City of Atlanta Shuts Down Due to Ransomware

RojoLoco

And it appears to be a variant of SAMSAM malware.... dammit, @scottalanmiller !!!

scottalanmiller

MS support... when the lowest cost bidder calls on the highest cost bidder and absolutely no one anywhere cares if anyone can do the jobs that they are paid to do.

scottalanmiller

@rojoloco said in City of Atlanta Shuts Down Due to Ransomware:

And it appears to be a variant of SAMSAM malware.... dammit, @scottalanmiller !!!

Tee hee

DustinB3403

Hey this is fine, if the US Government gets to shutdown, certainly Atlanta deserves to do the same. . .

scottalanmiller

@dustinb3403 said in City of Atlanta Shuts Down Due to Ransomware:

Hey this is fine, if the US Government gets to shutdown, certainly Atlanta deserves to do the same. . .

Good point, this is how people get a vacation.

EddieJennings

@rojoloco said in City of Atlanta Shuts Down Due to Ransomware:

And it appears to be a variant of SAMSAM malware.... dammit, @scottalanmiller !!!

Samsam = no joke

scottalanmiller

@eddiejennings said in City of Atlanta Shuts Down Due to Ransomware:

@rojoloco said in City of Atlanta Shuts Down Due to Ransomware:

And it appears to be a variant of SAMSAM malware.... dammit, @scottalanmiller !!!

Samsam = no joke

It's a bit of a joke at this point, it targets unpatched servers. There is no way that the City of Atlanta can not have been patching servers without knowing that they were creating this risk. Someone had to have accepted this risk and thought that it was just fine to get SamSam. This isn't a new ransomware and that systems must be patches absolutely immediately is beyond common knowledge. Unless this is a completely new variant targeting some totally new attack vector, there is zero excuse for this to have happened.

https://threatpost.com/new-server-side-ransomware-hitting-hospitals/117059/

EddieJennings

Yeah. The method of entry is a joke. The havoc it and others can wreck isn’t.

scottalanmiller

@eddiejennings said in City of Atlanta Shuts Down Due to Ransomware:

Yeah. The method of entry is a joke. The havoc it and others can wreck isn’t.

All havoc that the city CIO must have accepted as "worth not patching" for whatever reason. Why Atlanta thought that this wasn't a big deal, we will never know. But that they felt that way must be known... or we have to assume a level of incompetence that's not reasonable to accept at any level of Atlanta's organization.

Obsolesce

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unpatched and outdated Linux systems, too!

But those are less likely to be targeted...

scottalanmiller

@tim_g said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unmatched and outdated Linux systems, too!

But those are less likely to be targeted...

Microsoft products, even patched, put you at far greater risk both of getting infected and of being unable to get skilled staff to deal with the issue once it has happened.

Obsolesce

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@tim_g said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unmatched and outdated Linux systems, too!

But those are less likely to be targeted...

Microsoft products, even patched, put you at far greater risk both of getting infected and of being unable to get skilled staff to deal with the issue once it has happened.

Microsoft products are more highly targeted because more people use Windows on their PCs.

If it was reversed and more people ran Linux on their PCs, then that would be the target, and you'd see people with Linux machines getting infected who never update.

I agree on the skilled staff part.

dbeato

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@tim_g said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unmatched and outdated Linux systems, too!

But those are less likely to be targeted...

Microsoft products, even patched, put you at far greater risk both of getting infected and of being unable to get skilled staff to deal with the issue once it has happened.

This can happen to Linux as well, check this one out:
https://www.scmagazine.com/erebus-ransomware-attack-demanded-162-million-from-south-korean-firm/article/669604/

dbeato

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@tim_g said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unmatched and outdated Linux systems, too!

But those are less likely to be targeted...

Microsoft products, even patched, put you at far greater risk both of getting infected and of being unable to get skilled staff to deal with the issue once it has happened.

This can happen to Linux as well, check this one out:
https://www.scmagazine.com/erebus-ransomware-attack-demanded-162-million-from-south-korean-firm/article/669604/

And this was for lack of patching...too

scottalanmiller

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@tim_g said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unmatched and outdated Linux systems, too!

But those are less likely to be targeted...

Microsoft products, even patched, put you at far greater risk both of getting infected and of being unable to get skilled staff to deal with the issue once it has happened.

This can happen to Linux as well, check this one out:
https://www.scmagazine.com/erebus-ransomware-attack-demanded-162-million-from-south-korean-firm/article/669604/

And this was for lack of patching...too

Exactly.

scottalanmiller

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@tim_g said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unmatched and outdated Linux systems, too!

But those are less likely to be targeted...

Microsoft products, even patched, put you at far greater risk both of getting infected and of being unable to get skilled staff to deal with the issue once it has happened.

This can happen to Linux as well, check this one out:
https://www.scmagazine.com/erebus-ransomware-attack-demanded-162-million-from-south-korean-firm/article/669604/

Can happen, but much easier to patch Linux. Many fewer people thinking that patching is bad on Linux. Not patching Windows has become some kind of badge of pride in Windows circles.

dbeato

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@tim_g said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unmatched and outdated Linux systems, too!

But those are less likely to be targeted...

Microsoft products, even patched, put you at far greater risk both of getting infected and of being unable to get skilled staff to deal with the issue once it has happened.

This can happen to Linux as well, check this one out:
https://www.scmagazine.com/erebus-ransomware-attack-demanded-162-million-from-south-korean-firm/article/669604/

Can happen, but much easier to patch Linux. Many fewer people thinking that patching is bad on Linux. Not patching Windows has become some kind of badge of pride in Windows circles.

I agree in the sense you can upgrade between releases and software without rebooting (On Software side) while Windows requires reboots and sometimes change of hardware and more requirements.

scottalanmiller

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

@tim_g said in City of Atlanta Shuts Down Due to Ransomware:

@scottalanmiller said in City of Atlanta Shuts Down Due to Ransomware:

Mistakes include... using Microsoft products for critical systems, LAN based security.... the usual

It's not Microsoft's software. It's the fact they aren't patching. There's some nasty shit that can happen to unmatched and outdated Linux systems, too!

But those are less likely to be targeted...

Microsoft products, even patched, put you at far greater risk both of getting infected and of being unable to get skilled staff to deal with the issue once it has happened.

This can happen to Linux as well, check this one out:
https://www.scmagazine.com/erebus-ransomware-attack-demanded-162-million-from-south-korean-firm/article/669604/

Can happen, but much easier to patch Linux. Many fewer people thinking that patching is bad on Linux. Not patching Windows has become some kind of badge of pride in Windows circles.

I agree in the sense you can upgrade between releases and software without rebooting (On Software side) while Windows requires reboots and sometimes change of hardware and more requirements.

And often additional licensing.

Its interesting in that article that they blame Linux, but never mention what OS was involved. A bit lacking. Imagine a Windows article that never mentioned the OS.

dbeato

I don't even understand why Cisco needed to be involved let alone Microsoft... I guess they don't have an IT Team.

scottalanmiller

@dbeato said in City of Atlanta Shuts Down Due to Ransomware:

I don't even understand why Cisco needed to be involved let alone Microsoft... I guess they don't have an IT Team.

Yeah, pretty weird. No wonder these companies get compromised, they don't have any relevant staff. It's like getting robbed and realizing you have no facilities people locking the front door!