Conti Strain! Are we up the creek?

PLC Pie Guy

Member
Join Date
Jun 2013
Location
Halifax
Posts
1,144
Hey folks.
Are any of you familiar with something called Conti Strain?
Our entire corporate structure has been taken hostage by it.
All my PLC files now have the extension.QEBEN instead of .ACD, .RSS as well as just about every other type of file on the network. In each folder is a read me.txt file that has instructions on how to pay them in order to return the files to us.

It’s completely over my head and the IT folks I’m sure are pulling their hair out now. This is day 2. All I can do now is on my IPhone. This stinks!

My regal question is….. zI do have backups of my PLC files. However, I’m worried that the backups are corrupted as we have no idea how long the offensive file has been with us. Does anyone know of a way I can scan this backup stick somehow before using them? Technically, I’m not even supposed to have this backups on a stick as per company policy, however, it could very well pull us from the flames.

I’m to scared to even put it into my computer!

I’m guessing that it’s not going to be a simple solution or IT would have fixed it already. This is the first time in 10 years I’ve seen their systems down.
 
oh dear.


do not put the stick into any company computer, and do not touch any of the backups inside the company. go to staples or best buy or whatever and get a new computer that has never been in your company, maybe put a fresh linux install on it, and make backups of that stick asap, but do not do it anywhere near the company network.

If the stick is already corrupted it is too late. if the backups are on company servers it is probably too late.

You may be able to upload current programs, without comments, from the PLCs to a new computer, but it will have to be windows, and you will have to load A-B software on it so be sure that computer has never connected to the company network.
 
Open it on a Linux or Mac system, or a brand new computer that you can be sure does not have Conti on it. Look at the file extensions to see if they've been encrypted.


If good, make additional copies of the thumb drive and stick them in a safe place.


Long term, learn to use non-Windows systems to do everything except run your PLC programming software. Also consider learning to use non-Windows hypervisors to run Windows in isolated VMs.
 
Oh yikes! I think we had one instance here a while back. We had a terrible network connection between, I'll call them, building 1 and building 2. It was on the list of things to be fixed. Someone clicked something in building 2 (servers are in building 1), but luckily, the network connection was particularly terrible that day, the clicker called IT because their computer was acting funny. IT knew what was up and had them disconnect their machine from the network. The figured, had it not been for the crappy network connection, we likely would have been screwed. Procrastination wins again.

We've had some pretty wild phishing attempts. The effort that some of these people go through is unreal.

We also have random click tests, where IT sends out a phony phishing email to see how many people click. I'm always amazed at how many people click. First law of emails, don't click links.
 
We also have random click tests, where IT sends out a phony phishing email to see how many people click. I'm always amazed at how many people click.
That is a great idea. I will suggest that to my IT dept.
We have some instructional videos on how to be safe, but I suspect only a small fraction of people understand and follow the advice strictly. To actively test peoples behaviour is a step up.

And yes, backups that are themselves backed up.
 
The last company I worked for used to send out the test phishing emails. If you failed the test, you had a mandatory 30 minute training you had to do within a week.

The training was punishment enough that it made people very cautious.
 
Google (Gmail) does a good job of filtering spam and phishing emails, I know a lot of companies dont like Google but I have all of my emails ran through them.
 
The last company I worked for used to send out the test phishing emails. If you failed the test, you had a mandatory 30 minute training you had to do within a week.

The training was punishment enough that it made people very cautious.

We have the same thing, after you are "hooked" a couple of times, you become extremely cautious. I have marked valid emails as phishy, better safe than sorry.
 
Backup, backup, backup and keep many snapshots going many days back.


I am pretty sure we pay a service that checks for known phishing sites and e-mails. They can be tricky. Our IT guy sends company wide e-mails with examples of e-mails with bad intent.


I have used a white filter for years.


Beware of the banners saying this e-mail is good or bad. They can be faked too.
 
This still has us crippled.

Our IT department is fumbling and useless. They are in over their heads and not going to rectify the situation. Everything remains encrypted and missing. Nothing works.
I'm going today to purchase a new laptop, it will be forever free from IT.
I'm going to buy all new software, free of corporate ownership.
Ill go around and pull backups as I'm not sure if the backups that I do have on a stick are infected or not. I'm considering them garbage at this point. I did put it in an old sacrificial computer and they look ok, but what lies beneath is what scares me, I don't know much about how this works.

Here is the issue. Our machines are all tied to the corporate IT controlled switches. I'm guessing its risky action to give my new computer a static IP address and tether it to the network to do uploads. Is there a risk that in connecting my new computer to the network that I will catch this virus so long as I don't upload any files from the network, simply create communication to each PLC and upload?
Does anybody have an opinion on this? Networking isn't my strong suit.

Aside from loosing plant to plant comms by going the IT free route (we have two neighboring plants) The other downside to all this is I will loose my outside access to the plant. I finally, after years of waiting for internet at home just got connected, thanks to Musk. Now because of this, I'm loosing my outside connection before I even get to use it. Iv mentioned getting a second internet connection here free of corporate once again but it might not fly.


Unfortunately this has cast into the stone ages and it seems that there is nobody on our team trying to help. Now its all my problem. They want me to start panicking about it and create a magic solution when its their stupid policies that got us here in the first place... Funny how this works. . Yes I'm a bit sour. I cant believe, I cant conceive how they didn't have a contingency plan. I cant understand why we cant roll our network back to an earlier date. But then again, they cant even keep the office printers reliably on the network.
 
Here is the issue. Our machines are all tied to the corporate IT controlled switches. I'm guessing its risky action to give my new computer a static IP address and tether it to the network to do uploads. Is there a risk that in connecting my new computer to the network that I will catch this virus so long as I don't upload any files from the network, simply create communication to each PLC and upload?
Does anybody have an opinion on this? Networking isn't my strong suit.

Don't do it, there is a high risk it will spread to the new laptop as soon as it is connected to the network.

Stop the machines and connect directly to the PLC with them being removed from the network temporarily.
 

Similar Topics

Customer does not want any silo penetrations. Hates level sensors on top of silos. No capacitance sensors either. Would be great if it had...
Replies
6
Views
1,484
Hello, I'm currently working on a project where I need to read values off my 0-3kg Strain Gauge and display them on my HMI display. I've...
Replies
9
Views
1,803
Hey all, Another weird one. Long story short, I need to find a way to strain relief a phoenix/euroblock connector that will be getting a lot of...
Replies
2
Views
1,081
This is 99% a structural design flaw, but most people here have the capacity to manage this. First, some R&D background. I have a strain gauge...
Replies
5
Views
1,443
Hi Guys, We have a press that has about 30 inches of travel, and in that press goes a mold. There are different molds for different parts. The...
Replies
4
Views
2,194
Back
Top Bottom