back to article School's out as ransomware attack downs IT systems at Scotland's Dundee and Angus College

A further education college in east Scotland has been struck by what its principal described as a cyber "bomb" in an apparent ransomware attack so bad that students have been told to stay away and reset passwords en masse. Dundee and Angus College told students not to turn up after the ransomware seemingly downed the entire …

  1. Macs1000

    It was Dennis the Menace wot dunnit!

    1. Anonymous Coward
      Anonymous Coward

      Nah, Minnie the Minx

  2. 0laf Silver badge
    Childcatcher

    It was the Bash Street Kids.

    Or APT185 as they are known in intelligence circles.

    (My boy loves the Beano, I might even be caught reading it occasionally)

    1. Anonymous Coward
      Anonymous Coward

      It was the Bash Street Kids.

      Some 'Erbert failed to Plug a security hole

      1. Paul Herber Silver badge

        Wasn't me!

      2. Sam not the Viking

        The Numbskulls.

  3. Mike 137 Bronze badge

    Can someone possibly explain...

    Why should a ransomware attack (mass encryption of files) require users to reset their passwords? Does it suggest something about the security architecture? Or is it merely a virtual equivalent of the blanket "turn it off and on again" advice from the helpdesk first line?

    1. chivo243 Silver badge

      Re: Can someone possibly explain...

      Possibly a bit of Mis-Direction....

    2. Hans Neeson-Bumpsadese Silver badge

      Re: Can someone possibly explain...

      Why should a ransomware attack (mass encryption of files) require users to reset their passwords?

      Standard knee-jerk reaction methinks.

      As I understand it "request users to reset password" is one of the standard responses to a security incident. The other being to issue a statement to say that security is the organisation's highest priority.

      1. Crisp Silver badge

        Re: standard responses

        Shouldn't there be something in there about how our privacy is very important to them or something?

        1. Anonymous Coward
          Anonymous Coward

          Re: standard responses

          OK, OK...so, apart from password protection, security and privacy, what have the Romans sysadmins ever done for us?

          1. Anonymous Coward
            Anonymous Coward

            Re: standard responses

            Don't tell me the SysAdmin's name is "Woderwick"....

            And the person who is responsible for this mess is called "Biggus Dickus".

    3. Anonymous Coward
      Anonymous Coward

      Re: Can someone possibly explain...

      > Why should a ransomware attack (mass encryption of files) require users to reset their passwords?

      If they don't know for sure how the ransomware was introduced/triggered then they have to allow for the possibility that it might have been through old student accounts that should have been closed but weren't. Forcing a reset locks the baddies out of compromised accounts and highlights any other unused accounts.

      1. Version 1.0 Silver badge
        Thumb Up

        Re: Can someone possibly explain...

        I agree, I'd do that too. On the plus side, if they are telling everyone to reset their passwords then it's a good bet that they were backed up well, have done a quick restore and are resetting the account access.

        1. katrinab Silver badge
          Unhappy

          Re: Can someone possibly explain...

          There is also a good chance that they are restoring the virus infection.

    4. Anonymous Coward
      Anonymous Coward

      Re: Can someone possibly explain...

      Because they don't know what else was done yet.

      It is common these days for scum to exfiltrate all the data they want, then encrypt and ransom, then offer to sell back exfiltrated data.

      That exfiltrated data will likely have password hashes which can be cracked. So yeah, reset all the passwords of their systems, and if you are a fool that re-uses passwords for other items - you've got work to do.

      1. koswix
        Headmaster

        Re: Can someone possibly explain...

        Your point may or may not be good and valid, I've no idea because I just cannot get passed the absolutely absurd sound of the word 'exfiltrate'.

        I've no idea if it's correct or generally accepted, but it just sounds... wrong.

        1. Anonymous Coward
          Anonymous Coward

          Re: Can someone possibly explain...

          "exfiltrate" is clearly the opposite of "infiltrate", it's a perfectly cromulent word.

          (I agree, though, "extract" would probably be a slightly better word to use and somewhat less jargonistic. The "sneaking under the radar" sense that you get from "exfiltrate" is rather good, however.)

