Ransomware crims read our bank balance and demanded the lot, reveals Scotland's Dundee and Angus College The criminals who took out Scotland's Dundee and Angus College made a ransom demand that precisely added up to the contents of its bank account – and that was no accident, its principal has said. In a postmortem interview with academic IT nonprofit Jisc, Simon Hewitt lifted the lid on the 31 January ransomware attack, which …
You've been unlucky, Dundee is one of the sunniest cities in the UK. The East coast of Scotland is a relatively dry part of the UK (hance all the soft fruit farming) and the dreaded midge isn't really an issue.
If you head along the river from Dundee you'll end up at Broughty Ferry which is the posh bit (fur coat and nae knickers).
'You've been unlucky, Dundee is one of the sunniest cities in the UK.'
Best not mention it's really fecking cold in the Winter, not as bad as Perth, mind you (well hello hypothermia...), but still fully-clothed-in-a-sleeping-bag-under-a-duvet-snuggled-right-up-to-a-radiator cold..that might have just been standard student digs though..
'If you head along the river from Dundee you'll end up at Broughty Ferry...'
Ah, Broughty!, center of the universe, where, at high tide, you can go fishing in the basements of some of those fine riverside properties..
'...which is the posh bit (fur coat and nae knickers).'
Good to hear that despite the obvious attempts at citywide gentrification, nothing has really changed over the past 38 years (though I see you've lost both 'The Fine Palate' and the Shaheen along the Perth Rd, and as for Groucho's closing....what the fuck?)
I must admit, I'd never heard of Dundee and Angus college, but as the the old DCT is now Abertay, I had a look and found that the 'Dundee' component is a combination of what I once knew as Kingsway Tech and the Dundee College of Comedy....sorry, Commerce...so, no change their either.
Relying on someone else's security and backup strategy only works if the work you're going to lose isn't important.
I grew up in a world of operating system and driver development where a slightly misplaced piece of code could demolish your development system (back then developmet and test were one and the same and the idea of a network drive to store stuff on was pure fantasy). You very quickly learned the value of backups. Having corporate dictate the use of SourceSafe for version control and source archiving also teaches valuable lessons about not letting your guard down.
Not that unusual.
I've been called out to clients where they had backup drives and tapes etc but nobody was changing them. Surprisingly frequently tbh.
Even better is when they backup to the cloud but someone changed the password a couple of years ago and didn't think to do so on the server that actually backed up data to it. So for 2 years+ it's been failing to access.
And it's in Microsoft's contract that your data is ultimately your responsibility, and they are not liable if it gets nuked in a way unrelated to them (i.e. not storage or server failure).
Frequently, Exchange Online just doesn't fucking work. What do you do when your cloud rains?
We were hit by a ransomware attack at the start of the year.. my heart skipped a few beats when I discovered it. They destroyed our accounts software, company documents, years worth of client files etc. All from a compromised user password via remote web workplace.
Luckily my backup strategy was sound and we were able to restore everything with no losses. It took a few days as we have terabytes worth of data.. Remote access is now only possible via OpenVPN with unique usernames, passwords and certificates for each user.
If you depend on Microsoft then you probably deserve to get hacked. I remember when colleges used to run Sun Solaris servers and dos mounted Unix samba volumes per Dept software or used NFS all located on UNIX servers I dunno how long those things were running for. .. until when I left they tore it out and instead installed Microsoft AD and outlook. ... cue infinite crashes and instability and networks going wonky students mail lost. ..
STOP USING M$ for CRITICAL STUFF!!
Even CE+ which is externallly assessed wont protect you against someone targeting you speificially.
It will however put you in a good place to resist untargeted or random attacks, in the sense, that yyou will be harder to hit than some others.
CE is just that, its the basics, and if you are doing them right, you need to start working towards something more substantial, like 10 steps, CIS top 20, and on to ISO27000 and others....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
