back to article Fresh virus misery for Illinois: Public health agency taken down by... web ransomware. Great timing, scumbags

As the world tackles the COVID-19 coronavirus pandemic, ransomware creeps have knocked offline a public health agency's website that served nearly a quarter of a million people in the US. The Champaign Urbana Public Health District (CHUPD) in Illinois, covering 210,000 folks, including the state's biggest university, said …

  1. skeptical i
    Mushroom

    There is no circle of hell

    deep enough of hot enough for these scum. Otherwise, words fail me.

    1. Marcelo Rodrigues
      Devil

      Re: There is no circle of hell

      Vogon poetry. There is always Vogon poetry.

    2. HellDeskJockey

      Re: There is no circle of hell

      Oh yes there is. They could listen to our elected Illinois officials corona-virus self congratulatory news conference yesterday. Five minutes of that and I'm ready to take my chances on getting sick.

  2. Teiwaz Silver badge
    Coat

    iLLinois

    ill and annoyed now, probably.

    okay, okay, I'm going.

    1. chivo243 Silver badge
      Coat

      Re: iLLinois

      as a native Ill annoyedisan I commend your wordsmithery... I'll leave these..

      Smellinois

      Killinois

      Hellinois

      Feel free to add yours!

      1. Someone Else Silver badge

        Re: iLLinois

        Don't forget FIB. (Those of you south of, say, Peoria may not know that one; if not, simply ask your Friendly Neighborhood Wisconsinite.)

        1. John Gamble

          Re: iLLinois

          Yeah, but that's because Wisconsinites don't know how to drive.

          (Should I add a "Joke alert" icon? Nah. I'm sure this will be taken in the spirit of friendly rivalry.)

          1. This post has been deleted by its author

  3. IGotOut Silver badge

    Further clarification...

    has the website been taken down as a precaution, or because a backend has been compromised, or please, please don't say the have been running an unpatched Windows server as a web front end.

    I never like to victim blame,but this is a bit odd.

    1. doublelayer Silver badge

      Re: Further clarification...

      I don't know for sure, but I'd guess that the storage array that was needed for the site and its databases probably got hit. The typical targeted attack will look to find those before going off so as to cause the most damage. They also probably tried to find and knock out any hot backups at the same time.

  4. KSM-AZ

    NetApp

    Fighting the same shit now, started Saturday. I wish we spent a little more on our NetApp to keep more snapshots. Over-priced storage just pulled our fat out of the fryer, making it worth about 20 times what we paid for it. <1 hr to pull ~80TB back to the day before. Doesn't clean up the mess, but it sure made it easier for us to do it. If anyone finds these fucks, I'll be first on the list to pull the gallows handle. We will be increasing our snapshot space. Grrrr.

    1. Pascal Monett Silver badge

      Re: NetApp

      Congratulations to you and your company. At least, you had a backup. That seems to be a rare thing these days.

    2. Claptrap314 Silver badge

      Re: NetApp

      First you called it overpriced, then you said it was totally worth it.

      I know you're having a rough day, but come on...

    3. Someone Else Silver badge
      Flame

      @KSM-AZ -- Re: NetApp

      f anyone finds these fucks, I'll be first on the list to pull the gallows handle.

      Nah...gallows is too good for them. Perhaps you should use that fryer that the "over-priced storage" just pulled your fat out of?

  5. Anonymous Coward
    Anonymous Coward

    Special Hell

    Ransomware writers should be sent to the 1023rd level of Hell.

    This is the one where they send homeopaths, sellers of fake cancer and autism "Cures",

    anti-vaxxers, people who don't wash their hands after using the toilet, etc.

    1. BebopWeBop Silver badge

      Re: Special Hell

      My son, (a research student at Manc Uni medical department) has a fine T-Shirt amongst others, Homeopathy, doing fuck all since 1796

      1. Anonymous Coward
        Anonymous Coward

        RE. Re: Special Hell

        What, no "Homeopathy: A Gateway Drug" and a picture of a tinfoil toilet roll ?

  6. Drone Pilot

    But how?

    Was this a new zero-day bug or something they could have / should have patched. If the latter then they need to be slapped around a bit. No excuse for not patching.

    1. Pascal Monett Silver badge

      Re: But how?

      Unfortunately, there's always an excuse for not patching.

    2. doublelayer Silver badge

      Re: But how?

      Could have been the former, could have been the latter, probably wasn't either. My guess is that they got in with a spear phishing attack. Targeted infections usually start that way. As long as the person who executed the payload had sufficient access, E.G. a person in the IT group, their internal security probably couldn't catch it in time. You could of course argue that there's lots of negligence in that scenario as well, but it would be the fault of different people, so they'll have to figure out what happened before they know who to blame.

  7. phuzz Silver badge

    Question:

    If they decided to get the site back up as quickly as possible, and just used static HTML. Assuming that bandwidth was not a problem, how much hardware would you actually need to serve 200,000 users?

    Basically, could you run this off a repurposed desktop, plugged into a fat pipe?

    1. doublelayer Silver badge

      "If they decided to get the site back up as quickly as possible, and just used static HTML. Assuming that bandwidth was not a problem, how much hardware would you actually need to serve 200,000 users?"

      The answer depends on the following details:

      1. How many files are you serving?

      2. What is the average size of each file? Be sure to factor in images, local scripts, CSS files, and anything else a user would download.

      3. How often does an average user interact with the site at the time of day/week where your site is most trafficked?

      4. When they do, how many pages do they access before they end a session on average?

      5. How much data can you cache in memory rather than having to read it from disk?

      6. How fast is your disk? How fast is your memory?

      7. Does your CPU have hardware acceleration for encryption (I'm assuming this site is HTTPS only as it should probably be)?

      8. How tasked can your CPU get before it starts to overheat, underclock, etc?

      9. What server software are you using? What is its limiting factor (usually either processing or memory).

      10. How afraid are you that you will get a flood of visitors that goes above your previous estimation of peak demand?

      And these are only relevant if you can easily create static pages, which if you're using a CMS you probably can't. Sure, it can be done, but it's not a quick process.

      Websites are complicated.

      1. phuzz Silver badge

        When I say 'static html', I was thinking something more like this, with emergency contact numbers etc. Possibly an image or two, but no need for anything more than that. I'm thinking the sort of page you'd write by hand in a text editor.

        So, a single 2kb file, times 200,000 users works out to about 400Mb total, so I think we'd probably end up being network-bound, before getting close to the limits of an average desktop. A GB connection would thereby limit you to about 2000 users per second.

        I guess the question now becomes, do you really need a whole desktop, or would a Raspberry Pi handle it?

        Website are only as complicated as you make them.

        Scripts? CSS? A whole CMS? You don't work in marketing do you?

  8. ShadowDragon8685

    This seems like the perfect time to make a targeted Example. Taking down a public health portal during a pandemic outbreak?

    That sounds like a targeted attack on the good folk of Illinois to be. Sounds like a good reason to trot out the charge of terrorism.

    Launch the bloody BOOK at them.

    1. Anonymous Coward
      Anonymous Coward

      I'm sure it would make a pleasant change for the US military to be droning someone who attacked a hospital, instead of just bombing the hospital itself.

      1. ShadowDragon8685

        I said launch the BOOK, not a hellfire!

        As in file criminal charges and file everything imaginable that will result in incarceration for decades, not incineration.

  9. Stevie Silver badge

    Bah!

    Hello doctor Chandra.

    Wait a minute. Wait a minute.

    Please send 1000 bitcoin daisy daisy ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020