back to article Ransomware scum infect Comic Relief server: Internal systems taken down

Comic Relief’s internal systems are down for the third day running after a ransomware attack on one of the charity’s servers on Wednesday. Founded in 1985 by comedy scriptwriters, the charity behind the UK’s Red Nose Day telethon took down all of its internal systems in the wake of the attack. An email sent on Wednesday to the …

  1. William 3 Bronze badge

    Nothing funny about comic relief.

    A charity that invests in weapons and tobacco companies instead of using that money to actually help people.

    Charities these days are a sham.

    1. Anonymous Coward
      Stop

      Re: Nothing funny about comic relief.

      Charities these days are a sham

      Some Charities these days are a sham

      TFTFY

      Unless you'd want to include the one I give about 100 hours a year up for (free of charge), along with all the other volunteers who get paid nothing for the time the put in (several thousand hours combined). We have 3 paid staff, who get paid little more than the living wage, in fact 2 of them also "work" many hours for free.

      Of course we could close down, and then people will be complaining about all the anti-social behavior and crime returning and how much Police / Social Services / Court time and money is being spent..

      1. itzman

        Re: Nothing funny about comic relief.

        Well exactly. All the charities you have heard of are a scam. Meanwhile people continue to do good work for nothing all over the place.

    2. Daz555

      Re: Nothing funny about comic relief.

      Comic Relief reviewed it's investment strategy in 2014. It no longers has any shares in BAE or any tobacco companies.

    3. Anonymous Coward
      Anonymous Coward

      Re: Nothing funny about comic relief.

      So do you unless you bank ethically and rigorously police any pension you might hold.

    4. Anonymous Coward
      Anonymous Coward

      Re: Nothing funny about comic relief.

      Have to agree. All the charities I've had dealings with have been scummy. Using slave labour from people looking for work. Paying them next to nothing and then sacking them one second before they might have any rights in the work place. Then replacing them with new fodder. Insisting on them having 20 minute lunch breaks or insisting they work through lunch because they cannot afford to pay them. Abusing free volunteer whilst the higher ups rack in charitable donations. I've yet to see an honest charity.

      1. rcx141

        Re: Nothing funny about comic relief.

        meanwhile the bosses trough , trough and trough again helping themselves to vast sums they could never hope to earn anywhere else

    5. Mystic Megabyte
      FAIL

      Re: Nothing funny about comic relief.

      Charities these days are a sham.

      Ask the folk on the yacht we rescued in a storm 10. I'm just a volunteer who gives my time :(

    6. asdf

      Re: Nothing funny about comic relief.

      >Charities these days are a sham.

      There are many good ones and Charity Navigator is your friend on which ones. At least here stateside the real bad scam ones are usually ones that have Veteran in their name (not all obviously). Stolen valor is low hanging fruit sadly.

    7. Anonymous Coward
      Pint

      @William

      "Charities these days are a sham."

      Just because a majority seems to be taking it lightly with ethics and such doesn't automatically make the whole thing a scam. Though I do agree with you that there are many problems right now.

      For me a charity which needs some kind of profit to sustain itself (and its staff) is usually a scam. Because of their double morale: they maybe trying to do some good things, but as a commercial institute their first priority will always be to generate profit in order to sustain themselves. Because of that they can = per definition = no longer put other peoples interest above their own. Which should be the basic principle of a charity.

      This goes double when the founder / CEO / board of directors / etc. all get a very hefty income out of the whole thing. And with hefty I refer to having the ability to easily purchase luxury items like mansions, boats and yachts. Because in my opinion those things have nothing to do with charity.

    8. a_yank_lurker Silver badge

      Re: Nothing funny about comic relief.

      Many good charities use investment income to fund much of their ongoing activities. This is normal prudent behavior if you plan to do something in the future. Attacking a charity for having a long term survival strategy shows a lack of understanding and a failure to research the charity.

      The real question to ask any charity is not about their investment but how much of their overall budget goes out to help. Some have very low overhead expenses and spend most money doing good while others seem to be more about posturing and enriching the leaders.

