Tag: recovered | SpinSafe

Here’s how Yonkers and Albany recovered from ransomware attacks

October 9, 2022/in Internet Security

ALBANY — Yonkers and Albany officials know the long, painstaking and costly recovery that Suffolk County is facing since it experienced a cyber-incursion in September. Each survived ransomware attacks.

The intrusions revealed warnings, mistakes and successes after hackers demanded ransom and threatened to grind the governments to a halt. And even though each city refused to pay the hackers’ ransom, the cost of recovery was steep.

In Suffolk, officials said some residents’ “personal information” was accessed in the Sept. 8 attack and urged them to closely monitor their bank accounts and credit reports. The hackers are seeking an unspecified “small reward” for identifying vulnerabilities in the system. The county didn’t have cybersecurity insurance.

Albany’s computer system was attacked at 4 a.m. on a Saturday, March 30, 2019.

“The lights [were] off, or appeared to be off,” said Rachel McEneny, the city’s commissioner of administrative services.

By 11 a.m., the attack was mostly over. Critical systems were intact, including human resources data, and there was no interruption of 911 calls or water service. The city shut down the attack before the ransomware hit the payroll and purchasing programs, but the hard and expensive work of restoring data and repairing damage had just begun, McEneny said.

Some data, such as building permits, was lost and took months to restore, McEneny added.

The attack cost Albany $300,000 for software, hardware and consultants, and the city increased its cybersecurity budget by 25%.

The lessons learned included the need to buy cybersecurity insurance and to bolster staff and resources. Managers also reminded workers to adhere to “cyber-hygiene.” That means workers need to be reminded that they can’t use their government computers or programs to check personal email, social media or to shop online.

Within a few hours of the attack, it was believed to have been stopped by blocking off programs, including police and fire dispatching, 911 emergency calls, and all the essential, daily services of local governments. Other data, such as reams of birth and death records, was lost, and officials believed the database…

Source…

How a Seattle-area school district recovered from a ransomware attack

August 16, 2022/in Internet Security

Written by Lindsay McKenzie
Aug 16, 2022 | STATESCOOP

The Northshore School District, appropriately located on the northern shore of Lake Washington, near Seattle, was the victim of a major cyberattack in 2019.

The incident made national news, headlines that Jon Wiederspan, the district’s network operations manager, said Tuesday still haunt him nearly three years on.

“We first found out about [the attack] at 5 a.m. on a Saturday and we had scheduled an update to our student information system,” Wiederspan said during an online event hosted by the K12 Security Information Exchange. “When the system analysts logged in, the student information system wasn’t there. Instead, there was a page advertising Ryuk.”

Ryuk is a prominent type of ransomware that first cropped up in 2018, quickly building a reputation for targeting government, education and health-sector entities worldwide, racking up $150 million in payments by the end of 2020. (The gang behind the Ryuk malware followed it with another ransomware known as Conti.)

“In cases like this, it’s my job to decide who needs to be woken up. In this case, it was absolutely everybody,” Wiederspan said. “It’s not fun to call your supervisor and say, ‘we think everything is down.’”

As a result of the 2019 incident, many of the Northshore School District’s Windows-based systems were rendered non-operational. Luckily, Wiederspan said, some key resources were running on Linux servers. E-mail and student file storage were also unaffected.

Though many of the tools required for instruction were still operational, Wiederspan said he and his colleagues “knew the damage behind the scenes,” like the system used for sales in school cafeterias.

“We serve 10,000 meals a day,” he said. “We were tracking them by hand for two weeks.”

It took about three weeks to repair access to critical services, including rebuilding the entire active directory domain and restoring file permissions on a server with “millions” of files, Wiederspan said. It would take another three-and-a-half months for the school district to completely recover from the…

Source…

Facebook account hacked? How this Aussie dad recovered his profile after distraction scam

January 17, 2022/in Computer Security

Kit Lucev woke up on August 1, 2020, to a strange email.

His Facebook account had been suspended.

“I assumed it was some sort of error, so I logged on, expecting that I’d get my account reinstated,” he told 7NEWS.com.au.

But it wasn’t that simple.

The 31-year-old had fallen victim to an increasingly popular distraction technique where hackers target accounts linked to a business page that has likely purchased Facebook advertising in the past using a saved payment method.

Kit Lucev, his partner and two children. Credit: Supplied

Once the account is compromised, the hacker changes the password and shares photographs they know will trigger Facebook’s community standards – such as terrorist group imagery or child pornography.

While the victim is busy attempting to regain control of their account, the hackers use their payment details to purchase Facebook ads for their own pages – often based overseas.

On the morning of August 1, 2020, Kit woke to this email. Credit: Supplied

It all became clear for Kit when he received a message from a friend, a fly-in-fly-out worker who is “up at all hours of the night”.

“What’s with all that ISIS stuff that you were posting last night? That’s not funny,” the message read.

Kit’s personal account had been linked to a business page – a page for his side business selling footy merchandise and one he had spent thousands of dollars on in Facebook ads.

Thankfully, the hacker had tried but failed to use his credit card to buy $408 in advertisements. Despite several attempts, the purchase was unable to be processed and to Kit’s knowledge, they didn’t spend a single cent.

But his problems were far from over.

An example of the type of imagery being used. Credit: Facebook

Kit appealed the suspension and Facebook said it would investigate but warned it may take time.

“I was a bit annoyed, thinking it would take two days. Then two days turned into a week, then a month, then six months,” he said.

During this time, Kit’s side business Uncle Bushchook had gone from making more than $100,000 at its peak in 2017/18 to less than $5000 last year without Facebook, and any way to connect with his 20,000 loyal followers.

“It absolutely was impacted….

Source…

Weapons, narcotic substances, mobile phones recovered from high-security Parappana Agrahara jail

July 11, 2021/in Mobile Security

Bengaluru: In a surprise raid led by senior police officials here, a large number of weapons, narcotic substances, mobile phones and SIM cards were found in the high-security Parappana Agrahara jail on the outskirts of the city.

The raid was carried out by officers of the Central Crime Branch (CCB) in the wee hours of Saturday.

“The Central Crime Branch officers conduct a raid every three months in the prison and today’s was no different. Due to the Covid-19 pandemic, the cells of the prisoners had not been checked and thus a raid was carried out today. During the raid, sharp objects cut from utensils provided to the prisoners, a couple of mobile phones and SIM cards were found in their possession. We are investigating further,” said Ranganath.

“We will investigate whether the jail staff were involved,” he added.

Source…

Tag Archive for: recovered