Big report in the news here today, one of our largest regional hospitals (DCH Medical in Tuscaloosa AL) had to cease operations today due to being compromised with Ransomware.
https://www.al.com/news/2019/10/dch-health-system-closed-to-all-but-most-critical-new-patients-due-to-ransomware-attack.html Man, I wouldn't want to be their CTO. Question, how would you respond to something like this? Hope you have backups! And sure, I've dealt with this at least once in my computer consulting business. Client got hit and everything from the offending desktop to the network attached storage got encrypted. Took 18 hours or so to back everything up (incase they ever broke the encryption) and restore about 6 tb of data. Fun times. (not) If you see this has happened or you are responding and you have over 100 computers / devices on the network do you look for large bursts of network traffic? Isolate and shut down segments until you find the offending switch the device is on? I read some comments on a facebook group "IT Stories and Nightmares" or something like that - - that they've responded to similar situations and as soon as you clear a computer it gets reinfected because the ransomware is still on the network. That must suck.... The case I saw got everything that was network connected - - that had a share. If something wasn't shared it was OK. The computer got infected and the network attached storage got infected but the individual pcs did not (cause they were not shared on the network) I guess it has gotten worse now since that happened (i think that was back in March) How do you actively try to prevent against this moving forward? I can see a case for totally using vlans to isolate entire departments. Lets say you're a bank. Create a vlan for the tellers, for the administrators, for the loan officers, for the loan department. None of them talk to one another. Use a router on each segment of the network and none of them talk to each other. They only access what they need and nothing more. The days of the "large network share drive" are done with. Lets say you're a private school. Maybe the high school is on one vlan. The middle school is on another. The dorms are on another. The computer labs are on another. The public wifi is on yet another. None of them talk to one another. If one gets infected it doesn't get outside of the vlan? Interested in thoughts on this.
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
