
Atlanta city government systems down due to ransomware attack - el_duderino
https://arstechnica.com/information-technology/2018/03/atlanta-city-government-systems-down-due-to-ransomware-attack/
======
sneak
* Atlanta city government systems down due to using outdated, insecure software.

At which point do we simply say “systems susceptible to most types of malware
are unsuitable for critical work”?

~~~
delecti
I'm not sure what you're suggesting. Software that is suitable for critical
work today might not be tomorrow.

~~~
pennaMan
"systems susceptible to most types of malware today are unsuitable for the
critical work of the day"

keep your systems up to date.

~~~
michaericalribo
"If it ain't broke don't fix it" is the typical line item that covers "keep
systems up to date" in city government, next to the standard budget
allocation, "$0".

~~~
pennaMan
But it IS broken. Like an old rusted lock.

------
campuscodi
Source: [http://www.11alive.com/article/news/local/cyber-attack-
hits-...](http://www.11alive.com/article/news/local/cyber-attack-hits-atlanta-
city-computers-everyone-who-has-done-business-with-city-may-be-at-
risk/85-530947288)

Press conference:
[https://twitter.com/Cityofatlanta/status/976920585434423296](https://twitter.com/Cityofatlanta/status/976920585434423296)

------
AceyMan
>Employees told to turn off PCs [...]

... because no Domain Admin knows how to write two PowerShell expressions,
obvi. ¯\\_(ツ)_/¯

Horrible to see this, it goes without saying, but unless they have an A-Team
like at Maersk they are likely well and truly screwed.

(me: originally from the ATL burbs.)

------
iooi
> Employees received emails from the city's information technology department
> instructing them to unplug their computers if they noticed anything
> suspicious.

Ouch, that sort of communication policy seems ripe for phishing attacks.. "If
you see anything suspicious, please report them here
[https://.."](https://..")

~~~
yequalsx
I wanted to click that link you have to see where it went. But I know better!
It's hard sometimes to not tempt fate.

~~~
Jeff_Brown
In a lot of browsers, if you right-click you can choose "copy URL" to see what
it says (and then maybe search for it online without visiting it).

~~~
mynewtb
Thanks to JavaScript that URL can be something completely different.

~~~
Jeff_Brown
Different from what? Do you mean it's not necessarily a URL? Or do you mean
clicking on it could take you somewhere other than where you would go if you
chose "copy url" and manually pasted it into the address bar? (And if the
latter, is that true even on a forum like this that makes you post comments as
plain text?)

~~~
avhon1
> Do you mean it's not necessarily a URL?

Javascript or no, the href attribute of an <a> tag does not have to be a URL
in order for it to be clickable. (Whether or not it will do anything useful is
another matter.)

> Or do you mean clicking on it could take you somewhere other than where you
> would go if you chose "copy url" and manually pasted it into the address
> bar?

This is possible with Javascript - capture the click event before the
browser's <a> tag handling and load any page you want.

> is that true [possible] even on a forum like this that makes you post
> comments as plain text?

No. /u/mynewtb was talking about clickable hyperlinks where clicking on them
takes you to a different place than the tag's href. On sites like HN, where
all comments are plain text, there are no hyperlinks in comments. On sites
like Reddit, you can use Markdown to add clickable hyperlinks to your
comments, but you can't add <script> tags in order to manipulate what clicking
the pyperlink does.

In either case, an attacker would have to do XSS in order to change where you
go when you click a link.

This attack / trick is entirely feasible within first-party content or third-
party content that is allowed to use external Javascript or inline <script>
tags (for example, HTML email).

------
abhiminator
> Based on the screenshot, one security expert WXIA showed it to said that it
> resembled the message from a variant of Samsam, a family of ransomware that
> struck a number of hospitals two years ago.

Could this be one of those that exploited a Java de-serialization
vulnerability in Java-based application servers a couple of ago as the excerpt
says?

Java is an absolute buggy bag full of vulnerabilities, can't believe
people/organizations still run this shit.

~~~
nartz
Sigh - its extremely naive to call "java" the issue. Every language,
framework, OS, kernel (and frankly, even hardware) have their vulnerabilities.
These types of comments sort of grind my gears.

~~~
orf
And some languages, frameworks, OS and kernels have _more_ vulnerabilities
than others. That's what parent is saying.

