Breaking: Ongoing Ransomware Cyber Attack

There is an ongoing cyber attack, specifically a ransomware attack, ongoing across Europe, the US, and Asia.

The BBC reports:

A massive ransomware campaign appears to have infected a number of organisations around the world.

Computers in thousands of locations have apparently been locked by a program that demands $300 (£230) in Bitcoin.

There have been reports of infections in as many as 74 countries, including the UK, US, China, Russia, Spain, Italy and Taiwan.

Many security researchers are linking the incidents together.

The UK’s National Health Service (NHS) was also hit by a ransomware outbreak on the same day and screenshots of the WannaCry program were shared by NHS staff.

One cyber-security researcher tweeted that he had detected many thousands of cases of the ransomware – known as WannaCry and variants of that name – around the world.

“This is huge,” said Jakub Kroustek at Avast.

Another, at cyber-security firm Kaspersky, said that the ransomware had been spotted cropping up in 74 countries and that the number was still growing.

Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the US National Security Agency (NSA).

A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.

 

168 replies
  1. Major Major Major Major says:

    Yikes.

    Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the US National Security Agency (NSA).

    Are these the ones who are probably Russia or definitely Russia?

    A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.

    Run your goddamned security updates, people!

  2. MaryL says:

    A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.

    *head-desk*

  3. Gin & Tonic says:

    @Major Major Major Major: Indeed. Patch your systems. As Taylor Swift says on Twitter:

    There’s nothing mysterious or special about ransomware. There’s nothing mysterious or special about today. All this has happened before.

  4. hovercraft says:

    @Gin & Tonic:

    There’s nothing mysterious or special about ransomware. There’s nothing mysterious or special about today. All this has happened before.

    When we are reduced to having to heed the words of sages like Taylor Swift, you know that the end is nigh.

  5. clay says:

    @hovercraft: I don’t think it’s THAT Taylor Swift. Or maybe you knew that.

    Anyway, this:

    Computers in thousands of locations have apparently been locked by a program that demands $300 (£230) in Bitcoin

    makes me think of the recent Neal Stephenson novel Reamde. There were Russians involved in that one, as well.

  6. Chris says:

    @NotMax:

    A cyber weapon believed to have escaped the control of the top-secret National Security Agency appears to be behind a massive wave Friday of global cyber ransom attacks, researchers said.

    “Government creates something dangerous and it breaks loose and wreaks havoc on the population” movie comes to life…

  7. clay says:

    @NotMax:

    Hackers use leaked NSA bug in massive global cyber attack

    Is it too much to hope for that Wikileaks servers would be hit by this? ‘twould be enjoyably ironic.

  8. Adam L Silverman says:

    @Major Major Major Major: One working theory is that they are a Russian front:
    https://arstechnica.com/security/2017/01/nsa-leaking-shadow-brokers-lob-molotov-cocktail-before-exiting-world-stage/

    “This farewell message is kind of a burn-it-to-the-ground moment,” Jake Williams, a malware expert and founder of Rendition Infosec, told Ars. “Russian ties make sense given the inauguration [of Donald Trump] happens in a short time [from now]. If that narrative is correct and Shadow Brokers is Russian, they wouldn’t be able to release those tools after Trump takes office. If you roll with that narrative, [the burn-it-to-the-ground theory] certainly works.”

    https://www.theverge.com/2016/8/17/12519804/shadow-brokers-russia-nsa-hack-equation-group

    There are only a few groups capable of pulling off that scale of attack — and given the timing and method of the dump, all eyes (including Snowden’s) have turned to Russia as the most likely culprit. That attribution is far less certain and there’s far less evidence to base it on. We still don’t know when or how the Equation Group infrastructure was compromised, making traditional attribution all but impossible. Still, many foreign policy analysts see Russia as by far the most likely culprit, with James A. Lewis of the Center for Strategic and International Studies describing the dump as “probably some Russian mind game” in a New York Times article this morning.

  9. Highway Rob says:

    @Adam L Silverman: I decide to jump out of lurkerville and post this, but then I find out my window closed seven minutes ago. Can’t sleep on y’all at all, can I?

  10. Gravenstone says:

    @Adam L Silverman: Sure, why not? While the US puppet is self destructing in full public view, why not monkey wrench some of the locals to soften them up? Such a world we live in.

  11. Ric Drywall says:

    Is Balloon Juice safe?

    Still waiting for a decent answer. I have all of my important personal data – social security #, credit cards, passwords – posted in the BJ comment section of the most recent Open Thread. Need to know if it’s safe there.

  12. raven says:

    @Roger Moore: We had a situation once where one of our schools lost their course management system and the tape backup failed. We had a swat team of abut 20 people go there and work with individual faculty members to rebuild their courses. Some had all their data backup and some didn’t.

  13. Kay says:

    Adam, it’s so nice that you post here right now. You’re always so calm and…normal.

    You should run for President. Don’t even run. Just quietly assume the duties :)

  14. 🌷 Martin says:

    @Adam L Silverman: I think it’s a strong theory. When the US threatened to retaliate against the DNC hack, it was this group that warned that they would take action if the US did that. I know there’s certain loyalties within the hacker community that cross national bounds, but that stood out regardless.

  15. rikyrah says:

    Trump Won’t Win Fight With the Intelligence Community
    by Martin Longman May 12, 2017 2:57 PM

    A lot will be written about the following tweet, possibly for decades or even centuries. We won’t know the full implications for a while, yet, and it could be that it doesn’t amount to much in the bigger picture.

    James Comey better hope that there are no “tapes” of our conversations before he starts leaking to the press!

