
Ransomware attack puts KQED public media in low-tech mode - danso
http://www.sfchronicle.com/business/article/Ransomware-attack-puts-KQED-in-low-tech-mode-11295175.php
======
lfam
Bravo to KQED for owning up to the compromise!

Meanwhile, there are countless lawyers, accountants, doctors, architects,
engineers, landlords, and other small and medium businesses that suffer
similar attacks and don't talk about it publicly. If you have an important
relationship with a business like that, the time to ask them hard questions
about security and reliability is now, before the court date, tax audit,
surgery, construction commencement, etc.

~~~
QAPereo
Then be prepared to find out that not only do they not have a good plan, they
don't even really understand what you're talking about.

~~~
lfam
Yes, this will be true 99% of the time. Although I think that most people
understand the concept of "backups" in a basic way, and backups are one of the
best tools for mitigating ransomware and wipers. Especially for small
businesses which are not going to be able to mount a coherent defense.

But if the relationship is _important_ , they will be open to the conversation
and it may be worthwhile. For some of us, it may also present a business
opportunity.

~~~
QAPereo
All good points, especially about creating an opportunity.

------
cjensen
We had that happen at a company I worked for. Someone blindly opened an
"invoice". We were back to work within a day. For each computer, a full
malware scan and then back online. Dumped the one hard drive which was
infected.

The NAS (which used to be writable to the victim) took a few days to restore
from Amazon Glacier. To me this is key: always have an offsite backup which
can't be erased by a non-admin. Use BackBlaze, CrashPlan, S3, Glacier, B2, Arq
or whatever. Backups forgive a lot of stupid user sins.

~~~
sillysaurus3
If you think a malware scan is enough to detect malware, I have some malware
to sell you. :)

I suppose there's not much else to be done, but scans aren't enough to prevent
pivots.

~~~
SpikeDad
Exactly. There's too many rootkits and other malware that won't be revealed by
most of the common malware and virus scanners.

A business that transacts with protected data should never try to remove
malware - these systems need to be wiped and reinstalled.

~~~
cjensen
That's why we wiped any system which showed sign of infection. Keep in mind
this was ransomware so... probably... it is reasonable to assume the infection
will not be subtle.

------
chasing
Interesting.

I've been wondering if we're simply too over-connected at the moment and if
there will be a regression back to using different networks that are literally
physically disconnected with one other for certain kinds of professional work.

Meaning, the wonder of the internet is that there are now billions of people
who have access to your office door. If a guy in Romania decides he wants to
jimmy your lock and steal your filing cabinets, there's little stopping him
from trying.

Will some offices simply disconnect entirely?

~~~
closeparen
Attackers certainly hope so: then their work will still be easy, as long as
they can get a rogue device into the building.

We need to actually write (and purchase) better software.

~~~
will_hughes
> We need to actually write (and purchase) better software.

Ransomware is not a software problem, this is a human problem.

We keep putting up barriers to make it harder for malicious software, but so
long as you put a prompt infront of users saying "Whoa, this looks dodgy, are
you sure?" they're going to click yes. Even if you make clicking yes more
difficult and the warnings more obvious, they'll blame the software for being
difficult and run it anyway.

The only long term 'solution' to this from a computing perspective is to run
only signed applications from trusted publishers on a restricted list which
are sandboxed to such a high degree. No scripting beyond very basic building
blocks. Effectively an end to general-purpose computing.

Every time something like this comes along though, everyone loses their minds.

------
ryan-c
> The attackers who hit KQED asked for 1.7 bitcoin per file.

Is that really right? That seems _much_ higher that other ransomware attacks
I've heard of - usually it's per computer.

~~~
thirdsun
I was surprised by that bit too. Doesn't seem to make sense - with those
prices payment isn't an option for most victims.

------
vinayan3
Really sad. The hackers behind this should be ashamed of trying to get money
out of a group which gets a good chunk of their budget from donations.

~~~
closeparen
These kinds of things are usually indiscriminate. Reading too much into the
kind of organization or even country vicitimized is probably
counterproductive.

------
ceautery
>> Everyone with computers running Microsoft Windows was told not to touch
them.

Good advice.

