize the title says servers, not sewers. I thought the sewers were backing up until the ransom was paid. And that would make an awesome movie!
     
  6. Enzo

    Enzo NES Member

    Joined:
    May 16, 2012
    Messages:
    1,963
    Likes Received:
    391
    Location:
    Central Massachusetts
    Saw a news story on this subject not long ago, 60 minutes maybe.
    Said the hackers are most always “honorable” in that if you pay the ransom they release your site back . Because if they didn’t and stiffed you then no one would pay up.
     
  7. new guy

    new guy NES Member

    Joined:
    Dec 7, 2009
    Messages:
    19,624
    Likes Received:
    11,371
    Most companies will just pay when hit with ransomware unless they have all their ducks in a row, backup-wise, beforehand.
     
  8. DeadEyeDan

    DeadEyeDan NES Member

    Joined:
    Jan 19, 2019
    Messages:
    130
    Likes Received:
    94
    Location:
    Boston
    Last edited: May 22, 2019
    mibro likes this.
  9. SpaceCritter

    SpaceCritter NES Member

    Joined:
    Jan 15, 2013
    Messages:
    10,615
    Likes Received:
    4,003
    Location:
    In Orbit
    ...which they should, anyway, especially an enterprise like a major city. Then again, what was their security fabric like?

    No. No it wouldn't. Though it would be pretty funny to read about it in the morning paper.
     
    Prepper likes this.
  10. JayMcB

    JayMcB NES Member

    Joined:
    Aug 8, 2011
    Messages:
    10,023
    Likes Received:
    4,395
    Location:
    Metro-Worst, assachusetts
    [rofl][rofl][rofl][rofl][rofl][rofl]

    incompetent assh0les in cybersecurity. This is truly 101 shit

    I bet they're union, tenured and fireproof
     
    Cur and straightshooterjake like this.
  11. straightshooterjake

    straightshooterjake

    Joined:
    Jul 28, 2016
    Messages:
    182
    Likes Received:
    156
    If an enterprise is significantly affected by ransomware, then you know for certain that they did not have a viable disaster recovery plan or offsite backups. Many people would say that senior IT staff should be fired for such a mistake, and I would not necessarily disagree. However, the senior executive staff are even more responsible, and should be the most severely penalized.

    I don't know how "ransomware" has become a thing without the explanation above being included at the beginning of every article. If ransomware devastates your business, then you were also unprepared for natural disasters, major server issues, power outages, and many more.

    Of course, we know that in government there is no accountability, so we don't expect any actions in this case. But seriously, the problem is not ransomware, it is gross incompetence.
     
  12. SpaceCritter

    SpaceCritter NES Member

    Joined:
    Jan 15, 2013
    Messages:
    10,615
    Likes Received:
    4,003
    Location:
    In Orbit
    I've had customers hit. Small shops. My usual:
    0. Eye roll.
    1. Clean.
    2. Restore from backup.
    3. "Let's talk."
     
    JayMcB and straightshooterjake like this.
  13. DeadEyeDan

    DeadEyeDan NES Member

    Joined:
    Jan 19, 2019
    Messages:
    130
    Likes Received:
    94
    Location:
    Boston
    Well some of these attacks are targeted and they infiltrated the systems first, mine credentials and compromise backups as part of the attack....
     
  14. Dadstoys

    Dadstoys NES Member

    Joined:
    Apr 12, 2012
    Messages:
    12,586
    Likes Received:
    6,343
    Location:
    North Shore
    Ok , who clicked on the porn link?
     
  15. SpaceCritter

    SpaceCritter NES Member

    Joined:
    Jan 15, 2013
    Messages:
    10,615
    Likes Received:
    4,003
    Location:
    In Orbit
    Heh, for my own stuff, I'm sufficiently old-school a major component is sneaker. Hard to get at a drive that's in the garden shed. [laugh]

    As for the enterprise: I'm reminded of a quote from my martial arts instructor's first instructor, Joe Rossi. He was a WWII vet who picked up the Filipino arts while there, then sent back to master it, which he did. Mr. Rossi: "Howdja get there?" Usual context was ground fighting - not that you shouldn't have a ground game, but ideally your opponent should be dead before it gets that far.

    Likewise with this. Honestly, how many security fails are we counting here, for this to impact operations to this degree?
     