    — Donald J. Trump (@realDonaldTrump) May 12, 2017

    Still, we can for now set aside all the legal implications, like whether there really are recording devices and if they’re subject to subpoena or preservation requirements, or what it might mean to threaten the former FBI director, etc.

    Just think about what the tweet says about the terms on which the President and Comey parted ways. There’s the way Comey was fired, while in Los Angeles talking to recruits. There’s the fact that Trump didn’t give him the courtesy of a call. There’s the fact that Trump followed up by calling Comey a grandstander and otherwise impugning his character and reputation. There’s the fact that Comey was fired shortly after making it clear that the investigation of Trump was ongoing and in need of more resources.

    And, finally, there’s the fact that Trump claimed that Comey wasn’t investigating him at all and had even assured him of this on three separate occasions. This claim is now what Trump is trying to defend by suggesting he has tapes to prove it. Maybe he does have tapes, but more likely he does not. He probably is desperate to avoid having Comey testify that he is lying.

    But Comey has no choice but to testify to that. To assume otherwise is to assume that Trump is telling the truth, and if that were the case it would be for the first time in this whole saga.

    Trump thinks the so-called Deep State is out to get him but the Deep State tried to warn him that Michael Flynn was in the pay of the Russians and he didn’t care or listen. He’s made war on them over and over again, from dismissing their assessments of Russia’s role in the elections, to disrespecting their dead at CIA headquarters, to now threatening James Comey. Only a fool goes after the intelligence community like this, especially when they’re not at fault.

    This is an epic miscalculation by the president, because he’s in the wrong and virtually no one has his back. The few people who are half-heartedly defending him today will be gone tomorrow, but the intelligence community isn’t going anywhere.

  16. kindness says:

    What happened to my post?

    I can understand if it was removed in a fit of anger. I just said how happy I am with my Apple computers at home.

  17. Alain the site fixer says:

    @Baud: Yes it is safe. But I’ve seen some questionable ads thrown at me on other sites, normal mainstream sites. I always run security software on my desktop and laptops and use iOS for phone and tablet so no malware worries there really.

    Always do the security updates, quickly. This is something that’s now being measured – once news of a patch being released by Microsoft, there’s a huge uptick in attempts to use that technique before everyone is patched.

    In this case, hospitals and other organizations that use lots of custom and exotic tech don’t update their systems as things have to be tested, approved, planned, then rolled out and that takes time. And they are institutional and have lots of money.

    So make sure all of your small business computers are updated and protected people – these days when a computer running Windows is your small business cash register and accounting machine, ransomware can be crippling to even you, and expensive to pay off.

  18. 🌷 Martin says:

    @HeleninEire: These guys are likely to win on both sides – they’ll get whatever ransom comes their way and their existing investment in bitcoin is likely to spike with that kind of demand to buy Bitcoin hitting the market. Very Goldfinger of them.

  19. Alain the site fixer says:

    @dmsilev: it’s because they don’t update their pirated installs of Windows and so they’re wide open for a) NSA hackers and now that their code has been released to the wild, b) any bad guy who wants to hold some computers for ransom which is low-risk and en vogue.

  20. D58826 says:

    MSNBC was going down the list of possible FBI directors. All conservative republicans. They may or may not like Trump but the GOP has shown that when the crunch comes it is party over country so I would have serious doubts as to the independence of these folks,

  21. Alain the site fixer says:

    @clay: it’s amazing – they now have clear, helpful instructions on what bitcoin is, how to securely buy some, and how to pay them off. Some even have – I shit you not – live tech support to walk you through the process of paying the ransom! What a world we live in….

  22. Woodrowfan says:

    @🌷 Martin: @HeleninEire: These guys are likely to win on both sides – they’ll get whatever ransom comes their way and their existing investment in bitcoin is likely to spike with that kind of demand to buy Bitcoin hitting the market. Very Goldfinger of them.

    Do you expect me to update?
    Why no Mr. Bond, I expect you to die!

  23. Alain the site fixer says:

    @Elizabelle: I listen to BBC World Service many hours a day, and it’s hit England and Spain and Portugal and China and Germany and Russia. Again, a lot of those places are known to have lots of pirated and thus un-updated software. When I first heard about it, my first thought was North Korea or their agents spreading a little pain around to potential supporters of US, Japan, and South Korea. Not to mention, to raise a nice boatload of change to support some further nastiness.

  24. 🌷 Martin says:

    @Alain the site fixer:

    In this case, hospitals and other organizations that use lots of custom and exotic tech don’t update their systems as things have to be tested, approved, planned, then rolled out and that takes time. And they are institutional and have lots of money.

    This is a structural problem within the industry. The software dependencies for end-user systems is unnecessary now and should have been designed out of systems years ago. Moving those dependencies up into secure hosted systems allows for layered security and eliminates the dependency problem.

  25. Roger Moore says:

    @raven:
    I’ve lost hard drives at work. The most painful case involved a computer with RAID where our helpful IT department disabled the monitoring software so we weren’t notified when the first drive failed. I’m sure you can work the rest out for yourself.

    Since the first time I lost a disk at work, I’ve become very careful about protecting my personal data. My current system involves two USB backup drives. I back up onto one of them, then bring it to work and keep it in a locked drawer in my office. The disk that was in my office comes home to receive the next backup. That way I’m protected against hardware failure, ransomware, and even a disaster that destroys my home. I have additional backups of some very important data, e.g. taxes. Naturally, all my backups are encrypted to reduce the danger if they’re lost or stolen.

  26. Major Major Major Major says:

    @🌷 Martin: you really think they’re going to dump all their newfound lucre while the market is temporarily high? It would be kind of obvious, and bitcoin is… not actually particularly anonymous.

    ETA: during conversion into currency.

