back to article Passengers ride free on SF Muni subway after ransomware infects network, demands $73k

Hard-drive-scrambling ransomware infected hundreds of computers at San Francisco's public transit agency on Friday and demanded 100 bitcoins to unlock data, The Register has learned. Ticket machines were shut down and passengers were allowed to ride the Muni light-rail system for free on Saturday – a busy post-Thanksgiving …

  1. gerdesj
    Childcatcher

    Sign of the times

    An entire mass transit system's IT gets badly mauled for money and the headline here is "Woot - free travel".

    One day a few hundred people might see a message like that on the seat back displays on an aircraft. I am fairly sure the inflight entertainment system is air gapped from the flight control system on today's modern airliners.

    1. elDog Silver badge

      Re: Sign of the times

      Reminds me of the early days of auto-pilot ---

      A friendly voice comes over the airliner's PA system:

      "This plane is being piloted by an automated navigation system. This system has been thoroughly tested and there are no reasons to worry, no reasons to worry, no reasons to worry, ........."

      1. Martin Gregorie Silver badge

        Re: Sign of the times

        I remember that story from the early 70s amidst rumours of fully automated airliners soon to fly without pilots.

        However, autopilots were around and in regular use in aircraft before WW2. Many WW2 bombers had them: every bomber carrying a Norden bombsight had an autopilot that was linked to the bombsight during the run into the target: during the run in the bombsight managed the autopilot's inputs to fly the bomber to the precise bomb release point.

        By 1945, even DC-3 (C-47) troop transports were all fitted with autopilots.

        1. Anonymous Coward
          Anonymous Coward

          Re: Sign of the times

          > I remember that story from the early 70s amidst rumours of fully automated airliners soon to fly without pilots.

          Until someone put it through a customer focus group, that soon killed the idea. :-)

          Which to be honest, we (pilots) have probably killed a lot more people than we've saved. But I for one I'm pleased that the cargo, if they make it, have someone onboard to blame for the "bad" landing.

          > By 1945, even DC-3 (C-47) troop transports were all fitted with autopilots.

          Yes, but nowadays when people talk about the autopilot, more often they refer to the bit that controls the autopilot (and the engines, radios, and other things) rather than to the autopilot itself. This is what was invented around the 70s, and which those headlines probably referred to.

          I didn't know about those bombers you mention. Interesting. They had a lot of ingenuity back in those days.

    2. Anonymous Coward
      Anonymous Coward

      Re: Sign of the times

      > One day a few hundred people might see a message like that on the seat back displays on an aircraft

      It'd just make for bored passengers. Probably increase duty-free sales.

      > I am fairly sure the inflight entertainment system is air gapped from the flight control system

      It is, although there were reports circulating a few years ago about stuff jumping the gap, but never known to occur in the wild, intentionally or otherwise. There isn't such as thing as "the flight control system" anyway, but dozens of systems that operate more or less independently of each other, each with its own redundancy.

      > on today's modern airliners.

      By design, they are made to be inherently flyable. By far the major risk electronics pose is the corresponding fire hazard. In the event of a complete electrical power failure, you're essentially back to flying a C-172. As long as there is no fire, it's just an interesting day at the office.

      1. patrickstar

        Re: Sign of the times

        AFAIK a total power failure has never happened in a modern fly-by-wire aircraft and it's not something you'd train for. It has been done in simulators though.

        But it's very unlikely to happen - if everything else fails (plane runs completely out of fuel, for example), there is a Ram Air Turbine deployed. Basically a small wind turbine attached to the aircraft to power the most important systems.

        1. Flocke Kroes Silver badge

          Re: Ram Air Turbine

          The ram air turbine loses power when you fly slowly, such as just before landing at a race track.

          1. Vic

            Re: Ram Air Turbine

            The ram air turbine loses power when you fly slowly

            It produces less when travelling slowly - it is still generating, and the aircraft is still responsive.

            In the example you cite, the pilots would probably have been better off putting the nose down a bit and gaining some extra speed anyway.

            Vic.

            1. Orv Silver badge

              Re: Ram Air Turbine

              "In the example you cite, the pilots would probably have been better off putting the nose down a bit and gaining some extra speed anyway."

              Hard to say. They were going to overshoot, and without spoilers putting the nose down wouldn't have helped the matter. In fact, they were in a forward slip to try to shed some of that energy, which was probably part of the problem -- the air wouldn't have been entering the RAT straight on.

