K9YA Telegraph article on the ARRL ransomware attack
I thought the editorial by Bill, AJ8B in the September issue of the K9YA Telegraph was quite interesting:
source: https://k9ya.org/
Bill offers his opinions and information on the ARRL cyber incident based on his professional experience of experiencing a ransomware attack at his workplace.
One thing in particular caught my eye: how do you know that your backups are "clean" ? In other words, maybe the payload was present for days/weeks/months before it was deployed. If a restore of a backup along with a thumb of the nose to the criminals is done you might very well be experiencing the same thing in a short time, then what ?
BTW, this kind of stuff even happened before ransomware and the internet - worms and viruses would infect floppy drives. I remember the windows "shop" where I worked the founder and lead programmer continually had to ask for help because he would re-infect his PC with a virus or worm (I recall that one of them was called Stoned), the tech support guy would just shake his head - people used to have large stashes of floppies !
The ARRL isn't a bunch of idiots who don't know what they are doing, they are just average folks under huge budget pressure like any media business and happened into the crosshairs of a criminal organization - as Sade Gook used to say (in the 1940s on the radio): "Stuff Happens"
Best Regards,
Chuck, WB9KZY
http://wb9kzy.com/ham.htm