  27. NoraLenderbee says:

    I work for a cyber security company. Some of our products have already detected and blocked WannaCry.

  28. Brachiator says:

    @Alain the site fixer:

    When I first heard about it, my first thought was North Korea or their agents spreading a little pain around to potential supporters of US, Japan, and South Korea. Not to mention, to raise a nice boatload of change to support some further nastiness.

    Or maybe somebody is raising cash to buy their mom a really nice Mother’s Day present.

  29. TenguPhule says:

    @Alain the site fixer:

    Some even have – I shit you not – live tech support to walk you through the process of paying the ransom!

    Would it not be simpler to track them down and exact revenge?

  30. Alain the site fixer says:

    @Alain the site fixer: and by questionable ads, I mean they triggered my security software, but not before I saw what I’m pretty sure was a ransomware screen coming on; I pushed in the power button until the pc turned off, then unplugged the internet cable, turned it back on and did a full av scan of all drives, home network pcs, etc. to make sure nothing spread before it took over my pc. This has happened twice and I won’t name the sites – most of us here read them daily – but it wasn’t the fault of the site, it was Google Ads serving up an infected version of an ad to 1/100,000 viewers of that ad (in other words, they don’t infect the entire ad run, just 1/x of the ads that are served are carrying a bad payload).

    I don’t block all ads, but I run security software and keep it current, and, to be honest, I do more and more of my surfing on my iPad and have no worries at all. I think that for many things, a good iOS tablet is the best solution for most users for secure web surfing. I advise folks to do banking and other important stuff on their iPads over their PCs because they don’t get infected or trojaned or ransomed. And as long as you are using a WiFi connection you know and trust, you’re good-to-go.

  31. Alain the site fixer says:

    @NoraLenderbee: please drop me a line using the Quick Links form; I’ve got some offline questions for you that I’d prefer to ask in private, if that’s ok.

  32. Corner Stone says:

    @🌷 Martin:

    Someone needs to write a Bond film in the age of Donald Trump and DDOS attacks launched from hacked vibrators.

    “Oh God! Oh God! Oh–”
    Dunnah dun ah, dunnah nyah!
    Doodle uh do to da nah doodle uh do to dooo nuh doodle, nyah uh!

  33. Alain the site fixer says:

    @TenguPhule: @clay: Yeah, so some of the gangs found that their targets had never heard of Bitcoin, etc., so they first developed and then refined instructions, and when they got to a big-enough scale, offered free on-demand step-by-step help. Truly an example of smart people being crooks, and refining their technique as they saw that their mechanism was too complicated for many potential victims. The problem with ransomware is that when the timer runs out, your files are permanently scrambled. There is no bad guy holding a secret code – once the time limit passes, that secret key is automatically reset to something random that is never told to anyone and your hard drive is effectively wiped; there’s nothing you can do but format and start from a recent backup.

  34. Mary G says:

    Dumb question: I let Microsoft do automatic updates and I have a subscription to Malwarebytes that occasionally tells me it blocked something or other. Is that enough? I have backup on a portable hard drive, plus cloud storage of nonsensitive files.

  35. JanieM says:

    @Roger Moore: I keep five backups in various stages of recentness, one in my safe deposit box. But I don’t have them encrypted. What would you suggest using to encrypt them?

  36. Brachiator says:

    @Alain the site fixer:

    I don’t block all ads, but I run security software and keep it current, and, to be honest, I do more and more of my surfing on my iPad and have no worries at all. I think that for many things, a good iOS tablet is the best solution for most users for secure web surfing.

    Can the same be said about Android tablets?

  37. hovercraft says:

    Via Steve Benen:

    * Donald Trump told NBC News that if the election were today, he’d “win by a lot more than I did on November 8th.” A national Quinnipiac poll released this week showed the president with a 36% approval rating.

    * This week, Dan Scavino, the White House director of social media, noted that it’d been six months since Trump’s election victory, and he marked the occasion by “tweeting a screen grab of the late-night phone call” when Hillary Clinton conceded the race. Scavino also said he intended to release video of the conversation.

    He’s so fucking delusional and his “best” people are almost as classy as him.

  38. NotMax says:

    @raven

    Friend here who runs a computer repair company ran into a bear of a problem only recently.

    Big company’s computer system was infected. They studiously made a back-up as a matter of course. However, Murphy’s Law was particularly active as it turned out the back-up itself had glorked during the process and important parts of it necessary for the data to be recognized.were unreadable.

    Yes, he eventually sorted it out and solved the disaster but it took an extensive forensic job to do so.

  39. Alain the site fixer says:

    @Mary G: Windows 10? You’re reasonably ok. There are many who feel safe enough with that pair, but I prefer spending $25/year buying a digital subscription to security software from Amazon. I won’t recommend a brand, but you can buy a 1-year, for up to 5-machines, anti-virus/security software from Amazon and download it. I just remember to buy a new subscription from Amazon next year as the AV companies try to renew you at a much higher price!

    Don’t forget folks – when shopping at Amazon, please use the link on this site to initiate your purchase. It gives the site some revenue and doesn’t affect your price or charitable donation.

  40. clay says:

    @hovercraft: Eventually, even his own supporters are going to stop caring about him beating Hillary, and they’re going to start wondering what he’s going to do for them.

  41. Gin & Tonic says:

    @NotMax: That’s the root of the old saying “good backup is cheap; it’s lousy backup that’s expensive.”

  42. NotMax says:

    For those on the less tech savvy side of the spectrum (heck, for anyone, really) there’s Acronis, which is a quite reputable concern, to make a snapshot back-up.