              There were no ideal options, but the choices they made not only allowed everyone to walk away but even allowed them to use the airplane again later, so it's hard to fault them too much. ;)

              1. Vic

                Re: Ram Air Turbine

                They were going to overshoot, and without spoilers putting the nose down wouldn't have helped the matter

                Yes it would. Increasing speed from the optimum glide speed reduces the total range - i.e. it spills energy. This is standard glide procedure...

                Vic.

        2. Anonymous Coward
          Anonymous Coward

          Re: Sign of the times

          > AFAIK a total power failure has never happened in a modern fly-by-wire aircraft and it's not something you'd train for. It has been done in simulators though.

          You are correct. It would be nearly impossible to lose all electrical power. Cockpit blackouts, on the other hand ... :b

          1. TheVogon Silver badge

            Re: Sign of the times

            "It would be nearly impossible to lose all electrical power"

            So possible then.

            1. Anonymous Coward
              Anonymous Coward

              Re: Sign of the times

              > So possible then.

              Yes, possible, but extremely unlikely. Unless you've got more pressing issues to worry about, such as having run out of fuel in the middle of the Atlantic, in which case you might as well accept that this is not going to be a very good day.

              1. daddyo

                Running out of fuel--in middle of Atlantic

                Actually has happened more than once--a Canadians has particular problems with conversions from metric fueling and English gauges. One in the middle of Atlantic at 40,000 feet. That was the saving grace--they coasted from flight altitude 120 miles (or was it 120 Km?) to a successful really dead stick landing in Azores.

        3. DanceMan

          Re: if everything else fails

          ``But it's very unlikely to happen - if everything else fails (plane runs completely out of fuel, for example)``

          This is exactly what just happened to a Brazilian soccer team. It didn`t end well.

      2. Anonymous Coward
        Anonymous Coward

        Fly-by-wire

        In the event of a complete electrical power failure, you're essentially back to flying a C-172. As long as there is no fire, it's just an interesting day at the office.

        I sincerely hope you never experience a complete loss of electrical power on any modern passenger aircraft. For example Airbus designs past A320 do not have mechanical or hydrolic backups - all backup flight controls require at least some electrical power to stay on. Boeing designs do keep a mechanical backup through 777 at least (I could not quickly find whther 787 has a mechanical backup or not; perhaps someone more knowledgeable can comment) - so if you are truly paranoid, you should be very picky in choosing your flights, and in making sure that the crew is familiar with mechanical backup operation.

        Reference: Fly-by-wire by wikipedia

        1. Anonymous Coward
          Anonymous Coward

          Re: Fly-by-wire

          > I sincerely hope you never experience a complete loss of electrical power on any modern passenger aircraft

          An electrical power failure refers to loss of generation capacity.

          > Boeing designs do keep a mechanical backup

          I was rated on the 738 and that did *not* have a mechanical linkage, that was all FADEC same as on the airbus, though they make it look old school by using servos to move the throttle.

          For the flight surfaces, both major manufacturers have a form of mechanical backup, this being a certification requirement.

        2. Orv Silver badge

          Re: Fly-by-wire

          Pretty sure instead of a mechanical linkage and ram-air turbine the 787 uses a redundant emergency battery pack. (You may recall initial issues with the packs trying to catch fire.) Hydraulics still provide the muscle, but everything else is electric, including the hydraulic pumps. What's distinctive about the 787 is it has no pneumatic systems; most airliners use high-pressure air bled off of the compressor stages of the engines to operate air conditioning, starters, and sometimes the backup hydraulic system. The advantage of not doing that is bleeding air out of the compressor stage makes the engines less efficient.

          While electric systems get a lot of attention, a breach in the hydraulic system is far more likely to completely cripple an aircraft. Any leak that affects all three redundant hydraulic systems is likely to eventually bleed out all the fluid, freezing the actuators. This is what happened in United flight 232.

          1. Vic

            Re: Fly-by-wire

            Pretty sure instead of a mechanical linkage and ram-air turbine the 787 uses a redundant emergency battery pack

            The 787 has a RAT.

            Vic.

            1. Orv Silver badge

              Re: Fly-by-wire

              I stand corrected about the 787 RAT! That's a truly impressive level of redundancy.

