never give unauthorized access to the data...
Until when?
Thats a fine crystal ball you have there sir.
Late with your financial paperwork? Here's a handy excuse: Malware smacked your bean-counter cloud offline
A global software-as-a-service platform catering to accountants is in damage control mode after a malware infection knocked its services offline. Netherlands-headquartered Wolters Kluwer, the software company behind the CCH suite of web-based tax preperation tools for professional accountants, said in a statement it does not …
-
Wednesday 8th May 2019 07:57 GMT Andy The Hat
Obvious question
" ... CCH suite of web-based tax preperation tools for professional accountants." (sic)
So which tools do unprofessional accountants use?
Perhaps we should sell wire strippers for qualified electricians ...
Spanners for qualified mechanics ...
A full manual for professional MS Office users ... oh sorry, that's just pushing expectation too far!
-
Wednesday 8th May 2019 08:01 GMT Anonymous Coward
Wolters Kluwer hit by Mega Cortex Ransomware
“Wolters Kluwer working to restore all UK services following a reported Mega Cortex Crypto Ransomware infection.”
-
Wednesday 8th May 2019 08:13 GMT Pascal Monett
"Assuming CCH has good backup in place"
I'm assuming that, given the number of times we hear of companies being hit by ransomware and paying up, those backups aren't as common as you'd like to think.
I'm also assuming that, once they've been subject to that kind of extortion, a proper backup system must start looking like a golden investment.
But maybe I'm assuming too much there.
-
Wednesday 8th May 2019 09:57 GMT Paul Crawford
Re: "Assuming CCH has good backup in place"
Backups - even if they hare made, are they frequent enough and tested for a full bare-metal recovery?
It is a bit like UPS support: few are willing to send Igor to throw the big red switch and see how the whole building copes with a power outage (you know, to see if aircon holds up while servers are shut down in an orderly manner, etc, instead of overheating).
-
Wednesday 8th May 2019 10:17 GMT big_D
Re: "Assuming CCH has good backup in place"
Been there, done that, had the complete server room offline. At one client, a new manager decided to actually test the UPS, as opposed to assume the UPSes report that everything was working was correct.
The batteries were at 100%, according to the UPS, they held a grand total of less than 1 second!
-
-
Wednesday 8th May 2019 13:31 GMT big_D
Re: "Assuming CCH has good backup in place"
Nope, the batteries had gone bad and the UPS still reported them as good.
This was a large unit for a computer room with an AS/400 and 2 Novell Netware servers.
The NetWare servers recovered without any issues, the AS/400 spit out its dummy (hard drive bearings ceased as they cooled) and refused to come back up.
-
-
-
-
Wednesday 8th May 2019 19:44 GMT keithpeter
Communications
Quote from the Krebs on Security post linked to in OA
"Accounting Today says the limited ability to share updates angered CCH users, many of whom took to social media to air their grievances against a cloud partner they perceive to be ill-prepared for maintaining ongoing service and proper security online."
Perhaps services companies that depend on the cloud should have a completely separate status reporting system? Just a small system that has nothing in common with the main service (perhaps even with a separate DNS entry).
I recollect that Sony in the US had to resort to a drawer full of old Blackberrys after their hack five years ago...
https://www.nytimes.com/2014/12/31/business/media/sony-attack-first-a-nuisance-swiftly-grew-into-a-firestorm-.html?partner=rss&emc=rss&_r=1
