[Milsurplus] [Glowbugs] ARRL's ransom payment

sbjohnston at aol.com sbjohnston at aol.com
Thu Aug 22 15:15:15 EDT 2024 

Organizations compete in an "arms race" between the ever-increasing sophistication of those who would penetrate and disturb their networked systems, and the defenses they deploy to block such penetration and disturbance.  

For example, ARRL might have needed to spend $1 million dollars more on IT staff and services to achieve ta defense up to the challenge of the ransonware attack.  It can be difficult to get management to see this need to compete (and spend) to successfully defend the systems.

I remember telling one general manager repeatedly that our entire radio business enterprise was quite vulnerable (we were relying only on Windows client and server defenses and an older hardware firewall).  I offered a comprehensive plan to harden our systems - it was pretty expensive but not insane.  He responded, "Why do we need this?  Everything's working fine."  He never approved that plan since he did not seem to care about the risk.  

To allow us to restore operations after a potential ransonware attack, I ended up using maintenance money to build a parallel set of duplicate servers that we only connected to the wider network one night a week to get updated.  

I actually used a low-tech timer relay to control the power to the network switch that connected the two networks.  This produced a varying date/time of the update connection on a slightly less than one week interval.  Keeping the backup servers disconnected 98-99% of the time was my defense against hacking/virus spread/employee-misdeeds/etc.

The backup servers were also in a different part of the building in case the main server room had a fire/flood/etc.   

If the main servers got locked-up by a ransomware attack, I would just tear them out and put the duplicate backup servers in place to restore operation.  We'd have an interruption in services, and lose whatever work had been produced in the past few days, but that is far better than nothing (or paying big $ to the hackers).  

This also gave me backups to cover more mundane problems so it was a win-win.


Steve WD8DAS   

sbjohnston at aol.com   
http://www.wd8das.net/   
http://af4k-crystals.com/   
--------------------------------------------------------------------   
Radio is your best entertainment value.   
--------------------------------------------------------------------  

More information about the Milsurplus mailing list