Oakland declares state of emergency due to ransomware attack

It&#x27;s been quite a few years since I did this kind of stuff for a living, so this may be an antiquated notion...<p>&quot;In my day,&quot; desktop computers saved their files to a server. That server would get backed up daily. The backup tapes&#x2F;drives would be stored offline and rotated to an offsite location. (Back then you were more concerned about the building burning down than a ransomware attack.) The same would be true for any apps running on servers; their data&#x2F;databases would be backed up daily and the tapes&#x2F;drives used for backup would be stored elsewhere.<p>What is this old guy missing? If a process like this were in place, nearly all of their data would be intact. Yes, it will take some time to do a full restore and you will be missing some amount of data that was created since the last backup. But it&#x27;s survivable in many cases. And you&#x27;re not negotiating with criminals.

This sort of stuff doesn’t surprise me any more. I’ve been on a number of “desktop support” sessions over the last few years and seen some shit. The common denominator seems to be entirely unpatched obsolete stuff (stock RTM windows 7 with stock IE in 2021 was my favourite) where either someone turned the updates off because they knew better or stopped paying their MSP for service immediately after they had been set up and assumed it’d just work forever.<p>People like that and the associated competence level are rolling out the red carpet.

So I work in this space and I am honestly quite surprised by the users here who think a Linux deployment would do any better. They won&#x27;t.<p>This isn&#x27;t a Windows vs Linux vs Solaris vs BSD issue, this is a &quot;did I manage and configure ACLs, RBAC, GPO, and other security features correctly&quot; issue.<p>For example, I&#x27;ve had customers have had RHEL 6.x enviromments that still got hit because they wrote a security group that allows all traffic from all ports from 0.0.0.0&#x2F;0 (aka everywhere).<p>Security issues always come down to misconfigurations and the lack of best practices in my experience. In that regard, the MS suite is actually superior to Linux because if you need a Security Solution Partner, Microsoft Professional Services is infinitely more competent than the largest Linux solution partner righ now (IBM).

<i>The emergency declaration will assist with equipment and materials and the activation of emergency workers as the city seeks to safely restore its systems.</i><p>It&#x27;s important to remember that &#x27;state of emergency&#x27; is less of a &#x27;everybody stop and listen to this&#x27; than a legal circuit breaker that allows the signing of checks and assignment of tasks without being bound by the normal web of procedure and contractual obligation. We tend to imagine (in popular culture) the executive aspects of government as being somewhat by fiat, but much of the time it&#x27;s more like incremental product development, with most of the job being workarounds, excuse-making, bullshitting, and tedious social obligations.

I don’t get why any user has the ability to cause so much damage. Sure they can lock their own files out and need to restore from backup, but how can that knock out other departments, let alone things like email.

Are there no agencies that can help out? CISA is, I guess, more of an advisory agency than operative? Or maybe there are but on federal level?

What crypto are Ransomware asking for these days? After all the Bitcoin mixers seem to be taken offline (have they?). Sorry, I&#x27;m kinda out of the loop and was wondering how these thugs were cashing their attacks.

imho we have to look at what limited set of tools and functionality we really use. The days where we didn&#x27;t know what computers were used for are long gone and the justification for doing everything in software along with it. You want to exchange strings of text with video and images. Not much more than morse code offered. Direction of dataflow can be easily enforced in hardware. The backup drive takes input that you can&#x27;t read, you break off part of the print and it becomes read only permanently. It can easily be made an insane amount of work to regain write ability.<p>A completely finished os can be stored on a read only device.<p>We just have to start from scratch :) that is all it takes :)

In the modern threat environment it&#x27;s no longer viable for small and medium enterprises to maintain their own IT infrastructure. This includes city governments. They should outsource infrastructure to one of the major cloud vendors with the scale and technical competence necessary to counter advanced persistent threats. It&#x27;s a shame that we all have to pay this &quot;tax&quot; and give more control to a few big tech companies, but that is our reality.

<a href="https:&#x2F;&#x2F;www.oaklandca.gov&#x2F;departments&#x2F;information-technology#page-leadership" rel="nofollow">https:&#x2F;&#x2F;www.oaklandca.gov&#x2F;departments&#x2F;information-technology...</a><p>Are they ever going to hold the leadership accountable for sleeping on the job ?

how many of these systems will be safe if they had linux running? just saying because the linux is a smaller target and it would be a long time till it reaches the &quot;year of linux desktop&quot;