      3. Jonathan Richards 1
        Alert

        Re: Sign of the times

        > In the event of a complete electrical power failure, you're essentially back to flying a C-172

        I don't think so. In a Cessna there is a physical linkage between the pilot's controls and the plane's control surfaces, and the aerodynamic forces on the control surfaces are such that a pilot can move them with muscle power alone. Neither of those things is true for a modern jet airliner: the control surfaces are moved by hydraulics which don't go all the way back to the cockpit, and which depend on powered hydraulic servos - I would expect that an airliner with a *complete* electrical failure would be close to unflyable (un-landable, anyway), but IANAP, and would be very pleased if a real airline pilot would tell me otherwise.

        1. Anonymous Coward
          Anonymous Coward

          Re: Sign of the times

          > but IANAP

          On the other hand, I am...

          >, and would be very pleased if a real airline pilot would tell me otherwise.

          ...and I wrote the post you're referring to. :-)

          Yes, I took a bit of dramatic licence to please the crowd, but that's indeed how it feels when you lose all the fancy bits.

          And the myth about fbw aircraft being "uncontrollable" is sensationalist rubbish btw, don't pay attention to that.

          1. Lotaresco

            Re: Sign of the times

            "And the myth about fbw aircraft being "uncontrollable" is sensationalist rubbish btw, don't pay attention to that."

            There are aircraft that do not have manual reversion and that could not be flown by direct input to the controls.

            1. Lotaresco

              Re: Sign of the times

              Oh FFS, another downvoting cockwomble. The BAe Typhoon, B-2 Spirit and Lockheed F-117 Nighthawk have no manual reversion and cannot be flown by a pilot using direct input manual controls even if these were available. If you want to know how an aircraft type works, the last person you should ask is the pilot, he's just the bloody taxi driver. You see all you did with that downvote is make yourself look like a horse's ass, boy.

              1. Orv Silver badge

                Re: Sign of the times

                There's a good reason for that -- airliners are designed to be inherently stable, so even without computer assistance they tend to fly roughly straight and level. If they diverge, it's slowly, on a time scale a human can react to and control.

                Modern fighters are inherently *un*stable, because this increases maneuverability. Without the computer, it's impossible to remain in control.

                On at least some fighter jets a loss of all of the redundant flight computers causes an automatic ejection. It goes south that quickly without them.

                Mind you, most such systems have triply redundant (or better) control systems. (Two is no good because if they differ, you don't know which is correct.)

                1. Lotaresco

                  Re: Sign of the times

                  "There's a good reason for that"

                  Yes, I know. My work address used to have Royal Aircraft Establishment in it. Thanks for clarifying the point.

                  I was responding to the boastful pilot[1] who said: "And the myth about fbw aircraft being "uncontrollable" is sensationalist rubbish"

                  Note that he stated "aircraft" not "airliner" and he's downright wrong. There are FBW aircraft that are dynamically unstable and they cannot be flown by pulling on strings. As you say these tend to be military types and have, on the ones I'm aware of, quad-redundant control systems. Although there's a long and intense argument to be had about whether these systems are suitably redundant. For example they all tend to use the same firmware and processors so there's no independence of design.

                  it's amusing that rather than engaging in a discussion he's just downvoting, presumably with his bottom lip out in a childish pout, because he knows he was wrong but is too much of a child to admit it.

                  [1] Is there any other sort of pilot?

              2. JoeF

                Re: Sign of the times

                Military aircraft without passengers...

                And the pilot can bail via eject seat.

                So, apples and oranges...

                And btw, pilot here as well, but only C-172-size planes.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Sign of the times

                  > but only C-172-size planes.

                  Yeah, but you get to choose when and where you fly, and don't have to wear a silly shirt that'll get you mistaken by a cop¹ or shop attendant. Lucky bastard!

                  ¹ As happened to a friend of mine in an inadvisable part of Glasgow in times gone by.

                2. Lotaresco

                  Re: Sign of the times

                  "Military aircraft without passengers..."

                  Yes, but military aircraft are aircraft. The Anon. Coward stated " the myth about fbw aircraft being "uncontrollable"". It's not a myth, some FBW aircraft are uncontrollable. If the AC wanted to refer solely to Civil Aviation he should have made that clear or referred to "airliner" rather than "aircraft".

                  Typical bus driver, he thinks his vehicle is the only one in existence.