  2. Chazmon

    Morality issues besides charities are probably only exceeded in terms of online monetary transactions to banks and retailers.

    This may perhaps become a trend as lets face it if they had morals they wouldn't be scammers.

  3. alun phillips

    Strong password

    Yes I did see the quotation marks, please can someone teach these so called tech experts what constitutes a strong password because that ain't it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Strong password

      "includes a mix of upper and lowercase letters, special characters and a number."

      Ummm. Special characters - will that be Harry Enfield or Paul Whitehouse, I wonder?

    2. Geoff May (no relation)

      Re: Strong password

      Example of strong passwords:

      BrianShaw

      TerryHollands

      Example of week passwords:

      DavidCameron

      GeorgeOsborne

      1. nil0

        Re: Strong password

        More examples of week passwords:

        sevendays

        montuewedthufrisatsun

        cowes

    3. asdf

      Re: Strong password

      Keepassx tends to spit out remarkably good 26 character passwords in my experience. Pretty sure the default comes with upper, lower, numeric and special characters but if not trivial to set.

  4. Frank Fisher

    Some charity

    I think I read Comic Relief has a £100m plus property portfolio in the UK and half a dozen staff on £150k plus?

    Nein danke

    1. Hollerithevo

      Re: Some charity

      Like Seeing Eye Dogs, it's a popular charity that hardly knows where to shove its money, it has so much. I know someone who works there as a middle manager and my eyes popped when I saw his salary.

    2. david_off

      Re: Some charity

      Nope, they don't have £100m property. I think the Panorama show that slated them said they were "sitting on" £100m, but when you get all of your income from one campaign per year (£99m in 2015), it's not a huge surprise they don't hand it all out the next day.

    3. david_off

      Re: Some charity

      And according to their latest accounts, they have 2 people on over 100k, and none are over 150k.

      So, in summary, you remember incorrectly.

    4. Crazy Operations Guy

      Re: Some charity

      Even if they did have £100m in property, doesn't mean that they -paid- that much for it. A lot of Fortune 500s will donate unused property and buildings for the tax write-offs and a PR boost. Especially when they are cutting entire divisions and end up evacuating a building, selling the building will take several years, where donating the building would allow them to offload it within a matter of weeks so that the write-off appears on the current financial year's numbers and means a much bigger bonus to the executive in charge of the down-sizing. And of course, it also offsets a lot of the bad PR coming from mass lay-offs.

      I worked with one company that was bought-out by a company in another country that just wanted their client list, patents, trademarks, and a few key staff members. It ended up leaving a small campus empty, so they just donated the whole thing to a local charity. They brought me and a few other folks to come in and re-image all the machines and to confirm that no proprietary data was left on any systems and that nothing was recoverable. The company then wrote off everything from the building itself to the pens and pencils still in the supply cupboard, and probably even the food left in the break room's refrigerator... They ended up writing enough off that they ended up not paying a single cent in taxes despite the massive income form the sale. The property itself was worth upwards of $200 million USD (It was a huge chunk of park-like land along a river bank across from a major city)

      1. Jamie Jones Silver badge

        Re: Some charity

        Huh?

        ..l so they just donated the whole thing to a local charity..
        then:
        ...They ended up writing enough off that they ended up not paying a single cent in taxes despite the mass'ive income form the sale...

        1. Crazy Operations Guy

          Re: Some charity

          income from selling the company (IP, customer lists, key staff members, and other things that weren't the building)

  5. Anonymous Coward
    Anonymous Coward

    I doubt it's targeted

    Yes, I know it adds a layer of emotion (and so leads to more clicks), but the tactics of these people are volume based, not targeted. This charity just happened to have a weakness either in IT security or in staff education, but I doubt the hackers even know their names.

    Not that such justifies this and I would gladly assist in hanging such idiots by their private parts if caught, but I don't think the perpetrators are *extra* evil.

