Armed Polite Society
Main Forums => Politics => Topic started by: Hawkmoon on May 11, 2019, 12:22:28 PM
-
https://baltimore.cbslocal.com/2019/05/10/fbi-investigating-baltimore-city-ransomware-attack/
Synopsis: Three days after a ransomware attack, the City of Baltimore's system is supposedly off-line but it's still being attacked by hackers. That should be impossible. I wonder what Baltimore's understanding of "off-line" is.
More to the point, the mayor says that “No city services have been affected. People were able to get their cars at the towing yard, people come in and pay in cash or money orders or they can mail their payments in. So all the city is functioning. We’re doing it a different way and the citizens of Baltimore are not being affected we just cannot get emails and those kinds of things,” Young said. “We are moving forward and citizens should not notice anything other than they have to come in and do things manually.”
So, let's recap:
- City employees can't use their computers
- The city has no e-mail communication
- People can't make any sort of payments on-line, they have to pay by mail or physically walk in and pay by cash or money order
- Obviously, any of these manual transactions can't be entered into the appropriate computerized records, so they all have to be logged manually and will have to be entered later, after the system has been cleared and restored
But "No city services have been affected." I think hizzoner the mayor needs to look up the definition of "affected."
-
https://baltimore.cbslocal.com/2019/05/10/fbi-investigating-baltimore-city-ransomware-attack/
Synopsis: Three days after a ransomware attack, the City of Baltimore's system is supposedly off-line but it's still being attacked by hackers. That should be impossible. I wonder what Baltimore's understanding of "off-line" is.
My guess is that despite being being "offline" a virus or a similar program(s) left by the hackers is still in the network.
-
My guess is that despite being being "offline" a virus or a similar program(s) left by the hackers is still in the network.
I agree, but that begs the question: WTF has the city's IT department been doing for the three days since the attack manifested and they took the system off-line? And, if that's the explanation, then saying that "hackers are still accessing the system" isn't exactly an accurate description.
-
I agree, but that begs the question: WTF has the city's IT department been doing for the three days since the attack manifested and they took the system off-line? And, if that's the explanation, then saying that "hackers are still accessing the system" isn't exactly an accurate description.
Recovering from backup, securing stuff and probably rebuilding affected end user computers.
Depends on how many computers got hit, from where, and what they're using for backup.
-
It can take some time to root out a virus, especially an unfamiliar, possibly custom coded, one even for the best experts on the matter.
Not to mention whatever code they may have inserted.
You can't always trust your backups being free of this stuff either.
-
Recovering from backup, securing stuff and probably rebuilding affected end user computers.
I assumed that's what they were doing. It's what they should be doing. But, IMHO, that just doesn't square with "hackers are still accessing the system." If IT is rebuilding and disinfecting the system, it should be shut off from the external world, should it not? So how can hackers still be accessing the system?
-
Baltimore? Who hacks into Baltimore? That's like breaking into Kmart. It is depressing to admit to it.
-
I assumed that's what they were doing. It's what they should be doing. But, IMHO, that just doesn't square with "hackers are still accessing the system." If IT is rebuilding and disinfecting the system, it should be shut off from the external world, should it not? So how can hackers still be accessing the system?
You asked what they were doing. What I mentioned could easily take that kind of time to do, depending on their systems, what they have for backup, imaging for user's computers, and how many people they have to work on it. I've had to do this for a couple customers. Yes, they're unlikely to have functioning systems until it's done.
The article was pretty vague, and was probably filtered through multiple layers of folks that don't know what they're talking about.
-
Baltimore? Who hacks into Baltimore? That's like breaking into Kmart. It is depressing to admit to it.
As the kids say, LOL 😝
-
FYI, that is the acting mayor. The elected mayor of Baltimore is under investigation for fraud and is on a medical leave of absence, hiding during the investigation.
-
FYI, that is the acting mayor. The elected mayor of Baltimore is under investigation for fraud and is on a medical leave of absence, hiding during the investigation.
She stepped down a couple days ago … ;)
-
Is the ransomware attack easier to pull off? I was just thinking if you are going to hack something, hack in a fake vendor and start billing the city. Many of those big cities are so disorganized you could probably get paid for years without anyone noticing.
-
It looks like some of you are taking "offline" to mean "not connected to the internet." I think they were saying that it's out of service, which is the older, but still common, meaning of the term.
-
Saw a news item yesterday. Baltimore is still trying to get back up and running.