Jan 31, 2019
Craig is starting a new daily podcast called It's a Security Thing. Today's security thing discusses about the zero day virus attack on a police department in Maryland.
These and more tech tips, news, and updates visit - CraigPeterson.com
Below is a rush transcript of this segment, it might contain errors.
Airing date: 01/31/2019
Salisbury Police Department - Ransomware Attack
Craig Peterson 0:00
Everybody, you know, I'm trying to do something a little different here. Now, you know, we were all into security, many of us that are listening, and this is going to be our Thursday and Friday for the next little while.
Anyways, I kind of a security update here is what's going on in the world helping me understand a little bit more, but this is geekier. Okay, this is going to be for the geeks amongst us, because we're going to talk about actual things that have happened over the last, you know, few weeks, month, maybe bit more, as well.
So we're going to start this out today, by talking about this zero day virus that hit we got there's a lot to talk about here. We've got a, you know, tomorrow, we'll talk a little bit more. But we've got a police department down in Maryland who got nailed. And I got to tell you both of these stories. Bottom line is they had very good backups. And that's always the first step. And I've got to warn people that because you think you have a backup, it's no indication that you really do have a backup. So keep that in mind as well. All right, that I have seen it time and time again, they think they're writing to tape or it's going to disc or going remotely. We have a client that has decided that they needed a cheaper disaster recovery solution than us. And they didn't understand what DR meant. Disaster Recovery what it really means. And what it means, by the way, is that you can get your business back online very quickly. You don't have to wait weeks in order to restore from backup tapes, or from online cloud, etc. You're back online, you're back in business in as little as five minutes, depending on on how much you want to pay.
So they were getting this disaster service from us that is designed specifically to allow them to get back on within four hours. And in reality, it's more like 15 minutes. But it's a four hour guarantee, because that's what the law requires if you are a public entity, or you are a division of a public entity, in case you didn't know, okay, so they thinking that day, we're just a division of a public company, you know, they bought us, but we do our little thing, they don't really bother us, they why they had signed up with us for disaster recovery, because we had told them, here's the law, Sarbanes Oxley, here's all your requirement. Here's what you need to be doing. And so we put it in place.
So they went out and they talked to this other vendor that all
they offer is backup. Now, this is a vendor that was backing up
their AS 400, which is kind of a mini computer of days gone by.
Great little machine from IBM. And they had been backing this up,
they were supposed to be providing disaster recovery. And
everything in this company hadn't been. We were monitoring all the
networks, we were looking at everything. We were taking care of all
of the data transfers. And we went to our client and said, Hey, by
what's this link for? Because, you know, it hasn't been active now, in six to eight weeks at all? What do you mean at all? I said, Well, you know, there's been no data transferred at all. And for a while there was kind of busy just a thought I double check, because it was out of the norm. Usually, we get more interested when there is more data than usual, as opposed to less data than usual. In this case, it was less data than usual. They said, oh, yeah, well, that's our backup line. That's for our AS400 that's our main system. Well, why isn't there any traffic on it? Well, this company who was supposed to be providing them with some form of DR service and also backup hadn't been doing it their site with their their software and everything was broken and they never noticed. And the company our client never noticed. And so they were not only out of compliance with the law, but they would have been in deep trouble, even if they just had a hard disk crash, let alone their systems are brought down by someone who's malicious. Very, very big deal.
So now that have gone to these guys that failed them already. And today, can you do a cheaper backup, you know, we need disaster recovery, too. And they say, Oh, yeah, we can do cheaper, of course, they can do cheaper and that's what I want to drive home here everybody.
They can do cheaper because they're not monitoring it. They can do cheaper because they don't have multiple generations of backups, which is another problem. Because if you don't have multiple generations of backup, what happens when you get ransomware? What happens when you get nailed like this Salisbury, Maryland police department. This happened January 24th. Okay.
So you get ransomware and your backups are overwritten because they run normally right and the overwritten with what with your data encrypted by the ransomers. So you can't get your data back. All you can get back is another copy of your encrypted ransom data. That's what they signed up for. This drives me crazy people. Absolutely crazy because they're doing the wrong thing. Of course, it costs more to do what we're doing for them, of course. But we're doing everything that should be done. We check their backups, integrity weekly.We have multiple generations of their backup going back for years, which is also required by law. Now, we don't keep every backup for all those years. But we have kind of what's called a grandfather, father, son type of relationship in these backups. And if you want to know more, let me know and I can, I can help you out. But we also spin up machines. So at least every month, all of their machines get spun up in our cloud. So we know that and not only is the backup data proper, but on top of it, their machines will come online in the cloud if they have a major failure. But no, they they went with a much cheaper option that has proven to not work already. I don't get it. I just don't get it.
So Salisbury Police. Captain Richard Kaiser, told the Daily Times of Salisbury that the police department's entire internal computer network was compromised January 9, in a ransomware attack is in negotiations with the attacker who asked for an undisclosed sum quickly disintegrated. Now, that's the normal first response is let's negotiate. And, you know, I do this work with the FBI in regard program. And the FBI is advice is always don't pay ransoms. But the police department was negotiating because I knew it was going to be expensive to restore it. Everything all that does is two things it encourages them to do it again but guess what? The second thing is it encourages them to attack you again because they know you will pay a ransom okay so is that stupid or what right and police department ok, ok. It will be a $5,000 okay no problem and then who are they going to try and attack next time the police department right.
So the captain says there was a backup system and they were able to recover stuff from backups there's no evidence anything was stolen or download of course there isn't because there was ransomware and I gotta tell you to ransomware is often used as a cover for them to steal your data in police departments ability to respond to calls wasn't hampered because they still had a paper system in place and the police are working with the FBI. Interesting eh? Salisbury, Maryland. This can happen to you this happened a couple of weeks ago in Salisbury. Something to keep an eye out for, make sure you have good backups. Make sure you understand what backups are about. And you may want to sign up for my course. Next week. I got free tickets. I'm going to give away a ton of my best information. And if you want to go further, you can go further. But I am going to get you out of this rut that you're in. Do it yourself. security done the right way. That's what this is all about. http://CraigPeterson.com.
Anyways, have a great day. And you know what, it's all just a security thing. Fellow security geeks. I will be back tomorrow. Take care. Bye bye.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: