Military Camp

Ransomware Attack Hits Local Governments In Texas

The #1 community for Gun Owners in Texas

Member Benefits:

  • Fewer Ads!
  • Discuss all aspects of firearm ownership
  • Discuss anti-gun legislation
  • Buy, sell, and trade in the classified section
  • Chat with Local gun shops, ranges, trainers & other businesses
  • Discover free outdoor shooting areas
  • View up to date on firearm-related events
  • Share photos & video with other members
  • ...and so much more!
  • Sublime

    Active Member
    Rating - 0%
    0   0   0
    Mar 24, 2019
    768
    76
    Dallas
    Almost all of those require a user on/in the system to open/execute a file.
    Which is pretty easy to do. Employees open all kinds of chit. Corporations need a good IT Dept nowadays with all the Cyber risks so not surprising it happened to a municipality that probably is short on the budget and experience

    Sent from my Pixel 2 using Tapatalk
     

    candcallen

    Crotchety, Snarky, Truthful. You'll get over it.
    Emeritus - "Texas Proud"
    Rating - 100%
    2   0   0
    Jul 23, 2011
    21,358
    96
    Little Elm
    I never understood why these folks dont back up and tell them to pound sand.
     

    birddog

    bullshit meter
    Rating - 0%
    0   0   0
    Mar 4, 2008
    3,599
    96
    nunya
    I spent the better part of last week dealing with the mess. Don’t beleive what you read.
     

    Brains

    One of the idiots
    Rating - 100%
    3   0   0
    Apr 9, 2013
    6,904
    96
    Spring
    I spent the better part of last week dealing with the mess. Don’t beleive what you read.
    Then what’s the real scoop? PM if you’d rather, but as a guy responsible for systems that make it possible for hundreds of people to feed their families, I’m obviously very interested in knowing as much as possible about active threats.
     

    CyberWolf

    Active Member
    Rating - 0%
    0   0   0
    Aug 22, 2018
    711
    76
    US
    Almost all of those require a user on/in the system to open/execute a file.
    ^This is actually not something which is universally true.

    Depending on the specifics of any given scenario, there may possibly be any number of ways to remotely inject and execute malicious code without requiring any user interaction whatsoever, and we should never base what "could be" done on what "has been" done (publicly).
     

    Bozz10mm

    TGT Addict
    Rating - 0%
    0   0   0
    Oct 5, 2013
    9,616
    96
    Georgetown
    I always wondered about these ransomware attacks. Windows has system recovery. You can set it back to the way it was at certain points in time. Does that not work for ransomware?
     

    Darkpriest667

    Actually Attends
    Lifetime Member
    Rating - 100%
    9   0   0
    Jan 13, 2017
    4,489
    96
    Jarrell TX, United States
    Then what’s the real scoop? PM if you’d rather, but as a guy responsible for systems that make it possible for hundreds of people to feed their families, I’m obviously very interested in knowing as much as possible about active threats.


    No need to PM Baltimore wanted my department (at Dell) to send 2 guys to replace 10 thousand hard drives, we told them there was no need to replace the drives if they just planned to wipe the data.

    These attacks are really simple to get. Some dumbass on your domain downloads a file they aren't supposed to and either the GPO or firewall doesn't catch it and boom you're done. By the time you get the message depending on how big your file system is (and on government domains I have to believe we're dealing with massive amounts of data) It could have been weeks or months before the ransomware notifies you all of your files are encrypted.

    We've also had requests from at least 8 other metropolitan governments and a few states. Can't really talk about that, but the Baltimore thing is public knowledge.
     

    Brains

    One of the idiots
    Rating - 100%
    3   0   0
    Apr 9, 2013
    6,904
    96
    Spring
    If it's still just the same ol' ransomware that encrypts every file the infected machine has access to, the question really is "why are people allowing access to such wide swaths of storage to low-trust workstations?"

    Speaking of Dell, got any buddy deals for an older filer? I'd like to check out something like an Equallogic PS6xxx series.
     

    birddog

    bullshit meter
    Rating - 0%
    0   0   0
    Mar 4, 2008
    3,599
    96
    nunya
    ^This is actually not something which is universally true.

    Depending on the specifics of any given scenario, there may possibly be any number of ways to remotely inject and execute malicious code without requiring any user interaction whatsoever, and we should never base what "could be" done on what "has been" done (publicly).

    An example would be websites or applications with a browser based user schema that uses third party code repositories and may not know it, or if they do, what it does or have any control over it.
     
    Last edited:

    cdb

    New Member
    Rating - 0%
    0   0   0
    Feb 22, 2018
    49
    11
    Livingston, TX
    If it's still just the same ol' ransomware that encrypts every file the infected machine has access to, the question really is "why are people allowing access to such wide swaths of storage to low-trust workstations?"

    I expect it's more a case of the malicious code starting on a workstation then jumping to a higher-level administrative system via privilege escalation or service exploit or some-such where it can run amok on the full network and it's attached storage.
     
    Every Day Man
    Tyrant

    Support

    Latest posts

    Forum statistics

    Threads
    116,108
    Messages
    2,952,935
    Members
    34,935
    Latest member
    LandenR
    Top Bottom