|
It has been nothing but ruin and misery, getting worse and worse every day, since Larches left. But what are the chances they STILL don't fire the CE?
|
# ? Mar 22, 2016 22:31 |
|
|
# ? May 29, 2024 05:08 |
|
larchesdanrew posted:Bonus schadenfreude: After I left, no one was left to babysit them.
|
# ? Mar 22, 2016 22:31 |
|
MrMojok posted:It has been nothing but ruin and misery, getting worse and worse every day, since Larches left. But what are the chances they STILL don't fire the CE? I've run the numbers, and accounting for any sort of variant behavior that hasn't been reported to me since I left, I end up calculating 100% chance that he won't be fired.
|
# ? Mar 22, 2016 22:32 |
|
I didn't think CEs got tenure, but here we are.
|
# ? Mar 22, 2016 22:41 |
|
A cryptolocker came in! I've already fixed the hole it come in the mail filter* through, and I'm restoring from good backups. However, people are pissed off because: A: Nobody saves to their own folder, so it's all in the shared folders tons of people have access to. B: I only run backups on weekends because our poo poo is out of date and janky poo poo, so they lose a day and a half worth of stuff. Still, this is definitely not what I wanted to deal with right now. * It was set to block executables and scripts, but by default .js doesn't count for those. Fuckers. Also, every other case of it was being dropped before it was scanned due to a forged sender, but the user in question somehow had 'c' in the whitelist, which made the email go through. Orcs and Ostriches fucked around with this message at 22:52 on Mar 22, 2016 |
# ? Mar 22, 2016 22:46 |
|
larchesdanrew posted:Best I can figure is that every computer has a central file server net shared to them. But the stupidest loving part is that nearly every computer is also net shared to the file server for some godforsaken reason. I would assume they're just opening the same network folder on every PC and going yup they got this one too. How could one random user's PC somehow have write access to every file on every other PC?
|
# ? Mar 22, 2016 23:54 |
|
I'm crying with laughter. Being non-IT this thread has been quite the trip to read. First Dick Trauma. Then blackswordca, now larches providing the amazing details. This is why I love SA. Semi related, our IT guy caught 4 different crypto emails today, they're getting smarter. No misspellings, proper punctuation, and its from a source we've gotten proper emails from before (meaning they got hit hard if it trawled their address book and sent believable info). Only caught it cause it was a .docx attachment, which that person had never sent us before.
|
# ? Mar 22, 2016 23:58 |
|
This is the type of thing I read this thread for. It is pure gold.
|
# ? Mar 23, 2016 00:04 |
|
bucksmash posted:I'm crying with laughter. Being non-IT this thread has been quite the trip to read. First Dick Trauma. Then blackswordca, now larches providing the amazing details. This is why I love SA. Crypto ransomware is an interesting situation given the current contention over encryption. If the gov't got the back door then ransomware wouldn't be a thing... Er wait no thats stupid, the attacker would just pick an encyption method that doesn't have the back door.
|
# ? Mar 23, 2016 00:05 |
|
Why couldn't Mississippi have their primaries today instead of a few weeks ago?
|
# ? Mar 23, 2016 01:52 |
|
KoRMaK posted:At this point, I would imagine that crypto ransom infections have a payroll of mostly component people to build the emails and figure out who to target. Doesn't the government have a backdoor into almost all encryption, since the NSA had a hand in building the entropy generator everyone uses and the built in some kind of asymmetric weakness allowing them to crack it relatively easily?
|
# ? Mar 23, 2016 03:30 |
|
RFC2324 posted:Doesn't the government have a backdoor into almost all encryption, since the NSA had a hand in building the entropy generator everyone uses and the built in some kind of asymmetric weakness allowing them to crack it relatively easily? TBH that sounds like the kind of thing the "gub'ment tracking everything we do!" nutcases would come up with.
|
# ? Mar 23, 2016 03:32 |
|
Malachite_Dragon posted:TBH that sounds like the kind of thing the "gub'ment tracking everything we do!" nutcases would come up with. Looked it up, its just a flaw in RSA. https://en.wikipedia.org/wiki/Random_number_generator_attack#Possible_Backdoor_in_Elliptical_Curve_DRBG_Encryption e: and an email from the dude who actually worked on the entropy pool for linux, and quit over it being compromised: https://cryptome.org/2013/07/intel-bed-nsa.htm RFC2324 fucked around with this message at 03:38 on Mar 23, 2016 |
# ? Mar 23, 2016 03:36 |
|
Considering the Snowden leaks, that sounds like something they would do if they had the opportunity.