              3. Anonymous Coward
                Anonymous Coward

                Re: Sign of the times

                > You see all you did with that downvote is make yourself look like a horse's ass, boy.

                I don't know who downvoted you last time, but this one is mine. Why are you so angry? Missed a flight recently or something? Was your ex a pilot? :-)

                Hope you have a great day too, bye!

                [Edit to say: Just saw your post about "manual reversion". I think I can see why it may have copped a downvote, it's a bit of a non sequitur as I read it.]

                1. Lotaresco

                  Re: Sign of the times

                  "Just saw your post about "manual reversion". I think I can see why it may have copped a downvote, it's a bit of a non sequitur as I read it."

                  Perhaps the point was difficult to follow? It doesn't seem to be difficult but it may be. Manual reversion is only possible in aircraft which are inherently stable in flight. If as AC1 states it is a myth that FBW aircraft can be uncontrollable without the assistance of active FBW systems then all aircraft should be capable of manual reversion. Design teams will always provide manual reversion if possible as the ultimate failsafe. If they have not done so there's a reason and the reason is that the aircraft cannot be flown under manually control because it is dynamically unstable, i.e. "uncontrollable". Hence absence of manual reversion is a clear indication that a particular aircraft type is "uncontrollable".

                  As to "angry", no I'm not, but thanks for offering your point of view.

          2. EuKiwi

            Re: Sign of the times

            > And the myth about fbw aircraft being "uncontrollable" is sensationalist rubbish btw, don't pay attention to that.

            Hrm... well sort of. 'Uncontrollable' is a bit dramatic of course, but then you yourself admitted to using dramatic licence to please the crowd, so... stones, glass houses etc. :)

            Whilst the RAT for example would provide basic control, it is VERY basic - not uncontrollable, but definitely not ideal, and certainly not like suddenly being in a light aircraft as you stated.

        2. Vic

          Re: Sign of the times

          I would expect that an airliner with a *complete* electrical failure would be close to unflyable

          A *complete* electrical failure would render the aircraft unflyable - but there's a vanishingly small probability of that. You would need to lose all the engines, the APU and the RAT. Any one of those being operable will give you effective control surfaces.

          Vic.

    3. Ole Juul

      Re: Sign of the times

      "An entire mass transit system's IT gets badly mauled for money and the headline here is "Woot - free travel"."

      Obviously concerns and priorities will vary, but to a certain demographic this could be perceived as a Robin Hood action.

    4. Destroy All Monsters Silver badge
      Paris Hilton

      Re: Sign of the times

      An entire mass transit system's IT gets badly mauled for money and the headline here is "Woot - free travel".

      Better than the headline "An entire mass transit system's IT gets badly mauled for money and the headline here is "Passengers forced to walk because administration says nobody rides for free".

    5. A Non e-mouse Silver badge

      Re: Sign of the times

      An entire mass transit system's IT gets badly mauled for money and the headline here is "Woot - free travel".

      A non-life threatening IT incident occurred and was reported by El Reg - an IT news website known for a heavy dose of sarcasm and humour, especially in its sub-heads.

      Move along, nothing to see here.

    6. Christian Berger Silver badge

      Well this was completely avoidable

      I mean it's just extremely risky to put a system that can easily run code from any e-mail and doesn't even show "file extensions" by default into the hands of untrained workers.

      If they would have just been a bit more cautious and, for example, provided their users with simpler systems where they cannot easily make such fatal errors. If everything fails, give them terminals for the business end of things.

    7. Tom Paine Silver badge

      Re: Sign of the times

      I am fairly sure the inflight entertainment system is air gapped from the flight control system on today's modern airliners.

      I can tell you don't work in security; it's the touchingly naive faith in people to not make the most stupid mistake possible...

      https://www.wired.com/2015/04/hackers-commandeer-new-planes-passenger-wi-fi/

      1. Lotaresco

        Re: Sign of the times

        "I can tell you don't work in security;"

        I do.

        Have an upvote to help even the score because (a) you're talking sense and (b) the peevish downvoting couple really need to get a life, or even a pale imitation of one.

    8. Lotaresco

      Re: Sign of the times

      " I am fairly sure the inflight entertainment system is air gapped from the flight control system on today's modern airliners."

      I'm fairly sure, no certain, that you are wrong.

