School's out as ransomware attack downs IT systems at Scotland's Dundee and Angus College A further education college in east Scotland has been struck by what its principal described as a cyber "bomb" in an apparent ransomware attack so bad that students have been told to stay away and reset passwords en masse. Dundee and Angus College told students not to turn up after the ransomware seemingly downed the entire …
Why should a ransomware attack (mass encryption of files) require users to reset their passwords? Does it suggest something about the security architecture? Or is it merely a virtual equivalent of the blanket "turn it off and on again" advice from the helpdesk first line?
Why should a ransomware attack (mass encryption of files) require users to reset their passwords?
Standard knee-jerk reaction methinks.
As I understand it "request users to reset password" is one of the standard responses to a security incident. The other being to issue a statement to say that security is the organisation's highest priority.
> Why should a ransomware attack (mass encryption of files) require users to reset their passwords?
If they don't know for sure how the ransomware was introduced/triggered then they have to allow for the possibility that it might have been through old student accounts that should have been closed but weren't. Forcing a reset locks the baddies out of compromised accounts and highlights any other unused accounts.
Because they don't know what else was done yet.
It is common these days for scum to exfiltrate all the data they want, then encrypt and ransom, then offer to sell back exfiltrated data.
That exfiltrated data will likely have password hashes which can be cracked. So yeah, reset all the passwords of their systems, and if you are a fool that re-uses passwords for other items - you've got work to do.
"exfiltrate" is clearly the opposite of "infiltrate", it's a perfectly cromulent word.
(I agree, though, "extract" would probably be a slightly better word to use and somewhat less jargonistic. The "sneaking under the radar" sense that you get from "exfiltrate" is rather good, however.)
Well yes, I can see the obvious link to 'infiltrate'. a quick check round the usual dictionary sites suggests it's a relative new comer (1960s or 1980s depending on source), although I note that my favoured big word list maker, Chambers, don't list it at all. Certainly sounds like something the Cold War would produce - create something ugly and with a good dollop of brute force applied, to solve a problem that never really existed in the first place.
Like I said, I don't know if it's 'correct' or 'valid' language, I just know that I don't much like it.
If it's the opposite of infiltrate, doesn't that imply that the "hacker" put the data there in the first place, though? It's not exfiltration if it's their data, it's just theft.
My god, that word really does grate for me. Sad that I'm getting downvoted for a linguistic preference, whatever is the world coming to? Here's some other words that unreasonably annoy me if anyone else wants to jump on the downvote button: pumpernickel, edamame, bunion and ointment.
This post has been deleted by its author
It must have been an awful sight,
To witness in the dusky moonlight,
While the Storm Fiend did laugh, and angry did bray,
Along the Railway Bridge of the Silv’ry Tay,
Oh! ill-fated Bridge of the Silv’ry Tay,
I must now conclude my lay
By telling the world fearlessly without the least dismay,
That your central girders would not have given way,
At least many sensible men do say,
Had they been supported on each side with buttresses,
At least many sensible men confesses,
For the stronger we our houses do build,
The less chance we have of being killed.
Ta David.
Before I considered myself a Scottish engineer I thought of myself a Scottish poet. Scotland had already given the world it's worst poet and it's best poet, so I was always going to be mediocre.
The coronavirus has panicked me into considering washing my hands.
I find it problematic that the institutions getting ransomed seem to have cross connected all of their systems to the extent that one infection winds up owning everything. I have things in my own private office that are kept separated so if one has an issue, the other doesn't. Not doing that is like using one login and password for everything.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
