<div dir="ltr">I sometimes freelance for an IT company, they got hit by ransomware and took 3 weeks to recover. They are an IT company with 400 employees, a dozen of those are in administrative positions and all the rest are programmers, system admins and db admins. A library would have a harder time recovering.<div><br></div><div>They had backups, but the download times were long. We had to basically create a new network infrastructure on the side, reimage every laptop, change every single password, and connect them to the new infrastructure. Every file that wasn't on the "known clean" backup was scrapped. We worked 12-16 hours per day for a week to recreate the infrastructure and two more weeks for everyone to gradually recover their files and data.<br><div><br></div><div>So if they take a month to recover I would not be surprised.</div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Mauro<br><a href="https://www.maurosouza.com" target="_blank">https://www.maurosouza.com</a> - registered Linux User: 294521<br>Scripture is both history, and a love letter from God.</div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 8, 2023 at 4:35 PM David Collier-Brown via talk <<a href="mailto:talk@gtalug.org">talk@gtalug.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<p>An employer is constantly phishing staff, in hopes of sensitizing
people so that real attacks won't get through. Alas, all they do
is make us paranoid.</p>
<p>Humans are particularly bad at <i>reliably</i> detecting
attacks, so occasional attacks get through, after which we get
even more paranoid, and wonder if our jobs are on the line...</p>
<p>Every single phishing attack I've seem, real or self-inflicted,
laughable or brilliant, got detected by <a href="http://spamcop.net" target="_blank">spamcop.net</a>. Does the
company use a spam filer? Sure, but it's the Microsoft one, which
is useless. Any time I see something I don't recognize at work, I
paste it into spamcop.<br>
</p>
<p>So:</p>
<ol>
<li><i>Do</i> use technological means to deal with ransomware
attacks</li>
<li>Make sure it's a <i>credible</i> means</li>
</ol>
<p>By this I mean a backup service like one Lexis Nexis had: they
connected via a VPN, they were only connected when backing up, the
connection was a disk mount, and they offered <i>financial
guarantees. </i></p>
<p>That last reassured my VP: she said "they don't want to be sued
out of business, and know a legal publisher like us will be
litigious if they mess up". The only thing I didn't like was how
slow it was do do a restore (;-))<br>
</p>
<p>--dave<br>
</p>
<div>On 11/8/23 13:23, Alvin Starr via talk
wrote:<br>
</div>
<blockquote type="cite">On
2023-11-08 11:35, Karen Lewellen via talk wrote:
<br>
<blockquote type="cite">speaking personally?
<br>
It probably was.
<br>
My reasoning comes from a rather disturbing exchange I had with
an employee about the sites lack of inclusive design.
<br>
The sense I got is that those in charge took a lets build
things with lots of third party input based on what is the
latest trend.
<br>
instead of building a solid secure, progressive enhancement
based floor.
<br>
Articles I saw on the cp24 site hinted that likely some staffer
downloaded a file or opened an attachment.
<br>
if you trust your computer foundations to third parties, again
speaking personally, then you cannot swiftly put things back
together.
<br>
Just my 2 cents,
<br>
Kare
<br>
<br>
</blockquote>
In the libraries defense.
<br>
Lots of bigger and supposedly more secure organizations have been
hit by ransomware attacks.
<br>
<br>
Phishing is getting more and more sophisticated and all it takes
is a momentary lapse.
<br>
<br>
<blockquote type="cite">
<br>
<br>
On Wed, 8 Nov 2023, Warren McPherson via talk wrote:
<br>
<br>
<blockquote type="cite">What is going on with the library
website?
<br>
There was a CBC article that said there was a ransomware
attack, but it's
<br>
been down for a week and it's hard to imagine why it would
take so long to
<br>
recover unless their infrastructure was much weaker than I
would expect.
<br>
<br>
</blockquote>
---
<br>
Post to this mailing list <a href="mailto:talk@gtalug.org" target="_blank">talk@gtalug.org</a>
<br>
Unsubscribe from this mailing list
<a href="https://gtalug.org/mailman/listinfo/talk" target="_blank">https://gtalug.org/mailman/listinfo/talk</a>
<br>
</blockquote>
<br>
</blockquote>
</div>
---<br>
Post to this mailing list <a href="mailto:talk@gtalug.org" target="_blank">talk@gtalug.org</a><br>
Unsubscribe from this mailing list <a href="https://gtalug.org/mailman/listinfo/talk" rel="noreferrer" target="_blank">https://gtalug.org/mailman/listinfo/talk</a><br>
</blockquote></div>