Washington idle as ransomware ravages cities big and small
Source: Politico
Lawmakers have offered few ideas on how to respond to the wave of ransom-seeking cyberattacks that have struck at least 80 state and local government agencies.
By TIM STARKS
09/28/2019 06:33 AM EDT
Ransomware attacks paralyzed Baltimores computer networks for much of the spring, shutting down the systems that collect parking ticket fines and water bills. Hackers took out City Halls help line in Akron, Ohio, during a major snowstorm. In Lincoln County, N.C., sheriffs deputies had to take crime reports with pen and paper as their computers went dark.
Yet Washington has remained largely on the sidelines.
Lawmakers have offered few ideas on how to respond to the wave of ransom-seeking cyberattacks that have struck at least 80 state and local government agencies. Both the Department of Homeland Security and the FBI appear to be struggling with how to marshal resources to help victims, including basic questions of how they should respond or where they can turn for help.
Story Continued Below
We dont usually look to Washington to solve real problems we have in our daily life, said Bill Beam, the sheriff in Lincoln County. But, he said, I would welcome them with open arms to help us with a situation like this.
Ransomware generally perpetrated by foreign hackers has become a costly headache for governments, businesses and ordinary people around the world, infecting and locking up their computers until victims pay up with Bitcoin or other digital currencies. Baltimore and Lincoln County each refused to pay ransoms but expect to spend big money to recover from the mayhem $18.2 million and as much as $400,000, respectively.
Members of Congress have introduced only four pieces of legislation since January that even mention the word ransomware. None would begin to address the full scope of the attacks that experts say will become only more numerous and severe.
-snip-
Read more: https://www.politico.com/news/2019/09/28/ransomware-cities-washington-007376
at140
(6,119 posts)They ask to dial a phone number. I ignore it, reboot the computer and no problem.
Then avoid going to web sites which caused the attack.
PSPS
(14,115 posts)The ransomware they're talking about is where all of the files on your computer, except those required for it to boot up, get encrypted. This is all done in the background without your knowledge and then, one day, your screen contains a message informing you what has happened and demands a fee (via bitcoin) to get the 'key' to decrypt the files. All of your documents, pictures, etc., are unusable.
In a properly-designed system, this is relatively easy to undo. Paying the ransom may also work, although you have no recourse if it doesn't. An offsite backup, updated regularly like daily, is an excellent defense even in an improperly-designed system for things like this as well as other conditions such as hardware failure.
What you're talking about is a rogue websites that force a popup on your screen, sometimes with accompanying audio, that says your're infected and to call a number. These are usually benign and what you did to get rid of it is the way to resolve it (or just kill the browser's process.) These rogue links are circulated via spam email and especially in social media. If you do call the number, it goes to an indian call center where they offer to 'fix' it for a fee. They have a complete shtick that includes a remote support session, doing things that bring up lots of numbers on the screen, and proclaiming, "See? You're infected!!11!" They do have the ability to cause damage during one of these remote support sessions, but usually all they want is scare you into buying their unneeded "protection software."
at140
(6,119 posts)which are, how does the ransomware find my computer? Is it randomly looking for on-line computers and able to attack your computer simply by being being connected to a network?
Or, do I have to execute a certain task such as opening an email and clicking a link inside it,
or accessing a certain web site?
TIA!
The most common method of ransomware infection is through a "Remote Desktop" connection. This is not available by default and is usually associated with people who work remotely. In other words, one has to activate the feature for it to be running on a computer. There are ways to mitigate such risk but this is still the most common means of infection. They will hack in to a computer through this feature and install a program on the computer to start the encryption process, and can also encrypt the files on other computers to which the infected computer is connected and has permissions.
Another way to get infected is to open a malicious attachment in an email. It can be a Word document or any other type of file that can contain and execute a payload (Word, Excel and the like can execute code via built-in macros.) This can install the same program as would be installed via a hacked Remote Desktop described above. This means of infection is far less common than Remote Desktop, but it happens.
Another way to get a malicious program on your computer is to go to a website that pushes a file to you in a way that induces you to "open it" (actually, you're running it.) What you're running is actually the encryption program.
What you experienced is different than this. Your experience, with the phone number to call on the screen, is the same M.O. as the calls people get on their phones from "Microsoft Support" (always with a thick indian accent) claiming that they have been alerted that your computer "is infected!!!111!" All of those are just basic scams to scare you into paying them money for software you don't need or want. I've never seen any malicious payload left behind on a computer whose owner fell for one of those.
at140
(6,119 posts)I never use remote access feature, and am careful about phishing emails which are frequent.
I always look at the return address of the email, and that is a clear giveaway, always.
Speaking of remote access to computers, I have an anecdotal story for you..
6-7 years back we had a desktop running Windows Vista. It was my wife's computer and we had the original Microsoft CD's, however could not get to it "activated". Several calls to Microsoft customer support in US failed to solve the problem. Finally Microsoft US support forwarded my call to some facility in India. I was on the phone with them so knew they were Indians since I spent my first 20 years of life in India, and the next 59 years in US lol..
That crew asked permission to control my computer in remote mode, which I of course OKed,
and they took care of the problem, gave us a new product key and activated Windows for us.
SWBTATTReg
(24,011 posts)okay for the Russians to interfere and probably everyone else too that they could think of, to interfere w/ the internet platforms out there...
saidsimplesimon
(7,888 posts)demanding Congress demanding action when they return from this recess. Until then, enjoy the slow roast of this corrupt administration. That's all I have.