  43. Alain the site fixer says:

    @Brachiator: nah. Android is much more open, and has so many different flavors and hardware and modifications that I can’t say that. I can say that there are certain Android tablets that are much better for security, but I don’t follow the Android market so I can’t say which ones. Truthfully, one of the core reasons I stayed with iOS (I had the original iPhone as my first Apple product) was the App Store. Not the concept, but the idea that they screen things to somewhat specific standards. I like the walled garden, it protects my fruit trees, as it were!

    I was one who, pre-App Store, jailbroke my phone with each new update, and ran all kinds of apps that did cool things that people made. One even got around some Apple issue by running a webserver on the bloody phone to pass messages to something-or-other. It was crazy – and a hacker/bad guy’s wet dream. So I was and continue to be very impressed with what Apple does in the iOS security and standards department.

  44. MattF says:

    We know: 1) Do all your system updates as soon as possible. 2) Have cold backups of everything. I guess we’ll soon find out who hasn’t done it.

  45. 🌷 Martin says:

    @Brachiator: Unfortunately, no. Android is at least as porous if not more so than Windows.

    iOS is so secure because of that feature that annoys many folks of every bit of executable code having to go through Apple’s store and review process, or be signed by a developer that you approve to deploy locally. You can’t sideload arbitrary apps, you can’t have alternative stores. That doesn’t mean its impossible to hack iOS, but it’s a shit-ton harder.

    Google and Windows and MacOS are all ‘friendly’ by being more open, making it easier for your employer to deploy their custom software, and so on, but that’s where almost every exploit can find their way in. An equally good alternative however is a Chromebook. Everything in the browser similarly limits the potential to do harm. It really is a good option for schools where IT budgets are usually catastrophically bad.

  46. GregMulka says:

    @clay: While the people who execute these attacks should probably be roasted over a low flame, I’ve yet to see a crypto infection that wasn’t preventable by being slightly better than an idiot.

    Most come in through infected links in email to random google docs, or allowing vb scripts to run from Word, or a PDF with a giant link that says CLICK HERE TO ENABLE SCRIPTS. This one could have been dealt with by installing a security patch that’s been out for two months.

    Some massive IT infrastructures with a lot of legacy systems, like NHS, have some excuses for not installing the patches in a timely manner. Except for the part where it’s been available for two months. 1 in the testing environment and another before you roll out.

    edited to add the word by.

  47. Alain the site fixer says:

    @NotMax: I’ve had to do a few forensic tasks over the years like that. Painful!
    From time to time, I find someone who has old floppies, hard drives, tape drives, etc. and wants them put onto modern storage or formats, so I drag out my old 1990-era DOS PC. Which still works like a charm, let me tell you.

  48. Brachiator says:

    @Major Major Major Major:

    do we have any evidence that North Korea even owns a copy of the version of Windows this is targeting?

    It’s funny. You’d think that a paranoid dictatorship like North Korea might be super-backwards. Running Windows 95, at best. But they go through a lot of back channels to get the equipment they need, a lot of it state of the art, so who knows. I was listening to a BBC podcast about how they got nuclear tech. The reporter mentioned in passing about how satellites show North Korean cities in the dark. This is not directly because of technological backwardness, but because they shovel all available resources to military development and to their elites. I hadn’t considered this before.

    Anyway, a tangential response.

    One thing in the reporting of this malware caught my eye.

    There were a number of reports that Russia had seen more infections than any other single country.

    A bit of a cyber payback, perhaps?

  49. mai naem mobile says:

    Has greennotGreen checked in today? I was wondering how things were going. Too many threads to wade through from this morning to check.

  50. Matt McIrvin says:

    @hovercraft:

    * Donald Trump told NBC News that if the election were today, he’d “win by a lot more than I did on November 8th.” A national Quinnipiac poll released this week showed the president with a 36% approval rating.

    He could actually be right. Quinnipiac is usually a Democratic-leaning outlier; obviously there are no job approval ratings until someone has taken office, but his average personal approval numbers are around 44% now, better than they were on Nov. 8 (about 40%), probably just because he won the election and became President.

  51. Major Major Major Major says:

    @Brachiator: Well, I’ve seen some of the “look how hip and modern we are!” propaganda shots out of Pyongyang, and they’re still using e.g. big ‘ol CRT monitors. Wouldn’t surprise me to find them on XP.

    And, as we all know, you don’t need Windows 10 to build a nuclear bomb.

  52. Alain the site fixer says:

    @mai naem mobile: I haven’t heard a thing but I haven’t been glued. She’s on my mind but I fear the worst…or rather, the end. But I hope she’s demanding more ice and smiling and loving just a bit more.

  53. Alain the site fixer says:

    @Major Major Major Major: they have a custom Linux distro as I recall. Their hacker/intelligence folks use Windows, Macs, normal flavors of Linux, etc. But I’ve read that important things run on their own Linux – Red Star or something like that.

  54. Frankensteinbeck says:

    @Major Major Major Major:
    That is actually the source of most of Windows’ instability, and why you have to reinstall occasionally. Drivers run most things, those drivers are made by third parties without standardization, can interact in unexpected ways, and are not cleanly removed when new drivers are installed. My father works on deep operating system stuff like this professionally. He tells stories like two developers having separately discovered a chunk of hidden, normally never used memory in Windows, so they put their drivers there. Install both those programs, and your copy of Windows dies, and your hard drive is with it.

  55. NotMax says:

    @Major Major Major Major

    One thing they’re not backward on is computer tech and programming. Concerted effort instituted some years ago by the government to pour resources into that sector.

    So far as the monitors go – and that may well have changed – CRTs require less outlay to import (by fair means or fowl) rare earth metals.

    When it comes to the public sphere (although last report seen was from about 2014) 40% or more of the populace had smart phones of DPRK origin.