    1. TVU

      Re: I doubt it's targeted

      "Yes, I know it adds a layer of emotion (and so leads to more clicks), but the tactics of these people are volume based, not targeted. This charity just happened to have a weakness either in IT security or in staff education, but I doubt the hackers even know their names."

      Yep, in the wake of this incident they should review both their security strategy (even if that means bringing in competent security consultants) and their back up policy so that they become less vulnerable to such attacks.

  6. phillupson

    Why does nobody bother just putting in a software restriction policy against %temp%? Yeah okay, it takes you an extra second to disable it if you need to install something legit which unpacks itself in a temp directory but I'll wager it's much less stressful than running around trying to unscrew/restore/fix a network once it's been knackered by the scummers.

  7. Jemma

    Ransomware scum infects guiltware scum server.

    There fixed it.

    Oh look let's use people's money to fix problems in the majority caused because the same people have voted for psychopaths since democracy reared its ugly head and caused the problems themselves in the first place.

    Why has the NHS been imploding since a week after it started? Because the labour government didn't have a clue about the cost/wanted the electorate to like them and the conservatives have found its more convenient (and warmer) to shoot at junior doctors, rather than Scottish grouse (there went BR too) .. Both voted in democratically.

    Why has Africa been bouncing from disaster to disaster for most of the last 60 years - oh yeah, that's right, western (mainly British) government policy - voted for by the same people who support comic relief (mainly founded to solve the f-ups caused by democratic government they voted in..). Rwanda massacres - British colonial rule and the divide and rule policy; just one example. There's so mainly failed states there it's like a British Leyland quality control meeting.

    Depraved kids in deprived areas.. Ditto

    Google's new north of the Humber Find a Food bank app.. Ditto

    Disabled children born to gulf war veterans.. Ditto (not confined here sadly). And yes, Gulf War Syndrome does exist, I've seen the sad results myself. "Depleted Uranium" dust is still bloody radioactive Uranium, just not quite as radioactive.

    All these problems wouldn't exist, and therefore the excruciating televisual hell hole that is comic relief wouldn't need to if instead of electing psychopaths and sociopaths and often downright idiots into governments we would have some sort of mental vetting before someone could be elected. For heaven's sake, we're on the verge of President Trump!

    Who else remembers farmer Gummer feeding his own daughter a beefburger in the middle of the dribbling bovine disease crisis? They kept it very quiet when her best friend died of nvCJD, the same girl who was conned into chowing down on "safe" meat. Go Democracy.

    You did that with your little vote..

    And now you're trying to fix it with your little donation..

    I think the word I'm looking for is futility.

    Disclaimer: I loathe and have always loathed the fake bonhomie, cheer and pseudo charitable actions of Comic Relief, but it's gotten worse over the years so now it's a parody of a parody of its original purpose which was to be a parody of charitable giving. As my grandfather would say *insert cockney accent here* "count me ahhrt"

    1. David Webb

      So I'm going to guess you don't like comic relief?

    2. Anonymous Coward
      Anonymous Coward

      Most of us can do nothing about the political situations. What we can do is feel considerable empathy with the unfortunate people whose lives are torn apart by said political situations. Some of us have a desire to help alleviate the suffering, even if it doesn't help the causative situation.

      Can I help with despotism in Africa? No, but can I help raise money to feed starving children? Yes.

      Can I help stop the war in Syria? No, but can I help raise money to help families fleeing the atrocities that are occurring there? Yes.

      Most people are not personally responsible for the causative factors, therefore guilt has nothing to do with it in most cases.

      Charities are in the main a good thing, and the people who raise money for them are in the main good people.

      1. Anonymous Coward
        Anonymous Coward

        The trouble with UK Charities

        Charities actually do themselves a disservice by paying senior staff excessive wages - it discourages ordinary folk from supporting them. I see no reason why any charity should pay anyone more than, say, an MP.

        1. Jemma

          Re: The trouble with UK Charities

          @ David, perfectly correct, and you might get some value from paying a charity manager an MPs wage, as opposed to paying it to an MP.