|
# ? Mar 23, 2016 03:47 |
|
larchesdanrew posted:The whole television station got cryptowalled. nielsm posted:Meanwhile we also had a crypto attack coming in today. Everything was quickly contained, warnings were sent to all users, and backups were restored. No significant damage, just some extra support burden on reimaging any desktops infected. The contrast here is just beautiful.
|
# ? Mar 23, 2016 03:58 |
|
I no I what This is all too beautiful for words. Karmic retribution is a wonderful thing.
|
# ? Mar 23, 2016 04:20 |
|
A good Ether-Blast ought to fry that virus and crack open the encryption!
|
# ? Mar 23, 2016 04:23 |
|
Malachite_Dragon posted:TBH that sounds like the kind of thing the "gub'ment tracking everything we do!" nutcases would come up with. You really can't call them nutcases if they were right.
|
# ? Mar 23, 2016 04:32 |
|
Hungry Computer posted:A good Ether-Blast ought to fry that virus and crack open the encryption! The possibility of being blamed for this CryptoBlast is why larches should never walk back into that place.
|
# ? Mar 23, 2016 04:33 |
|
uPen posted:You really can't call them nutcases if they were right. I can and will when they spout on about tracking chips and mind-control waves being beamed into our brains.
|
# ? Mar 23, 2016 04:34 |
|
RFC2324 posted:Looked it up, its just a flaw in RSA. There have also been rumblings in the crypto world that ECC encryption could potentially be NSA influenced, but there's no proof. The comments in this post are a decent discussion: https://www.schneier.com/blog/archives/2013/11/elliptic_curve.html E: hurf durf that's what your first link states. deimos fucked around with this message at 05:00 on Mar 23, 2016 |
# ? Mar 23, 2016 04:58 |
|
The NSA definitely did backdoor DUAL_EC_DRBG but it's only one of many PRNG's one can use. It's also not the whole of elliptic curve crypto that they backdoored, rather they used ECC to backdoor a PRNG. e: also if the US government or any other for that matter had a backdoor in the crypto used by cryptoware, do you really think they'd use that to help small businesses decrypt their poo poo?
|
# ? Mar 23, 2016 08:20 |
|
Wow, lots of people one-upping me with crypto horror stories, not in the least of which larches. I just asked the sysadmin point blank who was patient zero, but he won't say. I'm sure he/she got ridiculed by their peers though. I'm fairly sure it was marketing spankmeister posted:The NSA definitely did backdoor DUAL_EC_DRBG but it's only one of many PRNG's one can use. It's also not the whole of elliptic curve crypto that they backdoored, rather they used ECC to backdoor a PRNG. It's the default one though, I thought.
|
# ? Mar 23, 2016 08:57 |
|
Merijn posted:It's the default one though, I thought. Default for what?
|
# ? Mar 23, 2016 09:10 |
|
larchesdanrew posted:The whole television station got cryptowalled. I'm really glad that I'm not in a position where I have to deal with Crypto crap.
|
# ? Mar 23, 2016 10:13 |
|
spankmeister posted:Default for what? Somewhere in 2004, RSA made DUAL_EC_DRBG the default in BSAFE. Reuters did a story on it, though RSA denies colluding with the NSA.
|
# ? Mar 23, 2016 10:37 |
|
Cryptowall is a good measuring stick for how competent your IT dept is. If a user catches it and has significant data loss, that's a problem. If a user catches it and trashes the network shares and there are no backups, that's a very large problem. If a user catches it and the IT admin is larche's CE, break out the pencils and paper because technology has failed
|
# ? Mar 23, 2016 10:41 |
|
|
# ? Mar 23, 2016 10:45 |
|
Merijn posted:I just asked the sysadmin point blank who was patient zero, but he won't say. I'm sure he/she got ridiculed by their peers though. I'm fairly sure it was marketing
|
# ? Mar 23, 2016 11:11 |
|
"Wow the IT ticket thread sure was busy last night I wonder if I missed anything go--"larchesdanrew posted:The whole television station got cryptowalled. I would call bullsht on this but this is the kind of stuff that is just so far outside the realms of normal that you can't make it up
|
# ? Mar 23, 2016 12:24 |
|
Orcs and Ostriches posted:A cryptolocker came in! I've already fixed the hole it come in the mail filter* through, and I'm restoring from good backups. However, people are pissed off because: Please run weekend full backups and nightly incremental. My full takes 6 hours to run, my incrementals take all of 15 minutes. If your software doesn't support incremental backups please get new software it is garbage. There is no reason to be losing over 24 hours worth of work because your hardware is garbage. If you can run a full on weekends you should be able to only backup the changes without an issue nightly.
|
# ? Mar 23, 2016 14:15 |
|
So Larches, was the news program last night done by candle light with shadow puppets for fly in graphics?
|
# ? Mar 23, 2016 14:40 |
|
Kurieg posted:So Larches, was the news program last night done by candle light with shadow puppets for fly in graphics? Nah, they spent the afternoon rebuilding all their graphics from scratch. then they put them back on the infected server UPDATE FROM LAST NIGHT Driving home, the GM from the TV station called me. I explained to him what crypto is and what their options were. My suggestion was to do an emergency shut down for a day or so while CE does some serious damage control. He scoffed and said they can't afford to shut down completely. My favorite part: What's a bitcoin and how much is it? It depends on the going rate, which changes constantly, but anywhere from $300-500 per coin. If it's an older variant on the virus, there's a chance it can be decrypted. Christ on a cracker! Who the gently caress knows how to decrypt them? I do. And how much would you charge to do that? $300-500? Not even close. Fuuuuuuuuuuuuuuck. I'll call you back. Turns out, they FILLED OUT A loving POLICE REPORT AND THE CITY IT GUY IS COMING IN TO FIX THEIR COMPUTERS. Guess what he told them? Shut down for a day or so and do damage control. They're lauding his suggestion and singing his praises. CE Report CE apparently took nearly all the computers out of the newsroom without telling anyone and started the laborious process of restoring system images one at a time from a USB external drive. Reports are that he just sat in his office staring blankly at the desktop of his computer for over an hour, and then just stood up and left. Like, got in his car and drove the gently caress away. No one has heard from him since, and everything is still hosed. He didn't even clear the infection from the graphics server that they are still using. He's still blaming this entire thing on me. I find this hilarious, because I've got copies of emails warning about this very situation that I sent to both GM and CE. I've got GPO suggestions, Firewall suggestions, Upgrade procedures, PO requests, everything related to Cryptowall prevention. I believe the words used in response were "chicken little." I can't quit laughing, guys. A Frosty Witch fucked around with this message at 15:16 on Mar 23, 2016 |
# ? Mar 23, 2016 14:58 |
|
larchesdanrew posted:I can't quit laughing, guys.
|
# ? Mar 23, 2016 15:27 |
|
So glad I checked up on the thread because
|
# ? Mar 23, 2016 15:39 |
|
larchesdanrew posted:I explained to him what crypto is and what their options were. My suggestion was to do an emergency shut down for a day or so while CE does some serious damage control. He scoffed and said they can't afford to shut down completely. My favorite part: Also: How did the graphics work if the server was Crypto'd? Were they throwing up ransom notes with every story?
|
# ? Mar 23, 2016 15:39 |
|
larchesdanrew posted:And how much would you charge to do that? $300-500?
|
# ? Mar 23, 2016 15:49 |
|
Kurieg posted:Crypto'd? Were they throwing up ransom notes with every story? That would be awesome!
|
# ? Mar 23, 2016 15:51 |
|
larchesdanrew posted:CE apparently took nearly all the computers out of the newsroom without telling anyone and started the laborious process of restoring system images one at a time from a USB external drive. Reports are that he just sat in his office staring blankly at the desktop of his computer for over an hour, and then just stood up and left. Like, got in his car and drove the gently caress away. How is this real?!
|
# ? Mar 23, 2016 15:51 |
|
|
# ? May 29, 2024 05:08 |
|
larchesdanrew posted:
I may be misunderstanding, but apparently the GM is a dick too.
|
# ? Mar 23, 2016 15:54 |