How long until we see their private beaver pics getting leaked?
Scottish Environment Protection Agency refuses to pay ransomware crooks over 1.2GB of stolen data
Scotland's environmental watchdog has confirmed it is dealing with an "ongoing ransomware attack" likely masterminded by international "serious and organised" criminals during the last week of 2020. "On Christmas Eve, the Scottish Environmental Protection Agency (SEPA) confirmed that it was responding to a significant cyber- …
COMMENTS
-
-
Tuesday 19th January 2021 11:08 GMT Danny 2
Actually, 87 beavers have been slaughtered in Scotland with SEPA approval so it would be mondo-porn. SEPA are not fit for purpose. Or even porpoise.
Here is poem about it, with the poets permission:
Bereaved A poem by Robert Alcock
1
Bereft, bereaved,
the river grieves
her eager lover,
her healer, her sculptor.
Crafty, intelligent,
in his element
in her element,
every behaviour
a force of nature;
feverish wielder
of iron-toothed shovel,
adze and axe and chisel,
felling birch and alder;
willow weaver; builder
in mud and timber
of lodge and barrier,
slowing the flow
of her too-hasty water,
catching sediment,
sifting it, saving it
for her catchment;
leaving
in his wake
a sunlit lake,
seeded
with weed and reed —
his vegan feast;
hosting and feeding
a host of other species:
newt and salamander,
moorhen and gander,
rail and flycatcher,
vole and trout and otter;
until with many seasons
pool is succeeded
by meadow,
waders by grazers,
and he heads to a new
bend of the river,
renews his vow,
his gift to her.
No longer, now.
Bereft, bereaved,
the river grieves
her spark-bringer,
her shape-shifter,
her creator, her saviour.
2
His misfortune:
to be worth a fortune,
a price on his head,
prized more dead
than living,
as pelt, felt, and scent:
untold wealth
bought and sold
and hoarded
by unbelievers,
hearts full of craving,
dammed with greed
for silver and gold
that gleam in the bank,
never seeing
the flicker and fold
of sun-sheen
on a stream bank.
They came as thieves,
trapped and seized,
misprised, mythologised:
called him a fish,
a meatless dish,
who'd bite off his balls
before he'd submit;
and offering up
their own masculinity
on the bloody altar
of a mad divinity,
drove him
over the brink
to extinction.
3
Meanwhile,
across the great water,
from his stolen fur
men built
harbour and fort,
fought
a hundred-year war
for his coat —
Iroquois, Huron,
English, Dutch, French:
the hunters won,
the rivers wept;
the men kept
grasping and killing,
striving and building,
until outposts
were ports,
forts
were states,
and the wealth
that poured downriver
was caught
in the sieve
of a great city
where men in tall hats,
priests of Enterprise,
prophets of shiny Profit,
traded and plotted
in lodge and bourse,
and laid out
their main square
atop his drained pond
on the island
hunting ground
called Manhattan.
4
So the builder's pelt
built a new world
that soon outgrew his coat:
grew and grew,
knowing only
how to grow.
Fur fell out of fashion;
the cities forgot him
but the river
never forgot,
never stopped
weeping,
kept bleeding
silt to the salt sea;
to a river
what are centuries?
Foam floats by endlessly.
5
Then one morning
in spring,
the river in spate,
he saunters
jauntily
out of a crate.
No showy reunion,
no show of emotion
after their long separation;
he tastes the air,
doesn't waste the light,
starts his search
for a suitable
building site.
Retrieved, delivered,
reintroduced
by human beings
being humane,
for a change:
his good fortune, to be
no longer worth a fortune
dead, but prized
as he is, alive
— by the wise;
there are plenty
who don't agree,
call him a pest,
call for his head;
his "protected status"
a paper-thin wall
of paperwork.
He's oblivious,
to him paper's best
shredded
to make a nest.
They shred it:
perpetrate
a legal slaughter,
eighty-seven dead,
blood in the water.
Once again
men demonstrate
that they dominate,
subjugate nature,
eliminate the neighbour
whose behaviour
they can't tolerate,
even if
they stand to benefit.
And the river
is left
bereft.
-
-
-
-
-
Tuesday 19th January 2021 13:26 GMT Anonymous Coward
Re: How much ?
I wish I still had that sense of innocence.
It is not innocence - it's just how the world works.
For example, after a computer security failure cost the company £60 million and 100,000 customers, I imagine the subject gets somewhat more attention at TalkTalk than it did in Dido's day.
-
Tuesday 19th January 2021 17:44 GMT FIA
Re: How much ?