    9. Anonymous Coward
      Anonymous Coward

      Re: Sign of the times

      I guess I'm jealous considering the ransom I pay everyday to National Rail services in to London and then TFL, just to not get a seat, and to be squashed on the Sardintral (Central) Line which is an aluminium can full of red face passenger meat.

  2. elDog Silver badge

    These infections seem almost inadvertent

    Like the perpbots don't know what they're infecting and what the possible payoff might be.

    Wonder how much an Internal Revenue service-type organization ransom would be worth?

    Trump and/or Putin mega corporations?

    1. Anonymous Coward
      Anonymous Coward

      Re: These infections seem almost inadvertent

      elDog>>Like the perpbots don't know what they're infecting and what the possible payoff might be.

      I'm surprised they don't use a "Dutch auction" Those organizations with the right combination of the urgency and the resources might pay a high price immediately. Eventually the price will drop to the point where even a home user might say, well, I'll pay a few quid to not have to say goodbye to all those photographs.

  3. Dwarf Silver badge

    Design failure

    You have to wonder why they have not segmented their networks with firewalls, both to alert on compromise and minimise the effects if anything were to get in.

    Having all the front end and back end systems with full connectivity will only ever lead to this sort of failure when something does go wrong.

    1. Jon 37

      Re: Design failure

      Because that costs more money and "there's no need to do that". (At least, thats what management says *before* it goes wrong, *after* it goes wrong it's "how could you let this happen!")

      1. Doctor Syntax Silver badge

        Re: Design failure

        ' *after* it goes wrong it's "how could you let this happen!"'

        Let's hope someone has the relevant emails backed up. Off-line naturally.

        1. Colin Miller

          Re: Design failure

          > ' *after* it goes wrong it's "how could you let this happen!"'

          > Let's hope someone has the relevant emails backed up. Off-line naturally.

          This reminds me of the Abigail Oath, whch goes:-

          I am hired because I know what I am doing, not because I will do whatever I am told is a good idea. This might cost me bonuses, raises, promotions, and may even label me as “undesirable” by places I don’t want to work at anyway, but I don’t care. I will not compromise my own principles and judgement without putting up a fight. Of course, I won’t always win, and I will sometimes be forced to do things I don’t agree with, but if I am my objections will be known, and if I am shown to be right and problems later develop, I will shout “I told you so!” repeatedly, laugh hysterically, and do a small dance or jig as appropriate to my heritage.

          1. Fatman Silver badge
            Joke

            Re: Design failure

            Colin,

            You forgot:

            Throw manglement under the bus at each and every opportunity I get.

            1. PAKennedy

              Re: Design failure

              Why a bus? They've got an entire tube train system to hand.

          2. Lotaresco

            Re: Design failure

            'if I am shown to be right and problems later develop, I will shout “I told you so!”'

            A design team that I was a member of had an informal rule that all position papers used to establish the design objectives would be printed on odd numbered pages only. Even numbered pages would be printed with "I TOLD YOU SO" in 72 point characters. In the event of the inevitable management-created cock-up the paper would be turned over.

      2. ecofeco Silver badge

        Re: Design failure

        Because that costs more money and "there's no need to do that". (At least, thats what management says *before* it goes wrong, *after* it goes wrong it's "how could you let this happen!")

        Exactly.

      3. Anonymous Coward
        Anonymous Coward

        Re: Design failure

        Because that costs more money and "there's no need to do that".

        Well as a minion at Dundee University (hence AC) that is the plan for the new network - no longer IP address by department subnet with ACLs between them, but now IP address by building and all in a big pool as far as access is concerned. Maybe a few pools depending on "type", but its not clear from down here how the glorious leaders are actually going to act.

        I hope somebody in charge reads El Reg and sees the SF incident as the almost inevitable consequences of not segmenting the network by-design.

        1. Doctor Syntax Silver badge

          Re: Design failure

          "a minion at Dundee University"

          Store those emails offline.

    2. Voland's right hand Silver badge
      Devil

      Re: Design failure

      You have to wonder why they have not segmented

      Ever tried to push for a non-flat network design in a SMB? I have some recollection of what it cost me to separate logically office, development, test, finances and a few others in one of my past jobs. Most IT people will not deal with the aggravation, or fail to get the budget and/or not have the qualification to build it themselves if budget is not granted.