  56. 🌷 Martin says:

    @Frankensteinbeck: I know a guy whose job it is to write patch code to fix up all of the defects in existing popular games that arise from a new GPU driver. The success of graphics cards is such that they don’t want to rely on the game studios to patch their code, so the GPU vendors patch it right in the driver itself. It’s insane.

  57. gbbalto says:

    @Alain the site fixer: @mai naem mobile – She was hanging in there, with humor, at last update:
    FROM LAST NIGHT: greennotGreen
    May 11, 2017 at 10:33 pm
    (gnG’s sister speaking) gnG asked me to blog for her this evening. This is actually a big improvement over last night, when she was in a red fog of pain that was only relieved by a whole cocktail of drugs, which really knocked her out. This morning, the hospice nurse (competent, although wears perfume – not appropriate for nursing – and has a very whiny voice ) doubled the basal level of dilaudid going into my sister’s port, resulting in *much* better pain control. gnG was groggy, but otherwise quite herself. She continues to grope for words and speaks very slowly, but still compos mentis. We had a good discussion about the ethical issues surrounding a family dosing a hospice patient with morphine when the patient is in too much pain to decide for herself, and the emotional burden that places on the family. We also have been discussing the Trump-Comey affair, and the exciting developments with the grand juries in Virginia and New York. At one point, gnG threw up her hands and laughingly said, “This isn’t fair! I really don’t want to linger, but I want to see how this turns out!”
    See why I feel I am so blessed to be able to spend this time with my sister?

    ETA: h/t to Elizabelle

  58. jeffreyw says:

    @🐾BillinGlendaleCA:

    I’ve had no problems with updates, I use both a Logitech mouse and keyboard.

    I’m sure it is a case of conflicting drivers, maybe several that add their own bits to the problem. I get a “can’t decrypt xxx error” for mouse and keyboard modules when trying to install setpoint, and the newer Logitech Options drivers all load fine but I lose them on restart.

  59. Elizabelle says:

    A message from greennotGreen: just came in now on the morning thread:

    greennotGreen
    May 12, 2017 at 4:28 pm
    @Elizabelle: (gnG’s sister writing) gnG wanted me to say that, while she wished she had had more time here, she is not bitter about the inability of her doctors to save her. It’s been hard to find a cure because cancer actually encompasses a wide range of diseases, and one approach doesn’t fit all. For her memorial, she has instead suggested donations to three different causes, only one is cancer (American Cancer Society). The others are Cystic Fibrosis Foundation (because of her nephew) and the Avielle Foundation (because her very good friends lost a daughter, Avielle, at Sandy Hook). As throughout her life, and approaching her death, her first thought is of others.

  60. JanieM says:

    @JanieM: Repeating my own question, addressed to Roger Moore but really for any of you techies:

    What would you suggest using to encrypt them?

    That is, backups.

  61. Major Major Major Major says:

    @NotMax:

    40% or more of the populace had smart phones of DPRK origin

    Roughly 18 million people in North Korea are not getting enough food, a United Nations report released this week found. That means 70 percent of the isolated nation’s population relies on food assistance to get by, including 1.3 million children under the age of five.

    Priorities!

  62. Mingobat f/k/a Karen in GA says:

    @clay:

    Eventually, even his own supporters are going to stop caring about him beating Hillary, and they’re going to start wondering what he’s going to do for them.

    Not sure about that. Beating Hillary is what they wanted from him.

    It helps to view the GOP as a cult rather than as a political party. They’ll rationalize everything their leader does while he’s bleeding them dry.

  63. 🌷 Martin says:

    @Major Major Major Major: They don’t have to dump it all. Because bitcoin is non-inflationary (there’s a fixed amount that can possibly ever exist) simply locking up large amounts of it will keep the price high because the supply will be low. They can then bleed it off when it’s convenient.

  64. NotMax says:

    @JanieM

    Speaking strictly personally, not ignoring you but also am not more than a very casual techie, so outside my wheelhouse.

  65. Miss Bianca says:

    @Elizabelle: aw, this is making me weepy at work…

    It’s a beautiful day in the central mountains of CO, and despite all the craziness going on, I am going to take the reminder from gnG that every second I’ve got left on this earth is precious.

  66. Enhanced Voting Techniques says:

    So the word is Dumb Assed Donny hired a Russian Lawyer to repesent him in this thing.

    Truely, what the frak?

  67. TenguPhule says:

    @Enhanced Voting Techniques:

    So the word is Dumb Assed Donny hired a Russian Lawyer to repesent him in this thing.

    Actually, a firm nominated and awarded for being the best, by Russia.

    Whether the actual lawyers are Russians is yet to be determined.

  68. Le Comte de Monte Cristo, fka Edmund Dantes says:

    I have a brilliant idea for a movie.

    A mafia goon decides to open a legit business – a country style Italian restaurant in Napa Valley, using some Italian varietals. It being California, the property is expensive as shit, but being a mobster, he does a straight bank transaction, no loans – and commits nearly all of his money. Unbeknownst to him, just before the closing, his lawyer’s escrow gets nailed by hackers for every dime, and there is no way the malpractice insurance covers the whole thing.

    His dream of a lifetime crushed, he digs in to the whole ethic of hacking and gets outraged. Using his skills, connections and remaining assets, he goes on a worldwide killing spree of hackers, many of whose bodies are only discovered when their moms bring sandwiches to the basement and notice it smells worse than normal….

