back to article Ransomware crims read our bank balance and demanded the lot, reveals Scotland's Dundee and Angus College

The criminals who took out Scotland's Dundee and Angus College made a ransom demand that precisely added up to the contents of its bank account – and that was no accident, its principal has said. In a postmortem interview with academic IT nonprofit Jisc, Simon Hewitt lifted the lid on the 31 January ransomware attack, which …

  1. Anonymous Coward
    Anonymous Coward

    Fine Journalism

    "Dundee and Angus College ........and is based on Scotland's east coast,"

    Thanks for that fine piece of journalism. I was at a loss as to where the Dundee and Angus college could be located until I read that. For a moment I was thinking it was maybe based in Swndon.

    1. nematoad Silver badge
      Thumb Down

      Re: Fine Journalism

      Sarcasm is the lowest form of wit and you don't even reach that standard.

      You might know where Dundee and Angus College is but El Reg has an international readership and it is only good manners to let people know where the college is.

      1. Inspector71
        Happy

        Re: Fine Journalism

        Never mind international readership, speaking as a proud Dundonian you'd be amazed how many people in this country can't quite locate Dundee.

        Cue Weegie jokes about who would want to.......

        1. iron Silver badge

          Re: Fine Journalism

          To be fair, every time we go there it rains.

          1. 0laf Silver badge

            Re: Fine Journalism

            You've been unlucky, Dundee is one of the sunniest cities in the UK. The East coast of Scotland is a relatively dry part of the UK (hance all the soft fruit farming) and the dreaded midge isn't really an issue.

            If you head along the river from Dundee you'll end up at Broughty Ferry which is the posh bit (fur coat and nae knickers).

            1. Anonymous Coward
              Anonymous Coward

              Re: Fine Journalism

              'You've been unlucky, Dundee is one of the sunniest cities in the UK.'

              Best not mention it's really fecking cold in the Winter, not as bad as Perth, mind you (well hello hypothermia...), but still fully-clothed-in-a-sleeping-bag-under-a-duvet-snuggled-right-up-to-a-radiator cold..that might have just been standard student digs though..

              'If you head along the river from Dundee you'll end up at Broughty Ferry...'

              Ah, Broughty!, center of the universe, where, at high tide, you can go fishing in the basements of some of those fine riverside properties..

              '...which is the posh bit (fur coat and nae knickers).'

              Good to hear that despite the obvious attempts at citywide gentrification, nothing has really changed over the past 38 years (though I see you've lost both 'The Fine Palate' and the Shaheen along the Perth Rd, and as for Groucho's closing....what the fuck?)

              I must admit, I'd never heard of Dundee and Angus college, but as the the old DCT is now Abertay, I had a look and found that the 'Dundee' component is a combination of what I once knew as Kingsway Tech and the Dundee College of Comedy....sorry, Commerce...so, no change their either.

    2. Anonymous Coward
      Anonymous Coward

      Re: Fine Journalism

      Not Forfar then? What with it being Angus' county town and all. And miles inland. Clearly we must bow to your greater knowledge of Scottish college's locations.

  2. Kev99

    Hopefully you'll learn to NOT put sensitive, proprietary or confidential information on the web.

    1. DJV Silver badge
  3. Anonymous Coward
    Anonymous Coward

    Backup

    But the staff are still extremely angry that there was no backup of their professional life's work, in some cases decades of material. No backups!

    1. martinusher Silver badge

      Re: Backup

      Relying on someone else's security and backup strategy only works if the work you're going to lose isn't important.

      I grew up in a world of operating system and driver development where a slightly misplaced piece of code could demolish your development system (back then developmet and test were one and the same and the idea of a network drive to store stuff on was pure fantasy). You very quickly learned the value of backups. Having corporate dictate the use of SourceSafe for version control and source archiving also teaches valuable lessons about not letting your guard down.

    2. Anonymous Coward
      Anonymous Coward

      Re: Backup

      Not that unusual.

      I've been called out to clients where they had backup drives and tapes etc but nobody was changing them. Surprisingly frequently tbh.