      In addition to this, there will be no lesson learned here. Instead of the right news headline: "Valley municipal IT are a bunch of clueless incompetent clowns" we have a headline of"Passengers ride free on SF Muni..."

      1. Anonymous Coward
        Anonymous Coward

        Re: Design failure

        > Valley municipal IT are a bunch of clueless incompetent clowns

        A bit quick to judge perhaps? Unless you have seen the post mortem.

        Personally, when fuck-ups happen, my first thought is "there but for the grace of God¹ ...", not "everyone else don't know what they're doing".

        My second thought then is "how likely is this to happen to me, what would be the consequences, and case being, how can I stop it from happening?"

        ¹ Technically, I'm an atheist, but "there for the grace of an essentially chaotic series of events" doesn't quite have the same ring to it.

    3. webhead

      Re: Design failure

      Simply due to some domain admins still thinking that it's fine to put everything in the same domain. Face palm

    4. Tom Paine Silver badge
      Unhappy

      Re: Design failure

      You have to wonder why they have not segmented their networks with firewalls, both to alert on compromise and minimise the effects if anything were to get in.

      What makes you think they haven't? The thing with firewalls is that you always have holes for allowed traffic. And where authorised traffic can pass, so can attackers. In this case, you need some way to push security updates, ticket price changes etc to the ticket machines, and a way for the terminals to report back on how many tickets they've sold / when / where to, how long until the chicken soup nozzle needs cleaning out, etc. Anything the admins can do, the attacker and their malware can do, once they've pwned an admin workstation.

      1. Doctor Syntax Silver badge

        Re: Design failure

        "What makes you think they haven't[segmentd the network]? The thing with firewalls is that you always have holes for allowed traffic."

        If there are holes they aren't segmented. Porous firewalls are a trading of convenience for security. How long will it take for people to wake up to the fact that in the end you lose out in a big way on security?

        1. Bill Gray

          Re: Design failure

          @Doctor Syntax :

          "...Porous firewalls are a trading of convenience for security."

          Those who give up computing security for a little convenience will soon have neither.

          -- Mark Twain

          If you want somebody to pay attention to something, tell them Mark Twain said it first.

          -- Benjamin Franklin

          1. Doctor Syntax Silver badge

            Re: Design failure

            "f you want somebody to pay attention to something, tell them Mark Twain said it first.

            -- Benjamin Franklin"

            Shouldn't that be

            -- Mark Twain?

            1. Mark 85 Silver badge

              Re: Design failure

              You might be right.

              "Don't believe everything you read on the Internet." -- Abraham Lincoln.

          2. allthecoolshortnamesweretaken

            Re: Design failure

            "The problem with quotes on the internet is that you never know whether they are genuine or not." -- Charles Babbage

    5. Orv Silver badge

      Re: Design failure

      It sounds like they're running Microsoft Windows, which has been designed since way back with the idea that everything is in a flat network, preferably in a single broadcast domain. It gets messy in a hurry when you try to limit how clients talk to the domain controllers. Stuff breaks in mysterious ways, and unless you have a very high level contract with MS your odds of getting help fixing them are not high.

    6. Lotaresco

      Re: Design failure

      "You have to wonder why they have not segmented their networks with firewalls, both to alert on compromise and minimise the effects if anything were to get in."

      You would have to wonder why anyone in this day and age would think that segmenting a network with firewalls would be the way to do it. Segmented networks, yes. Firewalls yes. But the firewalls are not really how we segment networks, that's largely done via the switches and by the use of other security devices. Unfortunately this does take planning and investment which is why most organisations don't do it. Another reason is that good people cost a lot and companies bizarrely think that three cheap bodies are more effective than one expert.

  4. TXITMAN

    Relevant?

    http://www.infoworld.com/article/2653004/misadventures/why-san-francisco-s-network-admin-went-rogue.html

  5. Anonymous Coward
    Anonymous Coward

    What a nightmare...

    Yet another wake up call for senior execs (weakest link in any org will screw you). What was the attack vector. Underpaid / badly trained staff clicked on poison link?

    1. WonkoTheSane
      Headmaster

      Re: What a nightmare...

      "Underpaid / badly trained staff clicked on poison link?"

      More like OVERpaid / Completely untrained PHB clicked on poisoned link.

    2. Anonymous Coward
      Anonymous Coward

      Re: What a nightmare...