I wish I still had that sense of innocence.
It is not innocence - it's just how the world works.
I wish I still had that sense of innocence.
(I believe the popular phrase is 'Some people never learn...').
-
-
-
Saturday 23rd January 2021 13:12 GMT Anonymous Coward
Re: How much ?
Nobody is voting for anything, worst or least worst.
The mitigating action is to take security seriously then improve it sufficiently that you don't get hit by the next attempt. No different from everyone else who is already doing so.
Raising your security standards is ALWAYS an option.
-
-
-
-
Thursday 21st January 2021 11:43 GMT Kane
Re: How much ?
"For example, after a computer security failure cost the company £60 million and 100,000 customers, I imagine the subject gets somewhat more attention at TalkTalk than it did in Dido's day."
In the normal course of things, I would agree, but this is a government agency we're talking about here,
-
-
-
-
-
-
-
-
Tuesday 19th January 2021 11:50 GMT Jonathan Richards 1
Re: Danegeld
Kipling didn't invent the word 'Danegeld', though. Danegeld was indeed a tax, levied by Ethelred II to pay off the Vikings with their "Nice little monastery you've got there, be a shame if somebody looted it" business model. Britannica says "the word Danegeld is usually applied to the payments that began in 991 and continued at intervals until 1016"
If the SEPA had paid off the cybercrooks, then it would indeed have been with taxpayer's money, albeit not raised explicitly for that purpose!
-
-
-
Tuesday 19th January 2021 12:49 GMT TonyJ
Re: Lemme guess running MSWindows
"
Lemme guess running MSWindows
If you run Microshat Windoze expect to get hacked.
Why is it that orgs havent even bothered to move to a a relatively safer desktop environment? Even Android and Chromebooks are probably better than Windblows..."
Probably for the same reasons that you never appear to have bothered to learn English properly: A combination of stupidity, laziness and until now - it got them by and they got away with it.
-
Tuesday 19th January 2021 14:29 GMT Jimmy2Cows
Re: ...you never appear to have bothered...
Not to nitpick (because, hey, that never happens on El Reg, right?), and I wholeheartedly agree with the sentiment, but given you're rightly pulling up the OP on their fine command of English Shirley the correct grammar is:
...appear never to have bothered...
or
...appear to never have bothered...
And don't call me Shirley.
-
Tuesday 19th January 2021 16:28 GMT TonyJ
Re: ...you never appear to have bothered...
Reasonable response. I was typing in a hurry whilst trying to multitask. Never a good combination.
It just amuses me how people expect an argument to be taken seriously with silly name calling in it. Even where there may be a valid argument, it immediately detracts from that and makes it infantile and difficult to treat seriously.
-
Tuesday 19th January 2021 21:24 GMT Anonymous Coward
Re: ...you never appear to have bothered...
It's very childlike of you to believe that arguments in El Reg forums are taken seriously...
Or that they matter or make a difference to anything.
But I guess you can't stop yourself telling other people your opinion, regardless of whether they want to hear it.
-
Wednesday 20th January 2021 11:57 GMT TonyJ
Re: ...you never appear to have bothered...
"...It's very childlike of you to believe that arguments in El Reg forums are taken seriously...
Or that they matter or make a difference to anything.
But I guess you can't stop yourself telling other people your opinion, regardless of whether they want to hear it..."
You might benefit from learning this, A/C
Also... you ok? Do you need a hug?
-
-
Thursday 21st January 2021 09:43 GMT TonyJ
Re: ...you never appear to have bothered...
Angry little anonymous tosser, aren't you?
Every response you've made has dripped irony and you are too stupid to understand no one said you were trying to be ironic! I am going out on a limb and guessing you're an American. Probably still bitter at Trump losing,given the raging anger. You may want to actually follow that link to try and wrap your head around what irony actually means.
For anyone with half a brain, it clearly wasn't sympathy of any kind, you dull idiot - it was sarcasm. You really do need to grow up and grow a pair, anony-troll.
-
Saturday 23rd January 2021 13:19 GMT Anonymous Coward
Re: ...you never appear to have bothered...
LOL.
So it's ok for you to accuse others of being infantile because you don't share their lack of respect for what they're talking about, but you're immune to others criticising your beliefs. Yeah, that's irony.
And despite your triggered response, I'm afraid I'm English. And not particularly proud of it.
-
-
-
-
-
-
-
-
-
-
Tuesday 19th January 2021 18:56 GMT doublelayer
Re: The right attitude
"Once bitten the twice shy victim will be a harder target."