          However I will admit that if you are dealing with executive management, especially in a turnaround situation, it's best to pay the going rate, or a reasonable percentage of it - to get the right person/people.

        2. david_off

          Re: The trouble with UK Charities

          So you think they should pay someone £75k a year to lead a £75m/year, 200+ people business? I look forward to seeing the candidates for that role...

      2. Anonymous Coward
        Anonymous Coward

        Charities are in the main a good thing?

        Charities are in the main a good thing, and the people who raise money for them are in the main good people.

        No, in fact often they are not.

        Once they have full time salaried staff, they spend most of their time and donated money working out how to keep the donations flowing in. To protect their jobs.

        And to do that they employ the most cynical marketing possible, employing the worst elements of the virtue signalling AgitProp machine.

        Big charities are big money, and big money corrupts.

        Of course there are exceptions. BUt there are a hell of a lot of organisations whose sole râison d'etre is to create an emotional; narrative to deprive people of hard earned cash, in order to fund their executive lifestyles.

    3. Yugguy

      @Jemma Yeah whatever.

      I will be donating and on the night I will be working to support one of the call centres.

      I can't do anything to solve global issues of starvation, displacement, but I can do something to help individuals.

      1. Jemma

        Then I suggest you learn your history better. If you voted Blair in, you share the responsibility for gulf War 2. If you voted for Cameron, I haven't got time for the whole list, you share the responsibility. Churchill - the partition of India into India and Pakistan amongst others, pouring agrochemicals as biological weapons on to the Malays... Need I go on?

        I'm perfectly happy to admit I voted for Blair the first time. I share some of the collective guilt for his actions, but that was the last time I voted until Brexit - I don't much like liars, especially not when the damage they've caused is still getting worse..

        Not to mention Shrub, Oh-bugger and please no, Donnie Dickwit. Or the part where the US Army managed to lose 240,000 machine guns & semi auto pistols (which just happened to not be marked with any serial numbers...) in Iraq, wonder where those ended up.

        I'm perfectly happy to help people, with money and my expertise, but I'm not willing to give or to work for or to support the UK charitable version of the vampire squid.

        Find the reasons behind people needing charity and fix them, if you need new honest politicians and a new policy sort it by voting or demonstrating - it's no good sending canned fruit to Cambodia, when just walking to school is like tap dancing in a minefield.

        As Blackadder said "thinking is soo important.. Try to have a thought of your own.. " it's good advice, because once a charity becomes a company, it's always a company first and a charity second.

        1. Anonymous Coward
          Anonymous Coward

          "If you voted Blair in, you share the responsibility for gulf War 2."

          Only if I can see into the future absolutely accurately !

          1. Jemma

            It didn't take that much prescience at the time, even less if you were coming from the US side of things. If the writing on the wall was any larger you would have had to write it on the moon.

            They were going to put the boot in, right or wrong, whether the evidence agreed or not and the rest is history.

            Oh, and you know the bio, chemical & nerve weapons used by Saddam previous to the first gulf war (against Iranians and Kurds) .. I'm sure you'll be pleased to know that the suppliers of the necessary equipment came from Germany, France, UK and US. We knew he had them before Gulf War 1, of course we did, BECAUSE WE HELPED BLOODY SUPPLY THEM just like we supplied fermenters and other kit for the Russian chemical biological nerve and nuclear program.

            I hate to disappoint you but GCSE history has about the relationship with reality as Donnie Dickwit.

            1. Cameron Colley

              @Jemma

              If you're alive then you've done fuck all yourself to stop the despotic murderers so get off your high horse already.

              There is no way for anybody in the UK or US to do anything to change anything that our owners decide to do. Ask David Kelly how best to alert people of war crimes. Oh, no, wait, you can't...

          2. Anonymous Coward
            Anonymous Coward

            If you voted Blair in

            "If you voted Blair in, you share the responsibility for gulf War 2."

            Only if I can see into the future absolutely accurately !

            You didn't need to look further than the plastic smile , rictus grin and the Teflon slick delivery, to know you were dealing with an egotistical liar.

            The master of the virtual signalling delivery, full of sound and fury, signifying nothing.

            Even today, people are still in denial, and say that 'he achieved some good stuff' . No he didn't, and there's a portion of the female anatomy that fits him like a glove.

        2. Filippo Silver badge

          @Jemma

          Do you really think that by not voting you are absolved of all responsibilities? Inaction is also a choice with consequences. There is no "safe" option in an election, ethically speaking; whatever you do, you get part of the burden.

    4. Anonymous Coward
      Thumb Up

      @Jemma, have an upvote

      Have an upvote. As you mentioned veterans, depleted uranium, etc I am mentioning the Invicta Foundation (http://www.theinvictafoundation.org.uk/) who I came across when at the MCN Bike festival in May. Unlike other charities they don't have high paid execs. I chatted with the lads there (Army) and we had a good chat, me being ex-RAF.

    5. Anonymous Coward
      Anonymous Coward

      > some sort of mental vetting before someone could be elected

      Yeah right, I can see that working. A nice new quango to decide who is suitable to run for political office - and who is disqualified for their "extreme" views or insufficient "humanity".

      So how do you choose the members of the quango? Let alone what methods should they use to evaluate each candidate?

    6. Matt Bryant Silver badge

      Re: Jemma

      ".....Why has Africa been bouncing from disaster to disaster for most of the last 60 years - oh yeah, that's right, western (mainly British) government policy....." Really? Are all the countries in Africa still under Colonial rule? It seems many of them have been independent and run by locals for many decades, but you seem very keen to absolve people like Idi Amin, Charles Taylor or Robert Mugabe of any responsibility. I am assuming that is because you are (a) ill-educated and need to do more history reading, and (b) have the typical liberal/Leftie arrogance of assuming all "people of colour" are actually too stupid to manage their own countries, and what they really need to do is just do what you and your liberal/Leftie chums tell them, because - of course - only you and your chums can actually protect them from The Evil Bankers/Capitalists/Globalists/Jews/<Leftie-bogeymen-du-jour>, right?

      "....Rwanda massacres - British colonial rule....." Yeah, you're just heaping on evidence for the ill-educated case I made above. Rwanda was never part of the British Empire, it was part of the German's and then Belgian's, but it became independent in 1962. The Belgians gave copious warnings of the 1994 massacre based on the many similar massacres since Rwandan independence, all planned and actioned by local Hutus and Tutsis. To fill in some of the holes, you could start by reading up on Hassan Ngeze's part in the build-up to the 1994 massacres (and, no, he wasn't British).

    7. Triggerfish

      I believe Rwanda would be more accurately laid at the Belgians door, rather than Britains colonialism. Likewsie the Congo before you drag that one out.

      Nice rant otherwise....except you have not said how this changes, I mean do we go back in time and change the conept of democracy, if so whats the replacement. I mean it's all very well having your rant about the vite, so what do you do, refuse to vote, is that helping?

      Also what about the clothes you wear, the food you eat, the electronic junk you recycle, or do you just live naked in the woods? Because a lot of these things also contribute to problems in thrid world countries.

      Pretty much everything you do has an impact on the world, and if you were born in a first world stable country then some of that comes from the fact your country in the global competition of whose the biggest bastard, your country was up there with the winners.

      So you can sit there and not take any responsobility for it whilst ranting againts it, but it doesn't strike me as very useful.

      Don't get me wrong btw I agree with some of what you say, but well where's your solutions?

  8. Anonymous Coward
    Anonymous Coward

    Ransomware...

    So today is Red Face day, down at Comic Relief HQ?

  9. Timbo Bronze badge

    Internet access?

    Do all the HQ's PC's have to log into this "compromised" server, to then allow them access to the outside world?

    I'd have thought they would just be able to start up their PC's, find that a "network server" isn't available (because <hopefully> it's been quarantined and taken offline) and they'd still be able to access the 'net.