      Somebody will *always* click on a link! If your system relies on no one ever making a mistake you are as big a fool as the user, in fact more so because you are paid to stop this.

      In fact there are always vulnerabilities in every system, and everyone sooner or later will do something dumb, so you need multiple layers of protection:

      - Try and stop spam coming in by severe email filtering and quarantine of any suspect attachment

      - Educate users to be vigilant so they don't fall for it (too often)

      - Disable as far as possible the ability for spam to run when it does (noexec ACLs on user-writable areas for Windows, equivalent mount option for /home, /tmp and so on in Linux, blocking macros in document readers like Office, Adobe Reader (if you are that unlucky as to have to use it), etc)

      - Limit what successfully run spam can do in terms of access to other machines (network segmentation, file systems mounted read-only if at all possible, etc)

      - Have a tested backup and restore system that can't be modified by the target PCs no matter what account privileges they have (also use of frequent snapshots to reduce the window of unrecoverable damage, etc)

      1. Lotaresco
        FAIL

        Re: What a nightmare...

        "Somebody will *always* click on a link!"

        I don't believe that's true. If it were people would be able to misdirect individuals over and over again. There's no evidence to support your claim - see this paper which gives a detailed statistical analysis of the root causes of security breaches. It does not mention clicking on a link as a significant issue.

  6. Anonymous Coward
    Anonymous Coward

    Talk To Me

    "The extortionists behind the malware have complained that no one at the agency has so far spoken to them let alone offered to pay."

    Never dealt with local government bureaucrats before?

    1. Alan Penzotti
      Holmes

      Re: Talk To Me

      Perhaps the extortionist doesn't know that he needs a Business License before he can collect.

  7. Chozo

    Woot - Free Travel Indeed

    If this had happened in London the nations capitol would probably be walking to work.

    1. Flocke Kroes Silver badge

      Re: Woot - Free Travel Indeed

      If they opened the gate and left out a bucket for donations then I would pay to support not funding the next generation of ransomware.

      1. Anonymous Coward
        Anonymous Coward

        Re: Woot - Free Travel Indeed

        > If they opened the gate and left out a bucket for donations then I would pay to support not funding the next generation of ransomware.

        Where I live there are no gates. People pay just because that's the deal, not because there is a gate to open.

    2. Anonymous Coward
      Anonymous Coward

      Re: Woot - Free Travel Indeed

      "nations capitol"

      Just because the spell checker doesn't highlight them it doesn't mean the words are correct for the context !!

      1. hmv Bronze badge

        Re: Woot - Free Travel Indeed

        Do you mean to say London isn't the world's _capital_ ?

      2. tiggity Silver badge

        Re: Woot - Free Travel Indeed

        Well, a big chunk of the nations capitol is London based.... so a play on words cannot be discounted.

        1. Jonathan Richards 1
          Headmaster

          Nations capitol ^W^W Nation's capital

          That is all.

    3. Anonymous Coward
      Anonymous Coward

      Re: Woot - Free Travel Indeed

      > If this had happened in London the nations capitol would probably be walking to work.

      Out of consideration for your readers, please mind your spelling.

  8. Anonymous Coward
    Anonymous Coward

    Mind the air-gap

    What?

  9. MJI Silver badge

    Spam them?

    They give an email address, fill their inbox with spam

    1. Voland's right hand Silver badge

      Re: Spam them?

      Why SPAM? Send ransomware back. Most of us get 2-3 samples a day so getting a kit to send back should not be an issue.

  10. Steve Graham

    Master File Table

    I read that Talos blog on protecting the MBR, and being ignorant about NTFS, I have a question: if some malware simply encrypts the Master File Table, couldn't you regularly snapshot it (and the MBR too, why not?) and be able to restore them?

  11. Martin
    WTF?

    I am surprised at the moderate level of ire at the perpetrators in the comments.

    I know, yes, that the systems should be better locked down. But that doesn't justify people just shrugging and saying "Well, what do you expect?"

    By their own admission, they are just trying to break any systems they can get into, and asking for significant amounts of money to repair the damage they have caused. They seem almost upset that no-one is talking to them. They are loathsome blackmailing scum of the earth, and I for one would like to see them captured and put into jail for a very long time.

    1. TheProf

      " I for one would like to see them captured and put into jail for a very long time."

      Or forced to ride public transport 24 hours a day 7 days a week.

