Results 1 to 1 of 1

Thread: Ransomware completely shuts down Ohio town government

  1. #1
    Administrator Aragorn's Avatar
    Join Date
    17th March 2015
    Location
    Middle-Earth
    Posts
    20,240
    Thanks
    88,437
    Thanked 80,969 Times in 20,255 Posts

    Exclamation Ransomware completely shuts down Ohio town government



    Source: TechCrunch


    In another interesting example of what happens when you don’t manage your backups correctly, the Licking County government offices, including the police force, have been shut down by ransomware. Although details are sparse, it’s clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up.

    Wrote Kent Mallett of the Newark Advocate:


    "The virus, accompanied by a financial demand, is labeled ransomware, which has hit several local governments in Ohio and was the subject of a warning from the state auditor last summer.

    All county offices remain open, but online access and landline telephones are not available for those on the county system. The shutdown is expected to continue at least the rest of the week.
    "


    The county government offices, including 911 dispatch, currently must work without computers or office phones. “The public can still call 911 for emergency police, fire or medical response,” wrote Mallett.

    These sorts of attacks are becoming more commonplace and, as mentioned before, can be avoided with good backup practices. Sadly not every computer in every hospital, county office or police department is connected to a nicely journaled and spacious hard drive, so these things will happen more and more. Luckily it improves cryptocurrency popularity as these small offices finally give up and buy bitcoin to pay their ransom.

    County Auditor Mike Smith saw the bright side.

    “Apparently, our clock still works,” he told the Newark Advocate.


    Source: TechCrunch





    Ransomware is the newest fad in criminal fashion. According to what I'm seeing over at Slashdot, this sort of thing is starting to happen more and more lately, but it's quite surprising — and ironic — that this has now happened to an entire town administration, including its police force. One would at the very least expect cops to be more security-aware. Perhaps the cops of Licking County have been spending too much of their online time visiting websites dedicated to the art of licking.


    All jest aside, it isn't necessarily via pornographic websites that one gets infected with ransomware, or even with malware in general. The criminals target all kinds of websites, so long as they are popular. A recent survey has shown that online gambling sites are quite hazardous too in that regard, and — indeed — even official municipal or government websites and those of internet service providers could get your computer infected.

    If you don't know what ransomware is, then here's a short description: it is malicious software which infiltrates your computer, encrypts your files, and then locks up your computer, showing a message that your computer will be unlocked again if you pay a certain amount of money — usually in Bitcoin currency — by a certain date. If you try shutting down the machine and rebooting, then the machine will often fail to do so due to the boot loader and/or the operating system files themselves having been encrypted as well, and thus having become unusable.

    In most cases, those who comply do indeed regain control of their computer after paying the ransom — not that this makes the creation and dissemination of malware any less of a criminal act — albeit that there have also already been cases where people ponied up the ransom and where the criminals would then simply cash in without releasing the encrypted files again.

    In theory, ransomware can be written for any type of computer operating system — due to the weakest link being the biological unit between the chair and the keyboard, in combination with something called social engineering — but in practice, it is mainly the Microsoft Windows platform which they are targeting, and where there is the greatest chance of the malware being able to do its thing successfully.

    I may sound like a broken record, but it would be much harder to use this attack vector against a UNIX-based operating system like GNU/Linux, due to the strict privilege separation. UNIX is a multiuser operating system architecture — it was explicitly designed to allow multiple users to use the same machine concurrently — and thus in GNU/Linux and other UNIX systems, any process running with the user ID of an unprivileged user — and this is how you do all of your normal work — will only be able to do damage to said user's own files, not to files belonging to any of the other user accounts on the system, nor to any of the operating system files.

    Microsoft Windows on the other hand is a security nightmare by design. It started its life as a mere graphical user interface for DOS, a single-user, single-tasking, single-processor operating system for standalone microcomputers with an Intel 8086 or 8088 processor. Then, in order to sabotage the market share of other vendors of the DOS operating system, Microsoft first made Windows crash deliberately if it was running on a non-Microsoft version of DOS (in Windows 3.1 and 3.11 for Workgroups), and later on fused DOS and Windows together into a single system (in Windows 95, Windows 98 and Windows Millennium Edition) in such a way that one could no longer install or use a DOS version from any of its competitors. And for the professional market, the Windows graphical layer was simply ported to a 32-bit kernel called NT, upon which all modern consumer-grade versions of Windows are based.

    Security was never a consideration for Microsoft, and the whole Windows security subsystem — as well as the networking stack, which they "borrowed" from BSD Unix — was simply a bolted-on afterthought, which could (and still can) be easily circumvented. Security in the Microsoft Windows operating system is like having steel bolts on your front door while you're leaving your backdoor wide open.

