- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Coaching Changes
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: LA State Computers Hacked (Confirmed)
Posted on 11/19/19 at 8:40 am to KamaCausey_LSU
Posted on 11/19/19 at 8:40 am to KamaCausey_LSU
That matches what I heard about other agencies.
People are basically being told to show up and pray it works but are otherwise being told nothing and really can’t do much.
People are basically being told to show up and pray it works but are otherwise being told nothing and really can’t do much.
1
Posted on 11/19/19 at 8:48 am to teke184
We were told about an hour ago that things were up and running and good to go. 30 minutes later several people came scrambling through our office asking everyone to shut everything down again.
Posted on 11/19/19 at 8:55 am to ForeverLSU02
It’s persistent? This is my fricking shocked face.
Not an IT security expert but I would think you would want the system offline for a day or two cleansing as much as possible then slowly start adding users back to see if problems emerge.
Sounds like they put everyone right back on and took them right back off, meaning they are back at square one.
Not an IT security expert but I would think you would want the system offline for a day or two cleansing as much as possible then slowly start adding users back to see if problems emerge.
Sounds like they put everyone right back on and took them right back off, meaning they are back at square one.
Posted on 11/19/19 at 9:34 am to teke184
quote:
It’s persistent? This is my fricking shocked face.
Not an IT security expert but I would think you would want the system offline for a day or two cleansing as much as possible then slowly start adding users back to see if problems emerge.
Sounds like they put everyone right back on and took them right back off, meaning they are back at square one.
The proper response is to assume everything is infiltrated and rebuild, but that's very expensive and time consuming. Although, I suspect it's potentially more expensive to NOT rebuild.
This post was edited on 11/19/19 at 9:36 am
Posted on 11/19/19 at 10:44 am to FieldEngineer
Find out the entry point. Likely email. Search your email trace to identify everyone who received said email. Remove mail from inboxes. Slap user upside the head for opening malicious attachment. Also slap the email filter vendor for allowing attachment to make it through.
Identify systems that executed the malware and remove them/isolate them.
Pray you have good backups and begin restoring backups. Takes a little time but that is your best option. Otherwise, pay the ransom and hope you get all your shite back.
Identify systems that executed the malware and remove them/isolate them.
Pray you have good backups and begin restoring backups. Takes a little time but that is your best option. Otherwise, pay the ransom and hope you get all your shite back.
Posted on 11/19/19 at 10:47 am to PureMetairie
They supposedly traced this back to a VPN portal into the LA systems used by a contractor.
Posted on 11/19/19 at 11:02 am to teke184
Still a lot of questions the state has to answer on how long a bad actor had access. The fact that the systems were compromised as a whole completely nullifies the " you can't just the gap" fallacy.
The application that counts the votes on the state's system was compromised.
The application that counts the votes on the state's system was compromised.
Posted on 11/19/19 at 11:07 am to LSUWoodworker
There will be heads rolling for this. 2nd time? I mean really, WTF.
Posted on 11/19/19 at 11:37 am to Tempratt
quote:
There will be heads rolling for this. 2nd time? I mean really, WTF.
It's actually quite common.
You restore a backup, send some GPO updates or other scripted commands to clients addressing the vulnerability. Some clients do not receive them and blammo, you get a newly infected machine.
The scale of things really complicates your restoration efforts.
This post was edited on 11/19/19 at 11:38 am
Posted on 11/19/19 at 11:37 am to LSUWoodworker
Russians.
Posted on 11/19/19 at 11:44 am to Hunter_H_Helmsley
I assume eparish and latap is all involved in this since they have been jacked up the past few days.
Just in time for sales tax deadline.
Just in time for sales tax deadline.
Posted on 11/19/19 at 11:55 am to Tempratt
Honestly, i think ransomware attack is unlike most I've read about or heard from experienced IT consultants. JBE claims they didn't pay a ransom, and then we hear rumors that we moved to a new platform to back our state domain services. And all the website domains for the state are back online. But no one can work still? Doesn't compute.
Second, that's a pretty big decision that is never made fast by any financial organization in the country. Mainly because a quick decision like that loses a lot of data. And to equate data to money, we just closed out an entire account but we lost history instead of money. So why in the hell is the state making such a risk decision with alot of syslog activity that its so willing to lose so fast.
That's not allowed in any regulated industry. Another convenient happening for those involved.
I think it's just a cover to buy more time while they wrap up whatever they destroyed at his house yesterday(probably the actual election results). Especially that he is rumored to retire soon. this is the only valid coincidence presented thus far. Still incredibly convenient.
Reason i think this is because this reeks of buying time to destroy physical backups(only possible last records of data collected on Saturday. Since the voting machines basically just collect tallies, we just move the hard drive of each machine to the central system for counting most likely. This is why the gap fallacy does not matter, voting machine is just a medium and we put the results in an infected system. Explain that state IT.
The above paragraph should be asked of every person involved. They can't prove that the systems were infected during the collection. Therefore how can they assure the election is accurate.
And if they lose all the data, the public should not accept that bullshite excuse.
We also run an outdated system and if its alleged that the cloud backups are corrupted then they have to destroy whats backed up constantly throughout the day(hence why fire specifically is so goddamn suspicious). If he reports that any hard drive was damaged then the man should be under arrest until questioned what was on them. He needs to confirm what was on there. He collected a large enough check from the state long enough that his arse could answer those questions.
Call me wild, call me a nerd, call me Al(RT, what FU)
But I'll give layman's examples all day if the people ask the questions.
Second, that's a pretty big decision that is never made fast by any financial organization in the country. Mainly because a quick decision like that loses a lot of data. And to equate data to money, we just closed out an entire account but we lost history instead of money. So why in the hell is the state making such a risk decision with alot of syslog activity that its so willing to lose so fast.
That's not allowed in any regulated industry. Another convenient happening for those involved.
I think it's just a cover to buy more time while they wrap up whatever they destroyed at his house yesterday(probably the actual election results). Especially that he is rumored to retire soon. this is the only valid coincidence presented thus far. Still incredibly convenient.
Reason i think this is because this reeks of buying time to destroy physical backups(only possible last records of data collected on Saturday. Since the voting machines basically just collect tallies, we just move the hard drive of each machine to the central system for counting most likely. This is why the gap fallacy does not matter, voting machine is just a medium and we put the results in an infected system. Explain that state IT.
The above paragraph should be asked of every person involved. They can't prove that the systems were infected during the collection. Therefore how can they assure the election is accurate.
And if they lose all the data, the public should not accept that bullshite excuse.
We also run an outdated system and if its alleged that the cloud backups are corrupted then they have to destroy whats backed up constantly throughout the day(hence why fire specifically is so goddamn suspicious). If he reports that any hard drive was damaged then the man should be under arrest until questioned what was on them. He needs to confirm what was on there. He collected a large enough check from the state long enough that his arse could answer those questions.
Call me wild, call me a nerd, call me Al(RT, what FU)
But I'll give layman's examples all day if the people ask the questions.
This post was edited on 11/19/19 at 11:58 am
Posted on 11/19/19 at 12:00 pm to Hunter_H_Helmsley
quote:
Call me wild, call me a nerd, call me Al(RT, what FU)
You’re an idiot
Posted on 11/19/19 at 12:05 pm to LSUWoodworker
Does the Louisiana State IT Department not practice disaster recovery or a “Red Button scenario“?
That’s some real poor planning if not.
Congrats on being a use case for IT Departments around the country.
That’s some real poor planning if not.
Congrats on being a use case for IT Departments around the country.
Posted on 11/19/19 at 12:16 pm to MrLSU
I heard that the Ortho clinic in Monroe has been hit with ransom ware in the past.
Posted on 11/19/19 at 12:20 pm to BallsEleven
quote:
Just in time for sales tax deadline
you do know that state purchases are tax exempt?
Posted on 11/19/19 at 1:52 pm to Hunter_H_Helmsley
quote:You do realize that he is the CIO for the Division of Admin under the Governor and has absolutely nothing to do with the SOS?
I think it's just a cover to buy more time while they wrap up whatever they destroyed at his house yesterday(probably the actual election results). Especially that he is rumored to retire soon. this is the only valid coincidence presented thus far. Still incredibly convenient.
Posted on 11/19/19 at 1:55 pm to BruslyTiger
quote:
You do realize that he is the CIO for the Division of Admin under the Governor and has absolutely nothing to do with the SOS?
Shhhh....
he's having his moment.
Posted on 11/19/19 at 2:04 pm to teke184
quote:
They supposedly traced this back to a VPN portal into the LA systems used by a contractor.
I’m not hearing that at all. In fact most of what’s being posted on this board is questionable. They’re deleting the virus off PCs and are restoring anything that was encrypted. It just takes time.
Posted on 11/19/19 at 2:15 pm to BeepNode
I heard that in my department there are 2,300 infected computers and they can’t restore access to the server until those are reimaged.
Page 6 of 9
Popular
Back to top
Follow TigerDroppings for LSU Football News