Canadian city falls prey to crypto virus despite all the warnings in media and available technology.
Episode #10-31 released on March 15, 2020
Watch on Youtube
Download MP3 Audio
The Canadian City of Chateauguay got supposedly been infected with ransomware, and like many cities around the world. It is presumed that the data has been encrypted by Ransomware and yet, they haven't been able to find the device where the notice is likely posted, which is likely an employee who is hiding their shame, or maybe it is something else?
This can happen to anyone and everyone. Viruses are not a joke; however, everyone can fall prey to this kind of eventuality. Keep in mind, it is entirely possible that the virus was introduced into the servers using a RAT, which stands for Remote Administration Tool. The RAT can have a malicious payload which starts the entire process of encrypting the data. It is, also, possible, that the introduction of the RAT was possible by exploiting zero-day vulnerabilities that have yet to be discovered or patched. This means that there are many possibilities and few solutions currently that would solve the issues with the Canadian city of Chateauguay anytime soon.
But, let's get down to business, what can we ascertain as being some of the current issues with city digital infrastructures. After all, there are plenty of things that can be done to mitigate and eliminate the risks of those kinds of viruses, beginning with access permissions, patches, updates and education.
The first thing we need to understand are permissions. Normally, and especially in the case of home users, we use an administrative account. This is both ludicrous and dangerous. Viruses obtain permissions from the user account they first accessed. Some viruses, from that point use privilege escalation tactics, sure, but if the user was never able to access sensitive portions of the operating system, those risks would be greatly mitigated. Having tight controls on user privileges would solve many issues in cities, business, hospitals, etc.
The second issue is education, you need to remember the user, and the user is usually a person who over-estimates their understanding of computers. After all, how many resumes have you seen from people stating they can use Excel but have no idea what a pivot table is. Teaching users to understand the risks, recognize possible attack vectors, proper handling of data and files, etc. is paramount. Users are the most like attack vector in cities, businesses, etc. If the users are well educated on the risks, then the risks are lowered as a result.
The third issue is patches and updates. Microsoft makes it a requirement that all home users be up to date, something that isn't as enforced in a business setting. Updating and patching systems would avoid a lot of issues and prevent a great many infections from ever being able to spread.
Computer configurations are another issue for businesses, cities, hospitals, etc. Many vulnerabilities are related to remote access, a method of access required for a great many organizations. This relates to updates, permissions and patching in a serious way as all those vectors do affect what can happen to a computer, the network and all the data.
The last issue is hardware. Many consumer products are available that would prevent the kind of ransomware that many cities, companies, hospitals, etc. fall prey to, however, the higher end often has requirements that make it harder to implement, or organizations wait to spend the capital only once the issue has arisen citing the infamous clause, it has never happened before, which is false, it has, just not to them, yet.
And that is the final nail in the coffin, the difference between mindset and reality. We are wired to believe that because it has never happened to us, that it may never happen. It isn't a matter of if, but when and the sooner cities, businesses, hospitals, organizations, etc. understand this, the safer they, and by extension us, will be.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net