Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Crime

Georgia Department of Public Safety Hit By Ransomware Attack. (news4jax.com) 88

"A ransomware attack late last week left the Georgia Department of Public Safety and Georgia State Patrol computers offline," reports a local news station. Lt. Stephanie Stallings, GSP spokesperson, said a message popped up on an employee's computer, prompting preventative measures to shut all server networks down. The servers have been offline since [July 26th]. The Georgia State Patrol's tech division, the Georgia Tech Authority, which handles network and serves, is now checking every device in all 52 state patrol post locations across the state to see if more devices are affected.... The state said Georgia Tech Authority is downloading new protective software on all devices, which are purposely offline until further notice.

Stallings said it's still business as usual. Staff and officers are doing their jobs in the traditional way using paper that they used in the days before having laptops in patrol cars...

News4Jax found there were 184 million ransomware attacks worldwide in 2018

ZDNet reports the attack has crippled laptops installed in police cars across the state. And long-time Slashdot reader McFortner shares their own story: When I went in to get a copy of an accident report this Friday, the officer at the Henry County, GA, police department told me that at least 7 counties in the Atlanta area were hit at the same time and they had no way of knowing when their computers would be back up. They suggest to anybody needing a report to call them first to see if by any chance the system is back up and the report is finished and can be picked up.
This discussion has been archived. No new comments can be posted.

Georgia Department of Public Safety Hit By Ransomware Attack.

Comments Filter:
  • Certainly they must have backups, right?

    • Certainly they must have backups, right?

      Yes, do not fear for the ransomware . . . the ransomware has been successfully backed up.

      I remember an IRS scandal a few years back, where all the employees claimed to have suffered disk crashes which lost their email.

      The IRS then claimed that the backups had already been recycled.

      It wouldn't surprise me if that story gets recycled here.

    • by Anonymous Coward

      Do you make regular backups of the laptops in your environment? Those in the field? Even if you did how long do you think it takes to reimage all the laptops in police cars?

      It's very easy to say such things in hindsight from your lofty anonymous internet account. In the real world these things are much harder. Admins with little budget have to secure an almost infinite number of holes, the attackers need only find one.

      • by geek ( 5680 )

        You never store work documents and important data locally. Only to cloud storage or network storage. The physical box can burn and you'll just grab a new one and get back to work. If you're storing locally you are an idiot. Full stop.

        • by Anonymous Coward

          ..and when the ransomware clobbers the 'cloud' shares?

          • by mark-t ( 151149 )
            I would imagine you could avoid it if the backup shares were not even be writeable except during backup windows, and even then, only to an authorized process that knows the appropriate password for that share.
            • ... except during backup windows, and even then, only to an authorized process that knows the appropriate password for that share .

              From TFA:

              "It's a criminal attack somebody gained access and the proper access to one of their computers that had privileged network presence and they were able to put a piece of malicious software on it," Christopher Hamer, a security consultant, told News4Jax.

          • Backups aren't interactive files. Once they're written, nobody should be modifying them. So your server should be running a script which goes through all your backup folders on a schedule and changes the permissions on new backup files to read-only.

            Another way in Unix is to set a directory to write-only (deny read permission). Users can write files to the directory, but they can't read from it so can't get a listing of files in the folder. They can still change/delete the file if they can guess its n
            • Cloud shares and raid ARE NOT backups! They are rundancies. I seriously hope no one on this chain is a system administrator.

              I am not and even I know anything that is live and online is not backup as that too can be encrypted or deleted by accident.

        • you can store locally, just use a NAS box, or if your data is small enough use a usb drive/thumbdrive or microsd card
    • Wipe the Evidence (Score:2, Interesting)

      by Anonymous Coward

      They have a responsibility to maintain custody of the chain of evidence. If they wipe the computer with the evidence of your DUI, it's pretty straightforward to argue that all of their evidence is recreated and then the conviction gets very challenging. This is the responsible approach. They'll probably lose a bunch of computers, but that's a lot better than all.

    • by antdude ( 79039 )

      What's a backup? [grin] :P

    • by sjames ( 1099 )

      TFA implies but does not state that they do. Of course, they first have to wipe and re-install every computer they own so the malware doesn't just encrypt everything again. Then it will take some time to get all the data back in place from the backups.

      Then, of course they will have a lot of new data to transcribe from paper and catching up on information requests that have gone unfulfilled during the outage.