          1. koswix

            Re: Can someone possibly explain...

            Well yes, I can see the obvious link to 'infiltrate'. a quick check round the usual dictionary sites suggests it's a relative new comer (1960s or 1980s depending on source), although I note that my favoured big word list maker, Chambers, don't list it at all. Certainly sounds like something the Cold War would produce - create something ugly and with a good dollop of brute force applied, to solve a problem that never really existed in the first place.

            Like I said, I don't know if it's 'correct' or 'valid' language, I just know that I don't much like it.

          2. ForthIsNotDead Silver badge
            Pint

            Re: Can someone possibly explain...

            >The "sneaking under the radar" sense that you get from "exfiltrate" is rather good, however.)

            Precisely. Which is why 'exfiltrate' was correctly used in the context the OP was describing. Upvote and beer for OP from me.

            So there!

            1. koswix

              Re: Can someone possibly explain...

              If it's the opposite of infiltrate, doesn't that imply that the "hacker" put the data there in the first place, though? It's not exfiltration if it's their data, it's just theft.

              My god, that word really does grate for me. Sad that I'm getting downvoted for a linguistic preference, whatever is the world coming to? Here's some other words that unreasonably annoy me if anyone else wants to jump on the downvote button: pumpernickel, edamame, bunion and ointment.

    5. thondwe

      Re: Can someone possibly explain...

      So any installed keyloggers can capture the new passwords?

  4. This post has been deleted by its author

  5. vulture65537

    "because nobody knows anything"

    This graduate from 13 miles south suspects that's the usual condition.

    1. Inspector71
      Happy

      Hey, cross the bridge and say that. I'll pan yer heid in.

  6. SVV Silver badge

    Dundee and Angus College told students not to turn up

    May I recommend a rapid, unhackable and cost effective backup system for situations like these : Some blackboards and some chalk.

  7. Danny 2 Silver badge

    "mass panic worse than the coronavirus"

    It must have been an awful sight,

    To witness in the dusky moonlight,

    While the Storm Fiend did laugh, and angry did bray,

    Along the Railway Bridge of the Silv’ry Tay,

    Oh! ill-fated Bridge of the Silv’ry Tay,

    I must now conclude my lay

    By telling the world fearlessly without the least dismay,

    That your central girders would not have given way,

    At least many sensible men do say,

    Had they been supported on each side with buttresses,

    At least many sensible men confesses,

    For the stronger we our houses do build,

    The less chance we have of being killed.

    1. David 132 Silver badge
      Happy

      Re: "mass panic worse than the coronavirus"

      Thank you, William Topaz McGonagall.

      And coming up next, we have the latest work from Grunthos The Flatulent, followed by last year's winner, Paul Neil Milne Johnstone...

      1. Danny 2 Silver badge

        Re: "mass panic worse than the coronavirus"

        Ta David.

        Before I considered myself a Scottish engineer I thought of myself a Scottish poet. Scotland had already given the world it's worst poet and it's best poet, so I was always going to be mediocre.

        The coronavirus has panicked me into considering washing my hands.

        1. ForthIsNotDead Silver badge
          Coat

          Re: "mass panic worse than the coronavirus"

          Oh, I dunno.... Robert Burns was'ne that bad, min. Ken?

      2. gordonmcoats

        Re: "mass panic worse than the coronavirus"

        nice connection from DA to DA College

  8. Flywheel Silver badge
    Facepalm

    Oh, the irony

    Of course they offer a Cyber Security Course... sign me up Scotty!

    1. hopkinse

      Re: Oh, the irony

      I'm sure they will make it onto the syllabus of every other College/Uni in Scotland later in the year :-)

  9. MachDiamond Silver badge

    Interconnected viral pathways

    I find it problematic that the institutions getting ransomed seem to have cross connected all of their systems to the extent that one infection winds up owning everything. I have things in my own private office that are kept separated so if one has an issue, the other doesn't. Not doing that is like using one login and password for everything.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020