      Even better is when they backup to the cloud but someone changed the password a couple of years ago and didn't think to do so on the server that actually backed up data to it. So for 2 years+ it's been failing to access.

  4. Missing Semicolon Silver badge
    Happy

    So instead of un-backed-up local storage

    .. they are going to use un-backed-up cloud storage! Profit!

    1. sev.monster Bronze badge

      Re: So instead of un-backed-up local storage

      And it's in Microsoft's contract that your data is ultimately your responsibility, and they are not liable if it gets nuked in a way unrelated to them (i.e. not storage or server failure).

      Frequently, Exchange Online just doesn't fucking work. What do you do when your cloud rains?

  5. Rabbit80

    Backups

    We were hit by a ransomware attack at the start of the year.. my heart skipped a few beats when I discovered it. They destroyed our accounts software, company documents, years worth of client files etc. All from a compromised user password via remote web workplace.

    Luckily my backup strategy was sound and we were able to restore everything with no losses. It took a few days as we have terabytes worth of data.. Remote access is now only possible via OpenVPN with unique usernames, passwords and certificates for each user.

    1. Phil O'Sophical Silver badge
      Pint

      Re: Backups

      Luckily my backup strategy was sound

      That wasn't luck, it sounds more like professionalism to me.

    2. yoganmahew

      Re: Backups

      And what Rabbit shows is that every business that uses IT is in the IT business; it's not a cost centre, it's a central part of the business. It's depressing how few businesses realise this.

    3. c1ue

      Re: Backups

      Sounds like a law firm.

      Just out of curiosity: what is the ratio of demanded ransom vs. losses suffered from the BCI of the restoration?

  6. man_iii

    STOP using MicroShaft for critical infra?

    If you depend on Microsoft then you probably deserve to get hacked. I remember when colleges used to run Sun Solaris servers and dos mounted Unix samba volumes per Dept software or used NFS all located on UNIX servers I dunno how long those things were running for. .. until when I left they tore it out and instead installed Microsoft AD and outlook. ... cue infinite crashes and instability and networks going wonky students mail lost. ..

    STOP USING M$ for CRITICAL STUFF!!

    1. Anonymous Coward
      Anonymous Coward

      Re: The Need For Speed

      Ah yes.. the old 'security by obscurity'. Nobody uses UNIX for anything important, which is why nobody bothers to go after it... all the really vital stuff all runs on Windows, UNIX and Linux are for script kiddies....

      (If only we could troll icon as A/C eh...)

      1. sev.monster Bronze badge
        Paris Hilton

        Re: The Need For Speed

        I don't think he was talking about security. Which is strange given the context of the article, but still.

        In closing, as a Windows sysadmin: fsck Windows.

  7. Sparkus Bronze badge

    be it a 'cloud' or a central-services model, the only 'backup' you can depend on is the one you can touch, feel, and restore yourself.

    All else is subject to so-called SLA negotiation, competence / incompetence of IT staff, and the vagaries of the Black Hats in the world.

  8. Santa from Exeter

    Cyber Essentials

    To Quote "At the end of 2019 we were proud of the fact we had got Cyber Essentials in place, but it didn't 'save' us"

    Of course it sodding well didn't! CE is self-adjudicated, what did you say that you were doing but fudged the truth a bit?

    1. EnviableOne Silver badge

      Re: Cyber Essentials

      Even CE+ which is externallly assessed wont protect you against someone targeting you speificially.

      It will however put you in a good place to resist untargeted or random attacks, in the sense, that yyou will be harder to hit than some others.

      CE is just that, its the basics, and if you are doing them right, you need to start working towards something more substantial, like 10 steps, CIS top 20, and on to ISO27000 and others....

  9. c1ue

    Attackers sound like amateurs.

    Doesn't seem like backups were compromised - plus the ransom demanded was clearly too high.

  10. Alan Brown Silver badge

    at some point....

    these people are going to find that the response consists of a .22 doubletap

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021