  • by Anonymous Coward

    I can't speak to this specific situation, but I can speak to the problem in general; organizations are putting social skills and political skills ahead of technical skills. It's part of the everyone deserves a trophy world that was created for the kids.

    We have people in charge, that have no idea what they are doing, and really smart people that are excluded when they should be followed.

    This will keep happening, until the world cleans up it's act and prioritizes skill again.

    • I'd argue that technical, social and political skills are possessed by all people, and that those whose dominant skills are political or social have simply out-competed people whose dominant skills are technical.

      They've largely co-opted technical skills from "technology" people. The secretary of 1990 can barely operate the copier, the "coordinator" of today can use the copier and her computer to produce a booklet in less than a day that would have taken a half-dozen people to produce 30 years ago.

      The prob

      • by Anonymous Coward

        and that those whose dominant skills are political or social have simply out-competed people whose dominant skills are technical.

        Yes - its always easier to win if you don't have to play by the established rules - you simply invent your own rules and later claim 'your superior "social" skills made you winner', while useful subordinate idiots did all the actual work.

        What are those 'social' skills you talk about anyway? Everyone knows that Trump has best 'social' skills, period. Various swindlers and conmen have excellent 'social' skills as well. Perhaps better name would be antisocial skills, describes it better.

      • Welcome to real world 101. Desktop support where all entry level IT jobs start is 75% social and customer service and 25% technical. If you can't ever master ass kissing you never get promoted up to system administrator.

        Who wins the interview? The social guy who can whoaa HR and management with awesome resumes and likeability. Not the most competent for the job.

  • ... Chief Executives of government organizations need to be held personally responsible for breaches. That'll get things moving. There's nothing quite like accountability to grease the wheels.

    • by gtall ( 79522 )

      No it won't, executives at that level just cycle around the system.

  • Rather peculiar corporations and governments hit with ransomware attacks are viewed as "victims" losing access to their shit when in fact there is no reason not to assume data was stolen via very same channel ransomware is controlled.

    Anyone hit by ransomware affecting data related to third parties needs to be sued and fined for the consequences in addition to losing all of their data. If you can't be bothered to keep backups of your shit imagine where else these jokers are fucking up.

  • Given that this ransomware thing has been going on for years now, why aren't more IT departments using copy on write filesystems?

    • by Anonymous Coward

      Given that this ransomware thing has been going on for years now, why aren't more IT departments using copy on write filesystems?

      Local governments lack the resources. And with the last round of tax cuts, subsidies to states have been cut. And this being a solid Republican controlled state, we won't see local income taxes raised.

      Although, my local taxes have doubled since last year. What little I saved from the TCJA was more than eaten up by my local tax increase.

      My standard of living keeps going down and down - for the last 20 years. And when I look at my representation from local to state to federal all the way up to POTUS, all I

  • In just 5 months Windows 7 end of support happens and there are still 35% of desktops still using it. I think this will be the beginning of a pandemic worse than wannacry, code red and slammer combined. If I was a ransomware author I would be looking forward to 2020.
    • I think you're probably onto something here, especially on the server side where there's a lot of legacy applications still running on Server 2008R2 that are more expensive than just a bunch of new Win10 desktops to migrate.

      Is there some crazy idea that Trump, in some kind of anti-big-tech rage, decides to force Microsoft to continue supporting the Win7/2008R2 platform for a few more years?

    • by Anonymous Coward

      Once again, the media reports fail to report that the ransomware affected Windows computers. Platform is the first piece of information collected in a security incident.

      Meanwhile, our organization switched to Linux based Chromebooks. If we have need of a legacy app, we fire up a ESXI hosted VM of Windows. It has been our policy to use only platform agnostic software for over a decade. I can not think of one program that I personally use that requires Windows.

      We also backup between two sites, saving the

    • Who wants to make a bet these systems still ran WindowsXP?

  • by FudRucker ( 866063 ) on Sunday August 04, 2019 @10:30AM (#59038006)
    are just inside jobs, some disgruntled employee or executive using ransomware to make it look like an outside job and is safer than just absconding and/or embezzling the money
  • by puddingebola ( 2036796 ) on Sunday August 04, 2019 @12:23PM (#59038440) Journal
    I guess nobody suggests alternatives to the Windows operating system anymore when these stories post. Used to be the case. Guess that's over now.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...