-
If you enjoy the forum please consider supporting it by signing up for a NES Membership The benefits pay for the membership many times over.
Tewksbury Police Hacked - Backup your data
- Thread starter chaser001
- Start date
the_shootist
Banned
"...It was more like cyberterrorism.”
Can the shelter in place alert be far behind?
Tewksbury PD got hacked...pure and simple. Get a good IT guy in to clean it up. Damn drama queens...
Edit: I actually stopped and read the article and see the Tewksbury PD did try to get this data decrypted without success.
You think the data backup policy will be updated in Tewksbury now?
Can the shelter in place alert be far behind?
Tewksbury PD got hacked...pure and simple. Get a good IT guy in to clean it up. Damn drama queens...
Edit: I actually stopped and read the article and see the Tewksbury PD did try to get this data decrypted without success.
You think the data backup policy will be updated in Tewksbury now?
Last edited:
the_shootist
Banned
and not have your data backed up....that's unforgivable!!
My cousin does IT for a town in mass. He goes crazy with all the virus's downloaded because the PD and FD will not stop surfing porn and downloading other crazy files. i was not suprised when i heard this today
the_shootist
Banned
![[rofl]](/xen/styles/default/xenforo/smilies.vb/013.gif "ROFL [rofl]")
the_shootist
Banned
There are millions of village idiots that would click SAVE!
he actually laughs about it and covers for them. he can't believe on the same day he sends out messages telling people not to open attachments or download strange files he gets calls later saying the opened attachments and down loaded files.
the_shootist
Banned
If I was found responsible for something like that at work I'd be fired on the spot with no recourse!!!
The problem is the forensics required to do this are time prohibitive (unless software is in place before it happens) to monitor what happened. Going back and looking is more costly than just fixing the
machine is.
-Mike
If I ever caught someone ****ing their computer up like that I'd issue them one of these... "This is your computer for the next week. And If I don't see you using it, you'll be changing your name to Aywillbe Fayed".
Last edited by a moderator:
Usually this type of ransom-ware still requires user interaction, so somebody clicking something they shouldn't.
If the data was actually encrypted with the 2048 bit key that some are done with, you aint getting your data back.
However, a couple companies recently found a machine that was used to create the keys, so there is slim chance you can get your data back without paying the fee now:
https://www.fireeye.com/blog/execut...-information-for-cryptolocker-decryption.html
If the data was actually encrypted with the 2048 bit key that some are done with, you aint getting your data back.
However, a couple companies recently found a machine that was used to create the keys, so there is slim chance you can get your data back without paying the fee now:
https://www.fireeye.com/blog/execut...-information-for-cryptolocker-decryption.html
I disagree with you guys.
Can't expect everyone working for you to be a computer genius. If there are smart IT people working there, they should have installed some kind of endpoint security to prevent this happening..
As may already know: potatos gonna potate.
One of your computer ignorant users shouldn't be able to bring down your whole network.
Can't expect everyone working for you to be a computer genius. If there are smart IT people working there, they should have installed some kind of endpoint security to prevent this happening..
As may already know: potatos gonna potate.
One of your computer ignorant users shouldn't be able to bring down your whole network.
I have endpoint security, and gateway security, and eMail filtering provided by a third party before eMail even hits my gateway, and file server endpoint security, and eMail transport security, and segmented networks, and people still think they should click the link to pay a 1873,59 Euro cellular phone bill with Deutsche Telekom.
I spent eight hours Saturday, and a few hours yesterday, doing remediation and restore... and another of my users downloaded the damn thing again not 45 minutes ago.
You go on one of the many exchanges and can purchase bitcoins with either your bank account or credit card and then your bitcoins will now fluctuate in value either in your favor or against you and you can choose to hang on to them or spend them where it is accepted!
![[grin]](/xen/styles/default/xenforo/smilies.vb/041.gif "Grin [grin]")
Hey, job security right?
Dude, no, sorry, but you don't have to be a genius to avoid getting infected with this crap. I have like a half dozen sites I service and most of the users at these siites are dumber than a box of rocks with a few intermediate users sprinkled in here and there. Even the guys with riprap for brains don't get this crap.
There's a couple of constants with sites that don't get malware...
The employees do ACTUAL work with the computer (and not **** around with it)
The employees don't click on stupid shit or go stupid places, etc. STick to the basics.
It is kinda funny one of my customers where the employees are the busiest (a liquor store) they NEVER get malware. Ever. There's a reason for this... they're too busy actually working (selling shit, doing work functions) to be engaging in masturbatory practices with the browsers on the cash registers. Same thing with most of my other customers. I can often tell who is going to get let go next by the frequency of malware calls for a given computer. In one case a guy had his brother working for him on "the middle computer". The middle computer always got spyware on it. Always. Eventually he fired his own brother, problem went away. Funny how that works.
-Mike
dcmdon
NES Member
This is so pathetic.
Ransomware runs in the user context on the PC and on the network.
If proper standard security proceedures (no local admin rights and write rights only to folders you control) are followed, then none of this could happen.
I dont' even run with local admin rights on my home machine. This is very very basic stuff folks.
- - - Updated - - -
Removing local admin rights, something I remember starting to do in 1999 would have avoided this.
Ransomware runs in the user context on the PC and on the network.
If proper standard security proceedures (no local admin rights and write rights only to folders you control) are followed, then none of this could happen.
I dont' even run with local admin rights on my home machine. This is very very basic stuff folks.
- - - Updated - - -
Removing local admin rights, something I remember starting to do in 1999 would have avoided this.
Fully protecting against this just ain't gonna happen. In order to implement the security to fully prevent this, not much work could be accomplished. There will almost always be some vulnerability that can be exploited. It's why user training is so critical.
It's entirely possible, and arguably probable, that they need to tighten security. But sometimes, you just need to hope your employees are educated enough and think enough to not click that link in the email.
Problem is in the real world unless you have full time management (eg, fully supported IT during working hours at least) you have to give people local admin rights, otherwise you'll blow your brains out trying to deal with minutae everytime some user wants to do something trivial. One email group where I work has an endless barrage of trash in it because users don't have local admin rights. It's not a problem for us because we have a group that manages the PCs, etc, but it's still annoying for a small business, etc.
I'd shoot myself first. What a ****ing pain in the ass. Linux/unix, sure... makes sense. But on a windows box? LMAO. Not to mention in current versions of windows it prompts before escalating
anyways.
-Mike
Denying local admin rights only protects the PC on which the virus is running... Delete the user profile, have 'em log back in, move on...
The problem is network file access - These encryptors will traverse folders very quickly; I've observed that they will follow links also, so the best practice of not having mapped drive letters is of little use when somebody has a link to a project folder on their desktop.
I'd say paying the 500 bucks is looking like a might fine option right about now..
maybe they should just subscribe to the monthly subscription based payment plan for access to their own data.
![[laugh]](/xen/styles/default/xenforo/smilies.vb/012.gif "Laugh [laugh]")
(emphasis added)
Thats' called "Backup!" (Or more specifically, "versioning backup, offsite DR, etc... ya know, the stuff that real data processing shops have been doing since the advent of tape.")
JayMcB
NES Member
- Joined
- Aug 8, 2011
- Messages
- 22,312
- Likes
- 108,706
We had a 1.2TB hit at a client with crypto (what the jackass at Tewks PD) got. Backup got all but 1 hours' worth of data back.
I will say again: Mozilla, Adblock Plus and noscript and you have to be a REAL idiot to pick up one of these.
Put in an edge scanning firewall out front and this should be a rare occurence
I will say again: Mozilla, Adblock Plus and noscript and you have to be a REAL idiot to pick up one of these.
Put in an edge scanning firewall out front and this should be a rare occurence
Swansea police got hit before.http://boston.cbslocal.com/2013/11/18/swansea-police-pay-ransom-after-computer-system-was-hacked/
Last edited:
