Ransomware Attack

cosmichobo · May 13, 2017, 2:00pm

G’day,

Over the past day or so (?) there’s been thousands of people around the world affected by a new round of Ransomware attacks, where their systems have become locked up, and a ransom of $x demanded.

Scarily it has affected a number of UK hospitals, but also a number of government agencies in Russia and other countries - not much news of anything here in Oz.

My interest was piqued however by the fact that the ransomware apparently is based on some code created by America’s NSA to hack into Windows. This code then made its way into the hacker community, and has been used to create the ransom attack…

Essentially this is exactly why Apple refused to create a backdoor key for the FBI to break into iPhones of suspected terrorists…

I know that it was argued in that instance that the FBI felt there could be information on the phone/s that may stop further terrorist acts, and save lives… And it’s hard to argue against that… But when something like this happens - it does show that Apple’s stance had validity.

Cheers

cosmic

soulman · May 15, 2017, 6:12am

It was actually stolen from the NSA. And this is indeed why backdoors in code are a Bad Idea™ and why Apple refused, as they should have, to write one into iOS.

Angus · May 15, 2017, 9:55am

My last job was in the IT managed services provider space, and after cleaning up half a dozen or so ransomware infections in my time there (that’s just me, there’s other techs there) I’m pretty glad to be out of it.

But being in a situation where people are likely to die on my (IT) watch, I cannot even begin to rationalise that.

This is obviously a complicated issue with a lot of factors at play but the responsibility of this is on the NHS management for ending their Windows XP support and maintenance agreement ahead of time (their Windows 10 rollout was on track apparently). In an industry as critical as this no software should be in use without a valid support and maintenance agreement. That’s just CIO 101.

cosmichobo · May 15, 2017, 12:15pm

I worked for Queensland Health for about 3 and a bit years… finance stuff mostly… but was there during their botched transfer from Lattice to SAP for Payroll… I hate to think what their back up systems would be like.

I’m surprised I’ve not had a million calls from my dad about his (Mac) computer and the possibility of being hacked, with all this media talk… But then again - he follows mainstream media - have they even looked at this?

cosmichobo · May 15, 2017, 10:34pm

Would Time Machine survive an attack of this nature?

I just saw the alleged screen that comes up when you get hacked, which says network drives and USB will all be “locked”… That would by the sound of it include your Time Machine drive - assuming it is physically connected when the attack occurs (If it had been on Mac OS and not just Win)?

This all reminded me I should likely revive my backup strategies… but that involved a USB drive connected to an Airport Extreme - which this new attack would have violated…?

Angus · May 15, 2017, 10:57pm

Hard to really say. If the account the ransomware is being used to run has write access to the disk, then the answer’s probably.

More backups is always better. I use Backblaze for my second backup.

I’d never use Time Machine as my only backup either. That’s a mug’s game.