      1. Doctor Syntax Silver badge

        A distinction without a difference

        " I for one would like to see them captured and put into jail for a very long time."

        Or forced to ride public transport 24 hours a day 7 days a week.

        1. pxd

          Re: A distinction without a difference

          I think we should distinguish between the punishment of being forced to perpetually ride the London Underground, which has, by and large, not been too painful of late (sorry Piccadilly Line passengers today), and the truly medieval Spanish Inquisition-esque torture that is the lot of the poor Southern Rail user. So far, the SF mob strike me as deserving the former; I would reserve the latter for those holding hospitals to ransom. pxd

          1. Loud Speaker

            Re: A distinction without a difference

            "No one expects a Southern Rail train"?

      2. Nick Ryan Silver badge
        Stop

        Or forced to ride public transport 24 hours a day 7 days a week.

        Please have some degree of appropriateness about the level of punishment. These are only low live malware inflicting scum out to make a (dis)honest living, it's not as if they are mass murderers or politicians who would be more deserving of such a punishment.

    2. Lotaresco

      "I am surprised at the moderate level of ire at the perpetrators in the comments."

      I'm not.

      About a decade ago the domain name registration service used by a company I worked for fouled up and failed to renew one of the domains - they invoiced and were paid for the renewal, they just didn't do it. It was instantly snapped up by Russian cyber squatters who demanded $CASHLOTS to hand it back. I got voted in as the person to talk to them about it. I made it clear that the domain name wasn't one that was important to us. It was handy to have but not essential and it wasn't associated with business comms (the only email accounts for that domain were postmaster and hostmaster) so we didn't care about losing it. I asked them nicely if they would hand it back since we weren't going to put ourselves out to recover the domain name and certainly weren't going to be paying even $1 ransom money. I also pointed out that they would have to pay the registration fees so it was costing them money for nothing.

      I got the same outraged response. How dare I not want to pay ransom money? They had gone to some effort to grab the registration and I should be grateful to them that they only wanted hundreds of thousands of dollars to hand it back.

      I check from time to time, they still have the domain, no one wants it.

    3. Anonymous Coward
      Anonymous Coward

      > I am surprised at the moderate level of ire at the perpetrators in the comments.

      What use would that be?

  12. Missing Semicolon Silver badge

    Cheaper?

    It would be interesting to see how much would actually be lost if all of the systems and functions that are currently broken were just switched off, and the staff let go. Maybe free riding would not be as expensive as all that?

    1. Anonymous Coward
      Anonymous Coward

      Re: Cheaper?

      Ahh Thing work better if we keep our hands off as much as possible?. Kind of like the phenomenon of the mortality rate going down when doctors go on strike?

  13. David Pollard
    Joke

    Free Charlie Now

    Maybe the perpetrators could be persuaded to target Boston MTA so that it's free to ride for a few hours. A chap called Charlie has apparently been stuck there for decades because he didn't realise that a fare increase had been imposed.

    See: Charlie on the MTA

    https://www.youtube.com/watch?v=S7Jw_v3F_Q0

  14. Anonymous Coward
    Anonymous Coward

    SFMTA

    Is hardly an underfunded IT organization, It is big and buys lots and lots of Dell hardware...one very senior IT person is a big fan of Compellant. Pity that MTA didn't apparently work out how to use snapshots as a form of risk mitigation against exactly this scenario, despite having seen exactly this scenario and mitigation in product demonstrations of several other products delivered to same Compellant bigot, who just kept on buying more of the same.

    I think it is amusing that the Ramsomware minions are surprised that they have not received ransom yet...they should be aware that they will be needed to be listed as an approved vendor before the city can pay for software. I believe that the city is not currently accepting applications so they may just have to wait, or go through the Dell team to make that sale.

    AC because ...well...

    I think it is amusing the ransom writers

  15. Domquark

    Why don't people protect their systems?

    One simple Group Policy to prevent users from running executables in the Temp folder and you instantly stop 90% of ransomware - Simples!

    For the other 10%, regular backups, decent A/V and educating users.

    I have to do this to SMB's - why don't larger organisations do this?

    Sorry, not too much sympathy when there are ways to prevent this sort of thing..........

  16. Anonymous Coward
    Anonymous Coward

    > Windows

    Lol.

  17. allthecoolshortnamesweretaken

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019