    And that's not all: Microsoft maintains the principle of "security by obscurity". In other words, even if they are aware of there being a potential security leak in Microsoft Windows (or in another Microsoft product), then they won't patch it so long as they think that nobody has noticed the presence of this vulnerability. Furthermore, they even actively sell zero-day vulnerabilities — i.e. vulnerabilities which had not previously been discovered yet by the public at large — for big money to the US Department of Homeland Security and other such agencies, both in the USA and abroad, all long before issuing a patch for these vulnerabilities to their paying customers.

    Those of you using an Apple Macintosh shouldn't feel too safe either, by the way. macOS may be safer than Microsoft Windows, but just like Windows, it too contains at least one backdoor through which Apple can manipulate your computer remotely without your consent, all in the name of preserving "intellectual property" and enforcing copyrights.

    Both Microsoft Windows and (the bulk of) Apple macOS are proprietary software, which means that whatever exactly the software does, is kept secret from the customers. The code is supplied in a binary, machine-executable form only, and the EULA ("End-User License Agreement") even explicitly forbids one to reverse-engineer the code to see what it does and/or to patch it, even if it would make the code work better on the machine that you paid for with your own money.



    So how can you protect yourself against ransomware if you're running Microsoft Windows on your computer?

    Well, the first thing you should do, is stop using Microsoft Internet Explorer or Microsoft Edge as your go-to web browser, and use Mozilla Firefox or Google Chrome/Chromium instead, even though I am personally rather wary on account of anything Google does — they've already been sued several times by the EU for violation of the European privacy laws. Therefore, personally I prefer using Firefox.

    Then, make sure you install the NoScript browser add-on, and only disable it for trusted websites like The One Truth. You do need to allow scripts here at The One Truth because that's how the forum works — the various pages of the forum are based upon the PHP scripting language and Javascript, in conjunction with a MySQL database at the back-end.

    However, most websites use some form of advertising and cross-site scripting — i.e. the scripts used for making up the web page are themselves invoking other scripts from third-party websites such as advertising companies, so that they can pull in the ads, which are physically being hosted at another venue of the internet. It is similar to how you can embed YouTube videos and images here at the forum. They appear to be embedded into your posts, but in reality, your posts contain only links, and the forum engine pulls in the content from those external links whenever someone is looking at the page containing your post.

    And this is where things get tricky, because there's very little oversight from the security standpoint on what all gets pulled in when you visit a random website. Here at the forum, you are fairly safe, because the types of content that can be embedded into forum posts is rather limited — we currently only allow (certain types of) videos, images and PDF files. Everything else would appear either as a naked link, or as a text-formatted link at best.

    Incidentally, this cross-site scripting is also one of the main reasons as to why certain web pages appear to be loading quite slowly. For instance, Slashdot — which I have mentioned higher up as a site that I visit on a daily basis as a heads-up regarding the latest news on technology and science — is absolutely horrible in that regard. It takes at least 20 seconds before the page has fully loaded due to the ads they have on there.

    I have AdBlocker Plus installed as a browser add-on — that's another one which you may want to install if you don't have it already — but most of the ads over at Slashdot are hosted at their own server and are put there by Slashdot itself, not by a third-party advertiser such as Google. So that makes their loading time even worse by comparison, given that my browser is not even allowing any external ads. For a website which mostly revolves around IT, they've got an abominable team of webmasters.

    And then there are all the analytics scripts, by which Google and other search engines poll which websites are receiving the most traffic. Search engines then use this information for ordering their search results, but Google in particular also tries to determine your location by looking at your IP address and comparing that to the IP address ranges of the various internet service providers, and then they filter your search results based upon your presumed location. In the end, Google is sponsored by corporations that pay big money for advertising, and the more data Google can collect on you, the better they can select what ads to serve you.

    I know, it's disgusting, but this is the world we live in.



    The above all said...

    I am currently in the process of brainstorming with a good friend of mine — someone who is also a member here, even though he doesn't visit here very often — on account of coming up with some guides — both in the form of literature and in the form of some audiovisual material which my friend has already put together via his YouTube account — for helping people install GNU/Linux on their computers and getting to work with the most common applications, such as office productivity software, e-mail, web browsing, image and video editing, et al.

    This project is still far from being in its infancy right now — at this point in time, it is still only just a couple of ideas — because the target audience of my friend's audiovisual presentations is generally more technically oriented and is therefore already familiar with the basics. Still, we may be able to come up with something usable for you guys, so stay tuned.
    = DEATH BEFORE DISHONOR =

  2. The Following 7 Users Say Thank You to Aragorn For This Useful Post:

    Aianawa (3rd February 2017), Dreamtimer (3rd February 2017), Elen (3rd February 2017), Greenbarry (3rd February 2017), Maggie (3rd February 2017), sandy (3rd February 2017), TimeSensitive (3rd February 2017)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •