[GTALUG] Toronto Public Library website

Wed Nov 8 15:11:48 EST 2023

I sometimes freelance for an IT company, they got hit by ransomware and
took 3 weeks to recover. They are an IT company with 400 employees, a dozen
of those are in administrative positions and all the rest are programmers,
system admins and db admins. A library would have a harder time recovering.

They had backups, but the download times were long. We had to basically
create a new network infrastructure on the side, reimage every laptop,
change every single password, and connect them to the new infrastructure.
Every file that wasn't on the "known clean" backup was scrapped. We worked
12-16 hours per day for a week to recreate the infrastructure and two more
weeks for everyone to gradually recover their files and data.

So if they take a month to recover I would not be surprised.

Mauro
https://www.maurosouza.com - registered Linux User: 294521
Scripture is both history, and a love letter from God.

On Wed, Nov 8, 2023 at 4:35 PM David Collier-Brown via talk <talk at gtalug.org>
wrote:

> An employer is constantly phishing staff, in hopes of sensitizing people
> so that real attacks won't get through. Alas, all they do is make us
> paranoid.
>
> Humans are particularly bad at *reliably* detecting attacks, so
> occasional attacks get through, after which we get even more paranoid, and
> wonder if our jobs are on the line...
>
> Every single phishing attack I've seem, real or self-inflicted, laughable
> or brilliant, got detected by spamcop.net.  Does the company use a spam
> filer? Sure, but it's the Microsoft one, which is useless. Any time I see
> something I don't recognize at work, I paste it into spamcop.
>
> So:
>
>    1. *Do* use technological means to deal with ransomware attacks
>    2. Make sure it's a *credible* means
>
> By this I mean a backup service like one Lexis Nexis had: they connected
> via a VPN, they were only connected when backing up, the connection was a
> disk mount, and they offered *financial guarantees. *
>
> That last reassured my VP: she said "they don't want to be sued out of
> business, and know  a legal publisher like us will be litigious if they
> mess up". The only thing I didn't like was how slow it was do do a restore
> (;-))
>
> --dave
> On 11/8/23 13:23, Alvin Starr via talk wrote:
>
> On 2023-11-08 11:35, Karen Lewellen via talk wrote:
>
> speaking personally?
> It probably was.
> My reasoning comes from a rather disturbing exchange I had with an
> employee about the sites  lack of inclusive design.
> The sense I got is that those in charge took a lets  build things with
> lots of third party input based on what is the latest trend.
> instead of building a solid secure, progressive enhancement based floor.
> Articles I saw on the cp24 site hinted that likely some staffer downloaded
> a file or opened an attachment.
> if you trust your  computer foundations to third parties, again speaking
> personally, then you cannot swiftly put things back together.
> Just my 2 cents,
> Kare
>
> In the libraries defense.
> Lots of bigger and supposedly more secure organizations have been hit by
> ransomware attacks.
>
> Phishing is getting more and more sophisticated and all it takes is a
> momentary lapse.
>
>
>
> On Wed, 8 Nov 2023, Warren McPherson via talk wrote:
>
> What is going on with the library website?
> There was a CBC article that said there was a ransomware attack, but it's
> been down for a week and it's hard to imagine why it would take so long to
> recover unless their infrastructure was much weaker than I would expect.
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20231108/1035f8a5/attachment.html>