Ransomware sleazeballs target UK schools Cybercrooks are targeting UK schools, demanding payments of up to £8,000 to unlock data they have encrypted with malware. Action Fraud warns that fraudsters are cold-calling schools claiming to be from the Department of Education and asking for the head teachers’ email addresses. Crooks then send booby-trapped emails with …
I've said it before: the point at which this great idea fails is the point at which a management higher-up decides the security rules don't apply to him, then gets some poor first-line rep sacked for insisting on protocol. Good luck getting anyone to follow the protocol after that.
Got a call from these bastards on Wednesday.
"Hello this is Mary from Department of Education, I need to contact your IT manager, can you let me have his email address."
"If you're really from the Department for Education then the should already have our proper contact email details,"
She put the phone down.
She called back on Thursday
"Hello this is Mary from the Department of Communications, I need to contact your IT manager, can you let me have his..."
I didn't let her finish the sentence.
Note to scammers:
It's the Department For Education, not Of
There is no Department of Communications...
"If you're really from the Department for Education then the should already have our proper contact email details,"
She put the phone down.
For occasions like this, keep a list of addresses of the more recent SEO etc spammers from your junk folder. They're all in the same line of work, no reason why they shouldn't occasionally be introduced to each other.
Your suggestion is often equivalent to fixing one little bolt on a machine that has numerous more fundamental flaws. It might not be a bad idea in the abstract, but a company with an extremely hardened IT system is still vulnerable without an institutional culture trained and enforced to match.
It seems to me that nearly every network share I have ever come across would have been more useful as a version control system than a big dumb file storage area. Even before ransomware became a big issue, the increased auditability and resistance to user error seemed compelling advantages.
If I had to secure a network share, in the quickest and cheapest possible manner, I'd think about scheduling a job to nondestructively* copy all the files in it to a nonshared filesystem on a regular basis.
It's not a substitute for regularly made and regularly tested backups, but it might expedite getting prior copies of ransomed files back.
* using some system to prevent existing files being overwritten with new versions (even just something like rsync --backup --suffix `date +%Y%m%dT%H%M%S` would do the trick)
North of the wall all state schools are run directly by local authorities which (should) mean proper backups are in place and any ransomware attack is doomed to be an irritation rather than a disaster.
I've heard some real horror stories from guys in the south about free schools i.e. IT run by the pupils. I wouldn't be shocked to find out some of those schools has paid up in ransomware attacks.
Smaller independent schools are probably at much greater risk as well.
South of the wall the divide and conquer Academy system means that some schools have IT management others just have old computers on desks that a computer pixie will fix at some point - usually just before Ofsted are due ...
Watching a finance manager literally building a new workstation on his desk with not even a nod to the god of static but knowing your pay packet relies on that machine makes the skin crawl a bit ...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
