Brit Police Federation cops to ransomware attack on HQ systems The Police Federation of England and Wales (PFEW), a sort-of trade union for police workers, has been battling to contain a ransomware strike on the group's computer systems, it confessed this afternoon. In a statement posted on Twitter, PFEW said it first noticed the attack infecting its systems on Saturday 9 March, "with …
Over here, Germany, they are more pro-active.
A company where a friend works was contacted by the Federal Office for the Protection of the Constitution, because their IP address turned up on a known malware exchange site on the darknet. They were informed about the incident, that they might be targeted and were offered free consultation.
Security is only as good as the weakest link. If you have some idiot in front of a keyboard opening an infected website or email that is carrying a so far unseen malware there isn't a lot you can do.
User training is almost more important than the actual electronic security systems.
The one thing I don't understand is how the backups got deleted. That the currently running backup job / the just finished backup job got deleted before the media was taken offline I could understand, unlucky, but possible.
But the first rule of backups is that they are offline when not being actively backed up to or restored from. You should also rotate your backup media.
Our backup rotation is pretty much the simplest you can get, 4 daily sets of backup media and 4 weekly backup sets, with monthly and annual backups stored off site.
@big_D: “Security is only as good as the weakest link. If you have some idiot in front of a keyboard opening an infected website or email that is carrying a so far unseen malware there isn't a lot you can do.”
if your ‘computer’ can be compromised by ‘opening an infected website or email’ then there is something seriously wrong with computer security.
“The one thing I don't understand is how the backups got deleted.”
What backups :]
Might have had backups - but were they tested? Did staff know how to restore them?
I have asked this of a supplier recently after a malware attack, I got no reply, so I escalated it to his boss. Turns out the guy "in charge of the backups" quit a couple of years ago and nobody was assigned the tasks he had, so backups had not been working for some time and nobody knew where the restore keys were kept for older backups.
Fortunately they hadn't been hit by an attack, but if I hadn't queried it, how long would have it gone on for? Yes the staff should have figured this out themselves, but we have managers.. to manage.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
