Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




638 posts

Ultimate Geek


# 258691 16-Oct-2019 08:24
Send private message

Not sure if this is the right forum for this so please move if not correct..

 

Freyberg School in Palmerston North 

 

School servers hit with ransomware

 

 

 

"The expert's best guess for how the hackers broke into Freyberg's servers was that they exploited a temporary password used by contractors hired by the Ministry of Education to carry out a recent systems upgrade."

 

Bit of a whoopsie there. Goes to show, your security is only as strong as the weakest link.






Create new topic

xpd

SysOp
10246 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2337921 16-Oct-2019 08:29
One person supports this post
Send private message

IME (and I've seen a lot of ransomware'd systems lately), they try blaming it on someone leaving an account enabled etc, but when its actually looked into, it turns out someone got an email with a dodgy attachment and well... you know the rest.

 

Its not "hackers" - its generally script kiddies. 

 

How did they trace it back to china ? Just because the email address in the ransom is located there ?

 

Even with "experts" checking it and saying it was an RDP attack, the IT co. was prob asked not to say it was an email attachment because it'll make the school staff look stupid.

 

 





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : Ryzen 5 3600 / 16GB DDR4 / RX580 4GB    Console : Xbox One

 

Now on BigPipe 100/100 and 2Talk  Add me on Steam   My Lego

 

*** AMIGA UNLIMITED REDUX BBS - SOON***


4021 posts

Uber Geek

Trusted

  # 2337922 16-Oct-2019 08:38
Send private message

RDP attacks are possible and I have seen it first hand with a company that got hit by ransomware. RDP open to outside world on default port, AD password is 'password or 123', RDP into server and do what you feel like.If it was an RDP attack then it should make them feel more stupid because

 

 

1. Why leave RDP open on default port to open work without using RDS gateway or at the very least change default RDP port or force everyone to VPN first into school network from offsite and then RDP with the default port on local IP

 

 

2. Why implement a simple/weak password policy.

 

 

This is what happens when you get the school vice principal or a teacher who is good at connecting iPad's to WiFi also do CTO duties and make decisions.




Do whatever you want to do man.

  

 
 
 
 


4320 posts

Uber Geek


  # 2337923 16-Oct-2019 08:39
Send private message

This is why school's shouldn't have an "IT guy" to run the system.

 

And although it's a pain in the ass, just role back to your last backup and only lose the days work... riiiight?


70 posts

Master Geek


  # 2337939 16-Oct-2019 09:04
2 people support this post
Send private message

Stuff news - prob best taken with a truckload of salt. :P

 

chevrolux:

 

This is why school's shouldn't have an "IT guy" to run the system.

 

And although it's a pain in the ass, just role back to your last backup and only lose the days work... riiiight?

 

I personally think it's OK if the IT guy can escalate issues.

 

Couple high schools up where I am employ a semi-regular IT guy for the mundane tasks, he has support from an outside contractor.

 

 

 

Edit:

 

I just remembered one of the IT guys is a student.... lol.   Much of his time is spent fixing Chromebooks

 

 

 

 


192 posts

Master Geek


  # 2337966 16-Oct-2019 09:59
One person supports this post
Send private message

xpd:

 

IME (and I've seen a lot of ransomware'd systems lately), they try blaming it on someone leaving an account enabled etc, but when its actually looked into, it turns out someone got an email with a dodgy attachment and well... you know the rest.

 

Its not "hackers" - its generally script kiddies. 

 

How did they trace it back to china ? Just because the email address in the ransom is located there ?

 

Even with "experts" checking it and saying it was an RDP attack, the IT co. was prob asked not to say it was an email attachment because it'll make the school staff look stupid.

 

 

 

 

my bet would be on this.

 

if the contractors 'who carried out a recent systems upgrade' actually left that 'temporary password', they shouldn't be in business.

 

pros worth their name should and would (normally) be well aware of these things. however, as secure as you can get your environment to be, you can't really completely guard against that click on a link from an email.

 

 

 

 


21748 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2337997 16-Oct-2019 10:18
Send private message

There is a difference between file shares on a server being encrypted, and the server itself is compromised and with due respect, who cares, it's an easy restore if it's just some file shares. What is much more of an issue, is the server OS itself being compromised which shouldn't be possible from any workstation.

 

Clicking a link on an email likely results in file shares being encrypted, this isn't as big of a deal. 

 

 


1967 posts

Uber Geek


  # 2338018 16-Oct-2019 11:23
Send private message

"The expert's best guess for how the hackers broke into Freyberg's servers...... "

 

in other words no one knows .
Just tell them something (anything) , then move on & fix it ?


 
 
 
 


70 posts

Master Geek


  # 2338031 16-Oct-2019 11:38
Send private message

The school hired information technology security experts to assist the school's technician investigate the hack and shore up the schools cybersecurity.

 

You'd think the school would do this before refusing to pay, not after.


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.