  69. 🌷 Martin says:

    @JanieM: I don’t actually worry about encrypting my backups that much. And how you encrypt depends very much on how you are backing up. I have two backups of everything. The local backup in my house is made to an AES-256 encrypted virtual drive. It’s a standard and widely used strong encryption which means I can decrypt it using just about anything. Being a virtual drive means that the individual files aren’t encrypted, the entire volume is. There are pros and cons to that approach. Pro is that even the directory structure and metadata gets encrypted. Con is that it’s a single point of failure. If the volume corrupts, I’m pretty boned. My virtual drive is on a hardware mirror RAID so there’s always 2 copies on different physical hard drives. That protects pretty well against hardware failure. But if my house burns down, I lose everything, encrypted or not.

    My 2nd backup is offline and I use Backblaze for that. Data is encrypted in transport as well as in storage on their end. It’s fast and cheap and if my house burns down that’ll still be accessible. If the country burns down, then it won’t be but I won’t care about my data in that case.

    If I had to recommend to a casual users, I’d just do Backblaze. It’s a great service and it’s a snap to set up, and it’s reliable. My local backup is really my primary, but I’m willing to dump a few hundred dollars of hardware in it and the knowhow to set it up. It’s not horrible but it is technical. It also requires more maintenance than Backblaze does. Periodically the backups will stop running, etc. The reason I like it as my primary is that it’s very easy for me to test by occasionally restoring a machine from the backup. That’s a bit harder to do with Backblaze. The other upside to Backblaze is that you can easily restore individual files. Accidentally delete something last week, just jump in there and grab it back. Very nice.

  70. Alain the site fixer says:

    @Major Major Major Major: so that means that $300 of btc gets you more btc than it would have yesterday, which is what you want now if you’re (via unwilling third-parties) buying lots of btc, it seems to me.

  71. Mingobat f/k/a Karen in GA says:

    @TenguPhule: I don’t believe his lawyers themselves are Russian. But there are plenty of excellent law firms that don’t have offices in Russia at all — might have been smarter for him to hire one of them.

    Funny how everything he does just reinforces the Trump-Russia collusion narrative, isn’t it?

  72. Major Major Major Major says:

    @Alain the site fixer: I was responding to Martin, who said “their existing investment in bitcoin is likely to spike with that kind of demand to buy Bitcoin hitting the market”, pointing out that the opposite was happening.

    At any rate, we’re talking about a market that sees (back of the envelope) $600 billion traded per day, so this isn’t really likely to do much of anything.

  73. 🌷 Martin says:

    Oh, the reason I don’t worry that much about encryption is that getting to your backups is not really much of a risk. If your backups are always attached to your system, then they’re at risk of getting encrypted in a ransomware attack, but if they were previously encrypted, you now have this other layer of encryption on top of that, and you still can’t get to your stuff. So you haven’t saved yourself by encrypting. But they can’t encrypt a service like Backblaze using this method, so if you did get hit by ransomware, just reformat your computer, and backup from Backblaze.

    The most important thing for people to focus on is their passwords and personal info. Get a good password manager. I use 1Password. There are other good ones. Use the tools in the program to identify vulnerable and duplicate passwords and reset them to strong unique passwords. Find accounts you don’t use and delete them. Eliminate all of the other cheats you used to use to remember your passwords (notes, etc.) and use the password manager religiously. These also have elements that help with 2 factor authorization, so turn that on for all services that give you the option. That will solve 90% of the problems you are likely to run into.

    After that, keep your systems patched constantly. Set up the automatic download and install option on everything you have. When a new version of the OS comes out, upgrade to it reasonably quickly. Don’t sit on an old OS for years.

  74. Roger Moore says:

    @JanieM:

    What would you suggest using to encrypt them?

    I use the Linux dmcrypt layer, but I don’t think that would help you much. I think newer versions of Windows include whole disk encryption as an option, but I don’t know how well it works for removable drives, e.g. if you can decrypt them from a different computer. If you’re most interested in protecting a few critical files, it might be better to encrypt the individual files and back them up to the cloud.

  75. Alain the site fixer says:

    🌷 Martin:For the cloud backup, do you backup the entire drive like the OS too, so you can restore the computer, or just files?

    I’ve been considering setting up full-system backup (a copy of important files also backed-up to the cloud separately) and having that uploaded, but still in the early stages of exploration. I sort of prefer the idea of more hassle and expense, but a simple download-and-you’re-off approach beats downloading then reinstalling everything, configuring the OS and software, hardware, license and registrations, etc.

  76. Brachiator says:

    @Alain the site fixer:

    @🌷 Martin:

    I have an Android phone and Android tablet, which have been very solid (I never jailbreak or side load, and am very picky about the apps I use). I have an old iPad which I hope to update soon. My Chromebook has been rock solid with respect to security. I have to use Windows for work related stuff, and do everything I can to keep things up to date and secure.

    I had a neighbor who got a used Windows based machine from a friend. He never, ever ran any security updates, and just did not want to learn anything about stuff like that. And so he soon had problems with pop-ups and God knows what else. I don’t totally blame him though. I appreciate some of Apple’s approach (and that behind the Chromebook). For some consumer level stuff, you really need to make security super easy or nearly invisible to the user.

  77. Enhanced Voting Techniques says:

    @TenguPhule: An intert rock would have sense not allow the world “Russian” to be near Trump after this week, yet….

  78. rikyrah says:

    White House doesn’t deny Trump recording conversations
    05/12/17 04:37 PM
    By Steve Benen

    Donald Trump jolted the political world this morning, making a not-so-veiled threat towards former FBI Director James Comey via Twitter, saying Comey “better hope that there are no ‘tapes’ of our conversations before he starts leaking to the press!”

    Among other things, this raised the specter of previously unknown recordings of Trump’s conversations with Comey – and any number of other discussions the president has held in the White House.

    To no one’s surprise, the White House press corps was eager to hear more about the topic Trump raised.

