It was the Russians.
It was the Russians I tell you, the Russians did it!!!! They are getting back at us for the election hack...wait...they did that to us... Nevermind.</joke>
Probably not, but it was still fun.
The Port of San Diego in California has shipping in outside help to deal with a crippling ransomware infection that is now in its third day. Port CEO Randa Coniglio said on Thursday that a number of services, including park permits, public records requests, and business document filings, have been hit by file-scrambling …
To me, as a pure naive in these matters it does seem as if part of the problem here is that so many agencies were hit. Are they all sharing IT resources? I'd have thought there was a case for services' systems to be silo'd so that if one goes down, for whatever reason, the rest don't go down like skittles.
But what do I know?
Yeah, a lot of cities will either consolidate into a central "Information Services" group that handles IT for everyone. A lot of times this is run by an outside Manged Services Provider or something. I've also seen some municipalities where one group will get a massive grant, build out a bunch of IT equipment with the money, then rent out excess capacity to other agencies.
This is almost always done for cost-savings rather than the benefits of consolidation. Usually one of the first things to go it backups and monitoring software. This results in all eggs/one flimsy basket scenario which is ripe for RansomWare.
I've been seeing more and more attacks against XP nowadays that I used to it. Mostly because while overall use of XP is down, the stuff that is still running it tends to be of a much higher value. Pretty much the only things on XP nowadays are going to be machines where there is a damn good reason it is still needed. Like those niche machines where the company would lose buckets of money if the machine no longer functioned, but would cost even more money to migrate.
The most common systems I've seen are those niche manufacturing systems (which would have very valuable designs and schematics on them), control systems for really expensive equipment (that tends to also produce very valuable medical records), embedded management OS for old EMC SANs (which are likely supporting some old, but mission-critical software), there are still a lot of ATMs / voting machines / kiosk systems that use it too.
There appears to be more pictures now than a book of nursery rhymes...
The Port of San D / Wasn't too handy / With AV or countermeasures
Given a ransom / That was quite handsome... / To pay or give up their treasures?
Still shaking their heads / They bring in the Feds. / Will they make this go away?
The exploit was APT, / For cash they'll be strapped / And files in the locker to stay.
It's Friday, a time for really bad poetry (I'm being generous with the term, I know) and making light of someone else's misfortune.
strangely I found out about this ransomware from a UK news source (El Reg), but I live in San Diego. Go fig.
And I think the 'Super Cali' titles are entertaining.
As for the new layout (since it was mentioned by the previous poster), please make it work better with 'noscript' running. Try and you'll see what I mean.
Who knows maybe it's a consulting gig waiting for someone like me to help them clean it up...
(what, win-10-nic? Office 365? Heh, THERE's your problem! - yeah they don't wanna hear THAT, now do they!)
"The US Navy does not strike me as the kind of organization that will hook into civilian IT for potential cost savings"
Tell me honestly, Pascal - did you manage to say that without laughing? If the Congresscritters thought it would save a few cents they would probably demand the Navy manage with a couple of abacuses between the fleets...
"If the Congresscritters thought it would save a few cents they would probably demand the Navy manage with a couple of abacuses between the fleets..."
Not true! They'd only do that if they had abacus manufacturers in their districts (who were major contributors).
From the SD Tribune story:
"The Port of San Diego said Wednesday it is investigating a highly sophisticated cybersecurity threat to its technology systems that is currently affecting the public agency’s ability to process park permits and records requests, and perform other business services."
... "highly sophisticated cybersecurity threat"... sounds much better than "some plonk clicked on a link/attachment that they shouldn't have".
Biting the hand that feeds IT © 1998–2020