That's a possible outcome, but there are several others. For example, once bitten and it didn't cost much so they're not at all concerned about next time because they can afford to pay that ransom again. Queue the next time when the ransom is significantly larger. Even worse when insurance handles the payment because now they think of it as amortized in normal payments like all the other risks.
Or the client who pays the ransom to keep data hidden and doesn't realize that the criminals can come back any time to request a top up since there's no way to know if the criminals have destroyed all copies.
People sometimes get complacent about their ability to handle a risk if they've done it before. This is yet another problem with ransom payments.
-
-
-
-
-
-
Tuesday 19th January 2021 20:21 GMT doublelayer
"all malware starts by using JS to download and run the nasty,"
What? Wrong! Do you know how malware works? That isn't done often, and for a very good reason; it doesn't help with any of the tricky bits. JS from websites, where NoScript can block it, can't unilaterally run executables. It is sandboxed. If it can do something malicious inside a sandbox, it will. If it can escape the sandbox, it will try that too. Things like tracking users across sites using sneaky storage, exfiltrating stuff they type onto websites, stealing CPU time for cryptomining, redirecting them to somewhere dodgy, that style of malware. For those and only those reasons, blocking JavaScript on websites is useful.
Ransomware requires full access to the disk. Not even bad browsers give that kind of access. A JS-laden ad might redirect someone to a download link, but that could be done with an HTML ad too. And those approaches usually don't work as effectively as emailing the file or the link directly, which is probably what happened here. In fact, if you want a script system that is more often used to send malware, it would be Office macros (not JS). Every once in a while, there's a vulnerability like EternalBlue which lets one upload malware directly without any of that, but not using JS. Then, something has to be done in order to get the program running. Often, this involves getting the user to click through the OS's security features or bypassing them using a vulnerability. Since most such vulnerabilities use APIs of the operating system which aren't available to JS, JS is seldom used for such purposes.
If you think you are saved from malware by blocking JavaScript in your browser, you likely have a flawed understanding of most if not all the relevant concepts.
-
-
-
Tuesday 19th January 2021 09:50 GMT Anonymous Coward
It's a bit pointless targetting the UK public sector for money in this way. They won't pay out. The reputational damage is (to them in charge) worse from paying than having presided over an organisation that allowed this to happen.
If they were actually doing this to disrupt the operations of SEPA then it makes more sense. And I've heard that there are reasons that individuals (from states where professional cyber attacks are often launched) would like quite a lot of data to disappear.
Ransomware and extortion might just be a cover
-
Tuesday 19th January 2021 16:58 GMT Mike 16
Ransomware as cover
Bingo! I was waiting for someone to mention that.
"The state has dropped charges as the evidence against the accused was lost in an unfortunate fire".
As for offline backups, I recently found out (the hard way) that Apple has been doing their part to discourage backing up to network drives by silently (until it's too late) corrupting backups via Time Machine to networked drives. Possibly why they dropped the Time Capsule (Their own handy networked drive, AP, and kitchen sink), although I do wish they had been a bit more candid about the problem.
Remember folks "It's not really a backup until you have successfully restored"
-
Tuesday 19th January 2021 21:35 GMT Anonymous Coward
Re: Ransomware as cover
It would be interesting if an investigative journalist / organisation ran with this and followed the real motivation for starting a "fire" and who would benefit. Maybe the arsonist has already been paid.
Although I'm not sure there are any investigative types left these days. Panorama certainly doesn't count, whilst the rest of the BBC just publishes press releases and reports whatever comes out of politicians' mouths. And the police - well that would be a conflict of interests...
-
-
Wednesday 20th January 2021 09:12 GMT ectel
Another reason they won't pay is, Have you ever tried raising a purchase order in a public sector body?
Has the options paper been developed, with at least 5 options? Has HR been involved in assessing impacts on the workforce? Has anyone worked out what budget code its is going to come from? Has the risks of doing it or not been put on the risk register? Has the options paper been circulated to the right committees? Has it been signed off by the Investment Group (meets bi monthly) Has Trevor seen it? Has the full business case been worked up? Has estates signed off (even though it is nothing to do with them)? Who is Trevor?
And so on ad infinitum
-
-
Wednesday 20th January 2021 09:22 GMT beaker_72
Re: cynical
If a publicly funded body pays out money for anything, it is by defintion "public" money. It's very common for such bodies to emphasise this in these kind of statements so as to be seen to be doing the right thing and not squandering the funds they've received from the public.
Not sure what else the use of the word could relate to.
-
-
-
This post has been deleted by its author
-
-
This post has been deleted by its author