Profile picture
Robᵉʳᵗ Graham 🤔 @ErrataRob
, 11 tweets, 2 min read Read on Twitter
1/ Other cities should heed what happened to Atlanta. Such problems are coming to many cities in the near future.
2/ They'll misinterpret what happens here. They frequently get individual desktops infected with ransomware, so they falsely believe they are on top of the situation. What happened in Atlanta is a wholly different attack, where ransomware spread to the servers.
3/ All the news stories are asking how the ransomware got inside their network. This is the wrong question, it doesn't matter. The question they should be asking is, once inside, how it spread. It spread because it got "admin" credentials.
4/ The SamSam ransomware is notorious for this. It aggressively looks for admin credentials on any system it effects and uses them to spread to other systems on the local network.
5/ Atlanta reports that 911, police, fire, and the local airport were unaffected by the attack. That's because systems were on different domains, firewalled, or used other operating systems (like Linux).
cnn.com/2018/03/27/us/…
6/ People think "Oh, the police had smarter IT staff, and that's why it wasn't infected". What really happened is there was a firewall blocking port 445, or simply they were on a different Windows domain, with different credentials.
7/ According to news reports, the city has been working with Microsoft, Cisco, SecureWork, Georgia Tech, Homeland Security, and the Secret Service to figure out what happened. This is nonsense. We know what happened.
8/ We know how such attacks get in: the hacker sends obvious phishing emails or uses obvious exploits against exposed servers. Then, once in, it uses whatever credentials it finds on the infected systems to spread to other systems.
9/ According to news reports, Atlanta has Windows-based web servers with port 445 exposed. It doesn't matter if that was the particular vector SamSam used -- it matters that no sane organization would have those ports exposed.
10/ Atlanta's flaw is failing to do the very basics. It's kinda pointless asking which of the basic flaws was the one that let SamSam in their network.
11/ Which wraps around to [1/] of this tweet storm: municipal, county, state governments are notoriously bad at doing the basics of IT and cybersecurity. Thus, what happened to Atlanta is likely in their future as well.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham 🤔
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!