    The White House did not deny on Friday that President Donald Trump taped meetings with his former FBI director – or that the president may be recording conversations in the Oval Office.

    “The president has nothing further to add on that,” White House Press Secretary Sean Spicer said at the daily briefing when asked several times by reporters about the president’s tweet Friday morning referring to “tapes” of Comey.

    No one should blame reporters for a lack of effort. Does Trump have recordings of Comey? “The president has nothing further to add on that,” Spicer said. Are there recording devices in the Oval Office? “The president has nothing further to add on that,” Spicer said. Are there recordings in the White House residence? “The president has nothing further to add on that,” Spicer said.

  79. clay says:

    @Le Comte de Monte Cristo, fka Edmund Dantes: That is not entirely dissimilar to the Neal Stephenson novel Reamde that I referenced above. In it, Russian gangsters get a thumb drive full of stolen credit card info, but that drive turns out to have ransom malware on it. (The ransom is for payment through a World of Warcraft-style MMRPG instead of Bitcoin.)

    The Russians track down the hackers in mainland China. But little do they know that there are Islamic terrorists with one floor down…

  80. The Moar You Know says:

    A patch for the vulnerability was released by Microsoft in March, but many systems may not have had the update installed.

    There’s a little thing called “Automatic Updates” which has been around since XP, and if you don’t have it enabled on every single system in your network, you’re either grossly incompetent or criminally negligent.

    That being said, they can only patch what they know about. A lot of this current outbreak was avoidable. The next ones will be less avoidable. Fully sandboxed operating systems must be implemented and soon.

    There are people out there sitting on top of stuff that can bring the world as we know it to an end.

  81. Alain the site fixer says:

    @Brachiator: Based on some personal experiences traveling, I can tell you – NEVER use a public computer unless you can help it. This is one way that bad guys get a crumb to get into your life – your email address, password, name and address, lots of info that might show up onscreen or that you type in can get intercepted.

    Hotel pcs in courtesy office centers are targets for bad guys and malware. So if you use one, and let’s face it – who doesn’t sometimes, right? – only use it if it’s creating a virtual machine. Even then, beware – a small camera above or behind you will capture screen and keyboard content, and there could be a physical keylogger in the keyboard.

    What do I mean by a virtual machine? Well I think it’s a lot of what consumer-facing operating systems will become. When you sign in, a new Windows instance is spun up by the server. this isn’t just a new user, it’s a new instance of Windows created from a safe, read-only image. So you know that it’s safe from crap that other folks have installed. That’s a lot of what you get from the combination of a tablet that requires an App Store to install apps plus a walled-garden for that store plus a rigid policy on the operating system and extensions to it. So when I travel now, I always prefer to use my own phone or tablet, and, if I cannot be sure that the WiFi connection is secure, I either tunnel, or, with my phone, turn off WiFi and use the phone company. I know they’re secure, at least from crooks. Government, foreign or domestic, is another story. I worry about criminals.

  82. clay says:

    @rikyrah: Spicer’s response could mean that he has no idea… How can any WH employee know what to say at this point?

    It’s worth noting that Trump has been alleged to bug his hotel rooms.

  83. 🌷 Martin says:

    @Alain the site fixer: Locally I back up everything. In Backblaze I omit the OS files, but back up my user files, apps, and settings. So I can’t do a metal restore from Backblaze – but I can do an install/restore user. By backing up everything to the local, I can do a fast/dirty restore to a machine just to ensure the backup is working. It’s really only to verify the backup is good.

    As a Mac guy, Apple’s approach to restoring after a reinstall or to a new machine is really a snap, so it’s set up around that workflow. But I’m a huge, huge proponent of reducing friction. The harder it is to do, the less likely you are to do it, or to do it properly. So figure out what you want your restore workflow to look like (3rd party, etc.) and then dial it in to that workflow as perfectly as you can.

  84. Roger Moore says:

    @🌷 Martin:

    Because bitcoin is non-inflationary (there’s a fixed amount that can possibly ever exist) simply locking up large amounts of it will keep the price high because the supply will be low.

    That’s the theory, but I have some questions about how it will work in practice. Bitcoin is only valuable as long as people think it’s valuable. That’s true of all fiat currency, of course, but most fiat currency has governments doing things like demanding people use it to pay their taxes, accept it when taking government contracts, etc. that guarantees that it will continue to have uses. If people collectively decide that Bitcoin is dodgy and decide to start using some other cryptocurrency instead, there’s nothing to prop it up.

  85. 🌷 Martin says:

    @Brachiator:

    I have an Android phone and Android tablet, which have been very solid (I never jailbreak or side load, and am very picky about the apps I use). I have an old iPad which I hope to update soon. My Chromebook has been rock solid with respect to security. I have to use Windows for work related stuff, and do everything I can to keep things up to date and secure.

    I had a neighbor who got a used Windows based machine from a friend. He never, ever ran any security updates, and just did not want to learn anything about stuff like that. And so he soon had problems with pop-ups and God knows what else. I don’t totally blame him though. I appreciate some of Apple’s approach (and that behind the Chromebook). For some consumer level stuff, you really need to make security super easy or nearly invisible to the user.

    Yeah, there were some first principle decisions that Android got wrong, that I think are hurting the platform now. One of the worst is the inability to get updates for most Android devices, unless you buy a Google branded one (which I highly recommend for those wanting to go Android).

    What you are seeing Microsoft doing with respect to Windows S is to copy as much of the benefits of iOS as they can reasonably do. It’s a good idea, and I would recommend everyone use S for their personal computer once it’s feasible, but I question whether their user and developer base will tolerate it. iOS can feel constraining, but it’s really, really hard to fuck up. I feel comfortable handing it to anyone and not worrying that they’ll screw up security on it. Chromebook is the same way (better in some respects). It’s almost impossible to screw up. That’s really where consumer computing needs to be – it needs to be bulletproof.

    What we’re seeing today, though, is a failure of institutional computing. Different beast, different set of solutions.

  86. 🌷 Martin says:

    @Roger Moore: Yep. The US government can always demand that dollars be legal tender and that taxes and trade goods be paid in dollars. They can mandate demand for the currency. Bitcoin can’t do that. I don’t think a lot of people consider the importance of that particular regulatory benefit of government issued fiat currency.

  87. Peale says:

    @Roger Moore: IDK. What is going to prop it up are the demands of criminal hackers demanding regular tribute. If the barbarians demand shit so that they’ll go back to the steppes and leave the civilized world alone, shit has value.

  88. Roger Moore says:

    @Major Major Major Major:

    Bitcoin is down $125 today so far, it’s not really a pump-and-keep kind of thing.

    That’s actually better for the criminals. If Bitcoin is down today and bounces back, all the Bitcoin they receive today will be worth more after the recovery.

  89. Central Planning says:

    Everyone should be using a free account from OpenDNS to protect their home networks (I’m assuming everyone has some sort of device that does NAT/firewall).

    If you can’t do that, at least change your DNS to point to the OpenDNS servers – 208.67.222.222 and 208.67.220.220 (Don’t worry, there are actually more than 2 servers that are spread all over the world).

  90. Brachiator says:

    @Alain the site fixer:

    Based on some personal experiences traveling, I can tell you – NEVER use a public computer unless you can help it. This is one way that bad guys get a crumb to get into your life – your email address, password, name and address, lots of info that might show up onscreen or that you type in can get intercepted.

    Excellent advice. But again, in the real world (and this includes me, briefly several years ago), people have to use a public PC in a library to do a job search and send resumes. Some libraries try to police machines and help guard against problems, but hey.

    I get so paranoid now that I once walked away from an ATM machine because this young woman seemed to be hovering nearby for no particular reason. May have been totally innocent, but she had her smartphone out doing … something.

    And I am pretty sure that someone tried to hack my info while I was at a coffee shop across the street from a local community college.

    Hotel pcs in courtesy office centers are targets for bad guys and malware. So if you use one, and let’s face it – who doesn’t sometimes, right? – only use it if it’s creating a virtual machine. Even then, beware – a small camera above or behind you will capture screen and keyboard content, and there could be a physical keylogger in the keyboard.<

    Yep. Good tips. I avoid this as much as possible.

    What do I mean by a virtual machine? Well I think it’s a lot of what consumer-facing operating systems will become. When you sign in, a new Windows instance is spun up by the server. this isn’t just a new user, it’s a new instance of Windows created from a safe, read-only image. So you know that it’s safe from crap that other folks have installed. That’s a lot of what you get from the combination of a tablet that requires an App Store to install apps plus a walled-garden for that store plus a rigid policy on the operating system and extensions to it. So when I travel now, I always prefer to use my own phone or tablet, and, if I cannot be sure that the WiFi connection is secure, I either tunnel, or, with my phone, turn off WiFi and use the phone company. I know they’re secure, at least from crooks. Government, foreign or domestic, is another story. I worry about criminals.

    Yep. Good stuff. An easy on virtual machine would seamlessly help a lot of folks do safer computing.

  91. Gin & Tonic says:

    @schrodingers_cat: DNS is the protocol which translates a domain name, like balloon-juice.com, to a numeric value (an IP address) which is understood by your computer/tablet/router/whatever. Lots of orgs run DNS servers, including your ISP. For the most part, it is a relatively insecure protocol and your ISP does no filtering. OpenDNS does some filtering, and allows you to do more if you wish, but its advantage is that as they become aware of phishing/malware sites they will not resolve DNS for them, so if you are using their server for your DNS lookup you will not reach the sites they’ve determined are malicious. It’s just one more layer of security.

  92. Uncle Cosmo says:

    @Alain the site fixer: I had the opposite problem a few years back: I spent a night in a youth hostel in Munich, & in the morning I was going to buy a bus ticket for Prague. In order to let my friends in Prague know when I was coming in, I hopped onto a public terminal at the hostel & tried to sign into my Outlook e-mail account.

    Outlook said something like, You’re signing on from somewhere you’ve never signed on from before, so we are blocking your access until you provide the following information–& in a brilliant Catch-10110, the information it demanded was stuff I couldn’t find without being signed into Outlook (e.g, “the last 5 addresses you sent e-mail to”). No way to contact Microsoft to resove the problem. Screwed, stewed & tattooed.

    So I took off incommunicado. When I reached Prague I had to hire a stranger’s mobile in order to call my friend (I had no access with my mobile phone because my Czech SIM card was at my friend’s apt in the Prague suburbs). I was incredibly lucky a couple of days later to somehow retrieve from between-the-ears memory those last 5 e-mail addresses & restored my e-mail service. It all worked out eventually & I suppose for security’s sake it was for the best but jeezy peezy did it leave a lousy taste in my mouth and an even greater loathing for Microsoft (something I never would have thought possible, that my already monstrous loathing for MS could actually grow larger). Grrrr…..

  93. Central Planning says:

    @Gin & Tonic: thanks for the assist!

    If you sign up for a free account, you get more granularity and reporting, and your can use it to block sites/ categories (can be helpful if you have kids)

    Also, OpenDNS is just one piece of the security puzzle, so don’t think it will stop everything bad

    You can also read more about the malware here http://blog.talosintelligence......y.html?m=1

Comments are closed.