STM says it won’t pay ransom
The STM says it won’t pay the $2.8 million demanded in the ransomware attack that took down its website. CBC says “the hackers have asked” for the cash, but who knows? Maybe someone else is asking for that money on false pretences. Grab the bitcoin, disappear, website’s still a boat anchor, wouldn’t that be a scam.
The website is still a boat anchor.
dhomas 03:15 on 2020-10-30 Permalink
You should never pay the ransom. There is no guarantee that they’ll provide you the decryption key. Plus, you’d be encouraging them to do it again, not only to you (your IT security has already proven to be pretty crap) but to others. Unfortunately, your only viable options are to restore from backups, which is time consuming. Or start over from scratch, which is even more time consuming.
You can also check if the decryption key has been made available on the following site:
https://www.nomoreransom.org/
Apparently, some people have found success with this.
dwgs 09:40 on 2020-10-30 Permalink
I’m curious, does anyone have any ballpark idea what it would cost to build a new site from scratch for an entity that large and complicated?
Kate 09:47 on 2020-10-30 Permalink
Hard to say because that system must have had a lot of legacy stuff in it that nobody would create in the same way today. The whole thing would have to be reconceived from zero. Big job.
dhomas 09:51 on 2020-10-30 Permalink
They should have backups of the site that they can restore, unless they are really bad at IT. The issue is usually coordination and limited resources. Where do you use your IT resources first? To restore the website? Or to restore, for exampl, payroll systems that were locked due to the ransomware. My “start over from scratch” comment was more for regular home users who might have to reinstall Windows to get back up and running.
PSA: remember the 3-2-1 rule of backup. 3 copies of your data, on 2 different media, with 1 copy stored off-site.
I have a friend who lost all his family photos stored on a RAIDed storage device because he thought the RAID was protection enough. (RAID is a method of storage where you have hard drive redundancy to protect against any one or even 2 hard drives might crash, you don’t lose any data).
walkerp 10:34 on 2020-10-30 Permalink
@dwgs, ultimately, it probably would be better to rebuild it from scratch. However, with real-life systems like that which have been stapled onto existing analog systems, the jobs of either rebuilding or restoring it are, as we say in the IT world, “non-trivial”.
The problem is not so much the main system, but all the sub-systems and services connected to it. Each one of these would have to be redesigned from the ground up and that work involves every level of the system, right down to people’s jobs. For all we know, the master list of buses is updated on a spreadsheet by some person at the depot. Then you get into labour issues and unions…
I have no idea what the costs would be for building from scratch, but beyond the actual money, which would not be cheap, the other major cost is in time, including potential downtime which you cannot have with a transit system. Sometimes it seems really appealing to rebuild a system from scratch, but when you start weighing the pros and cons, just continually patching and adding on starts to seem the more realistic and sensible route.
Sometimes it really does take a crisis to move these large systems to change. Look at the federal government bureaucracy and many companies so adamantly resistant to anybody working from home for all kinds of reasons that suddenly have no value when a pandemic hits and they are able to switch to an entirely new way of working in a month. Maybe this is an opportunity for the STM…
Michael Black 10:56 on 2020-10-30 Permalink
Now there’s a story that the Jewish General has similarly been attacked. But no ransom de!anded yet (or at least announced).
dwgs 11:03 on 2020-10-30 Permalink
Thank you for the excellent response walkerp.
And Michael, my wife works in the Ministere de la Sante (indirectly) and she says that a lot of things are under attack.
John B 12:29 on 2020-10-30 Permalink
Building on Michael Black’s comment, there has been some noise on security blogs about potential attacks being prepped on healthcare infrastructure. The Jewish could be part of that.
JP 15:45 on 2020-10-30 Permalink
It shouldn’t surprise me, but it’s perverse that anyone gets satisfaction out of trying dismantle our healthcare system in this way.
MarcG 15:55 on 2020-10-30 Permalink
If the STM has backups they’re probably scrambling to figure out how the system was breached and plug the hole before restoring them. No sense in putting things back together if they can just pull them down again.