  16. Spanz

    Spanz NES Member

    Joined:
    Feb 25, 2009
    Messages:
    26,348
    Likes Received:
    10,897
    Was a smoking hot Asian chick involved?

    upload_2019-5-22_18-46-53.png
     
    DeadEyeDan likes this.
  17. DeadEyeDan

    DeadEyeDan NES Member

    Joined:
    Jan 19, 2019
    Messages:
    130
    Likes Received:
    94
    Location:
    Boston
    I’ve discovered that smoking hot Asian chicks are not very good for me in the long run...
     
    timbo likes this.
  18. Spanz

    Spanz NES Member

    Joined:
    Feb 25, 2009
    Messages:
    26,348
    Likes Received:
    10,897
    just think short term!
     
    DeadEyeDan likes this.
  19. DeadEyeDan

    DeadEyeDan NES Member

    Joined:
    Jan 19, 2019
    Messages:
    130
    Likes Received:
    94
    Location:
    Boston
    Now you tell me?
     
  20. 556USER

    556USER NES Member

    Joined:
    Dec 19, 2018
    Messages:
    247
    Likes Received:
    208
    Location:
    Northshore MA
    Reminds one of the DNC servers, LOL
     
  21. Drix

    Drix

    Joined:
    Jan 27, 2015
    Messages:
    2,456
    Likes Received:
    1,272
    Location:
    Merrimack Valley
    When I first saw these virus' coming up (5 years ago now?) I'd read that the US was interfering with the payment transfer systems so there was no guarantee the receiver would be getting the money being wired. I'd guess its a mixed bag now on a personal computer level, but on a corporate level like this, yeah, they'd have to honor their word if they want to get paid.
     
  22. new guy

    new guy NES Member

    Joined:
    Dec 7, 2009
    Messages:
    19,624
    Likes Received:
    11,371
    Many want payment in bitcoins.

    Incident response is huge business these days.
     
  23. JayMcB

    JayMcB NES Member

    Joined:
    Aug 8, 2011
    Messages:
    10,023
    Likes Received:
    4,395
    Location:
    Metro-Worst, assachusetts
    How the hell do you not have offline backups in an enterprise. I could see losing a day's worth of data...but not losing the server
     
    pepperoni likes this.
  24. DeadEyeDan

    DeadEyeDan NES Member

    Joined:
    Jan 19, 2019
    Messages:
    130
    Likes Received:
    94
    Location:
    Boston
    A lot of people have replaced tapes with cloud backup storage like AWS S3 or Glacier... Don’t think I can talk about the details of last years Atlanta and Baltimore attacks but backups have been targeted as part of these types of attacks. Even offsite tapes can be rendered nearly useless if you can compromise the catalogue files, it could take days or weeks to rebuild those before you can start restoring systems. A large city will have many hundreds of servers and many thousands of workstation so even with functional backups for everything the task would be monumental.
     
    pepperoni likes this.
  25. SpaceCritter

    SpaceCritter NES Member

    Joined:
    Jan 15, 2013
    Messages:
    10,615
    Likes Received:
    4,003
    Location:
    In Orbit
    Again, per Joe Rossi: "Howdja get there?" What does your enterprise security fabric look like?
     
  26. DeadEyeDan

    DeadEyeDan NES Member

    Joined:
    Jan 19, 2019
    Messages:
    130
    Likes Received:
    94
    Location:
    Boston
    All you need is one little hole... own it and harvest credentials, move laterally and compromise more... harvest more credentials, move laterally... you are royally f***ed!
     
    Last edited: May 22, 2019
  27. SpaceCritter

    SpaceCritter NES Member

    Joined:
    Jan 15, 2013
    Messages:
    10,615
    Likes Received:
    4,003
    Location:
    In Orbit
    I haven't seen a huge number where it's been an exceedingly clever attack on one little hole. I HAVE seen many where plenty of shit has been neglected for years.
     
  28. xtry51

    xtry51 NES Member

    Joined:
    Feb 7, 2010
    Messages:
    19,484
    Likes Received:
    7,085
    Location:
    NH (CT Escapee)
    I want video of someone in the city letting an Indian with terrible English syskey computers one at a time. Lol.
     
  29. DeadEyeDan

    DeadEyeDan NES Member

    Joined:
    Jan 19, 2019
    Messages:
    130
    Likes Received:
    94
    Location:
    Boston
    But you only need one... that is found by bot probably and reported back to the C & C and the process starts, once a privilege account is harvested the process accelerates and soon you have a f’ing mess...
     
    Last edited: May 22, 2019
  30. SpaceCritter

    SpaceCritter NES Member

    Joined:
    Jan 15, 2013
    Messages:
    10,615
    Likes Received:
    4,003
    Location:
    In Orbit
    ...and yet as a practical matter, we're not hearing about massive nationwide breaches, we're hearing about one very dysfunctional city, so... [thinking]
     

Share This Page