Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Eugene

(62,648 posts)
Sat Sep 28, 2019, 08:42 PM Sep 2019

Washington idle as ransomware ravages cities big and small

Source: Politico

Washington idle as ransomware ravages cities big and small

Lawmakers have offered few ideas on how to respond to the wave of ransom-seeking cyberattacks that have struck at least 80 state and local government agencies.

By TIM STARKS
09/28/2019 06:33 AM EDT

Ransomware attacks paralyzed Baltimore’s computer networks for much of the spring, shutting down the systems that collect parking ticket fines and water bills. Hackers took out City Hall’s help line in Akron, Ohio, during a major snowstorm. In Lincoln County, N.C., sheriff’s deputies had to take crime reports with pen and paper as their computers went dark.

Yet Washington has remained largely on the sidelines.

Lawmakers have offered few ideas on how to respond to the wave of ransom-seeking cyberattacks that have struck at least 80 state and local government agencies. Both the Department of Homeland Security and the FBI appear to be struggling with how to marshal resources to help victims, including basic questions of how they should respond or where they can turn for help.

Story Continued Below

“We don’t usually look to Washington to solve real problems we have in our daily life,” said Bill Beam, the sheriff in Lincoln County. But, he said, “I would welcome them with open arms to help us with a situation like this.”

Ransomware — generally perpetrated by foreign hackers — has become a costly headache for governments, businesses and ordinary people around the world, infecting and locking up their computers until victims pay up with Bitcoin or other digital currencies. Baltimore and Lincoln County each refused to pay ransoms but expect to spend big money to recover from the mayhem — $18.2 million and as much as $400,000, respectively.

Members of Congress have introduced only four pieces of legislation since January that even mention the word ransomware. None would begin to address the full scope of the attacks that experts say will become only more numerous and severe.

-snip-


Read more: https://www.politico.com/news/2019/09/28/ransomware-cities-washington-007376
7 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Washington idle as ransomware ravages cities big and small (Original Post) Eugene Sep 2019 OP
I was attacked 3 or 4 times by ransomware at140 Sep 2019 #1
That's not ransomware PSPS Sep 2019 #4
You seem knowledgeable, so can I ask you questions... at140 Sep 2019 #5
How it happens PSPS Sep 2019 #6
Thanks a bunch, bookmarking! at140 Sep 2019 #7
Of course they're doing nothing (the repugs and our so called president)...they pretty said it was.. SWBTATTReg Sep 2019 #2
Get out those pitchforks and march on Washington saidsimplesimon Sep 2019 #3

at140

(6,131 posts)
1. I was attacked 3 or 4 times by ransomware
Sat Sep 28, 2019, 08:50 PM
Sep 2019

They ask to dial a phone number. I ignore it, reboot the computer and no problem.
Then avoid going to web sites which caused the attack.

PSPS

(14,134 posts)
4. That's not ransomware
Sat Sep 28, 2019, 09:45 PM
Sep 2019

The ransomware they're talking about is where all of the files on your computer, except those required for it to boot up, get encrypted. This is all done in the background without your knowledge and then, one day, your screen contains a message informing you what has happened and demands a fee (via bitcoin) to get the 'key' to decrypt the files. All of your documents, pictures, etc., are unusable.

In a properly-designed system, this is relatively easy to undo. Paying the ransom may also work, although you have no recourse if it doesn't. An offsite backup, updated regularly like daily, is an excellent defense even in an improperly-designed system for things like this as well as other conditions such as hardware failure.

What you're talking about is a rogue websites that force a popup on your screen, sometimes with accompanying audio, that says your're infected and to call a number. These are usually benign and what you did to get rid of it is the way to resolve it (or just kill the browser's process.) These rogue links are circulated via spam email and especially in social media. If you do call the number, it goes to an indian call center where they offer to 'fix' it for a fee. They have a complete shtick that includes a remote support session, doing things that bring up lots of numbers on the screen, and proclaiming, "See? You're infected!!11!" They do have the ability to cause damage during one of these remote support sessions, but usually all they want is scare you into buying their unneeded "protection software."

at140

(6,131 posts)
5. You seem knowledgeable, so can I ask you questions...
Sat Sep 28, 2019, 09:56 PM
Sep 2019

which are, how does the ransomware find my computer? Is it randomly looking for on-line computers and able to attack your computer simply by being being connected to a network?

Or, do I have to execute a certain task such as opening an email and clicking a link inside it,
or accessing a certain web site?

TIA!

PSPS

(14,134 posts)
6. How it happens
Sat Sep 28, 2019, 11:11 PM
Sep 2019

The most common method of ransomware infection is through a "Remote Desktop" connection. This is not available by default and is usually associated with people who work remotely. In other words, one has to activate the feature for it to be running on a computer. There are ways to mitigate such risk but this is still the most common means of infection. They will hack in to a computer through this feature and install a program on the computer to start the encryption process, and can also encrypt the files on other computers to which the infected computer is connected and has permissions.

Another way to get infected is to open a malicious attachment in an email. It can be a Word document or any other type of file that can contain and execute a payload (Word, Excel and the like can execute code via built-in macros.) This can install the same program as would be installed via a hacked Remote Desktop described above. This means of infection is far less common than Remote Desktop, but it happens.

Another way to get a malicious program on your computer is to go to a website that pushes a file to you in a way that induces you to "open it" (actually, you're running it.) What you're running is actually the encryption program.

What you experienced is different than this. Your experience, with the phone number to call on the screen, is the same M.O. as the calls people get on their phones from "Microsoft Support" (always with a thick indian accent) claiming that they have been alerted that your computer "is infected!!!111!" All of those are just basic scams to scare you into paying them money for software you don't need or want. I've never seen any malicious payload left behind on a computer whose owner fell for one of those.

at140

(6,131 posts)
7. Thanks a bunch, bookmarking!
Sun Sep 29, 2019, 12:14 PM
Sep 2019

I never use remote access feature, and am careful about phishing emails which are frequent.
I always look at the return address of the email, and that is a clear giveaway, always.

Speaking of remote access to computers, I have an anecdotal story for you..
6-7 years back we had a desktop running Windows Vista. It was my wife's computer and we had the original Microsoft CD's, however could not get to it "activated". Several calls to Microsoft customer support in US failed to solve the problem. Finally Microsoft US support forwarded my call to some facility in India. I was on the phone with them so knew they were Indians since I spent my first 20 years of life in India, and the next 59 years in US lol..

That crew asked permission to control my computer in remote mode, which I of course OKed,
and they took care of the problem, gave us a new product key and activated Windows for us.

SWBTATTReg

(24,085 posts)
2. Of course they're doing nothing (the repugs and our so called president)...they pretty said it was..
Sat Sep 28, 2019, 09:25 PM
Sep 2019

okay for the Russians to interfere and probably everyone else too that they could think of, to interfere w/ the internet platforms out there...

saidsimplesimon

(7,888 posts)
3. Get out those pitchforks and march on Washington
Sat Sep 28, 2019, 09:28 PM
Sep 2019

demanding Congress demanding action when they return from this recess. Until then, enjoy the slow roast of this corrupt administration. That's all I have.

Latest Discussions»Issue Forums»National Security & Defense»Washington idle as ransom...