    Or is simple me, missing something that happens in "big corporate/charity land"? Maybe this server was also their firewall/access point/etc etc?

    1. Anonymous Coward
      Anonymous Coward

      Re: Internet access?

      The chances are the site is in lock down,

      All hardware is dumped in a quarantine and only allowed back on the network when proved clean.

      Been there, done that (many, many years ago mind).

    2. Halfmad

      Re: Internet access?

      It'll be locked down to prevent any additional data leakage until they can clean stuff up. Chances are they aren't entirely sure how bad it is, so rather than potentially leave some endpoints exposed they pulled the plug.

  10. Herby
    Trollface

    On charities...

    Crooked ones: Clinton Family Foundation (enough said).

    Why? Yes, there is a genuine need. Some are shamed of what they have and what others need that they are compelled to contribute. Much like indulgences.

    Do they serve a purpose? Yes, some have actually helped those who through no fault of their own (read natural disaster) actually need something to get going again.

    But... Charity begins at home. Usually in my pocket. It isn't tax deductible, but I do get to buy pizza for lunch today which is better then gruel that I might get elsewhere.

    So, there are all types, and all sorts of reasons for charities. Choose yours wisely and think why you contribute. You will be enlightened.

    1. mad_dr

      Re: On charities...

      "I do get to buy pizza for lunch today which is better then gruel that I might get elsewhere."

      You didn't eat at Pizza Hut then, evidently.

    2. JC_

      Re: On charities...

      Crooked ones: Clinton Family Foundation (enough said).

      No, not enough said. Please provide evidence for your assertion that the Clinton Foundation is "crooked".

      Charity Navigator reports the following:

      • Overall Score & Rating 94.74

      • Financial 97.50

      • Accountability & Transparency 93.00

      In comparison, the Red Cross gets an overall score of 85.01.

  11. Yugguy

    Meh again. Last night I attended an event that supported Coventry food banks. We raised over a grand. I feel good about that.

  12. Anonymous Coward
    Anonymous Coward

    Bid Deal

    I don't feel sorry for Comic relief which exists to allow luvvies to promote themselves and signal how nice they are.

    I am sure the bosses at Comic relief are massively well rewarded, just the same as if they worked at the likes of Goldman.

    Like all charities, a massive scam.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bid Deal

      You could go read through their thorough and open financial records (but since you have already made up your mind, why would you spend the time proving yourself wrong?)

      http://www.comicrelief.com/who-we-are/finances

    2. a_yank_lurker Silver badge

      Re: Bid Deal

      I do not know much about Comic Relief's finances but many charities have minimal (poorly) paid staff and actually try to do good with very limited resources. This does not mean there a no "charities" that are not fraudulent because there are. But before attacking a specific charity review their financial statements and see how much overhead they have.

  13. This post has been deleted by its author

  14. Tezfair
    Facepalm

    mountain out of a molehill

    "We have been working with a specialist cyber security company to assess the situation in detail and are taking proactive steps to augment our security.

    "The attack appears to have been isolated and at present we have found no evidence that any information or data has been stolen. However, we are continuing to carry out a thorough forensic investigation of all our IT systems to assess the full extent of the situation and are taking additional precautions to protect the security of all the information that we hold."

    Talk about waffle, let me reword this,

    "Someone opened an attachment without thinking, we got hit, so we are in the process of searching and deleting the recently added files, restoring a backup and getting on with life."

    Its ransomware, not espionage for goodness sake

    1. Stuart Halliday
      WTF?

      Re: mountain out of a molehill

      Let me guess, a stupid IT Admin was reading their email on the Server!

  15. Stuart Halliday
    Facepalm

    "users will be requested to provide a new "strong" password which is more than eight characters long, and includes a mix of upper and lowercase letters, special characters and a number."

    Gee what was it before?

  16. quxinot Silver badge

    "Staffers were told there would "no access to other external systems such as the internet, Citrix or webmail"."

    There would __?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021