Hey folks.
Are any of you familiar with something called Conti Strain?
Our entire corporate structure has been taken hostage by it.
All my PLC files now have the extension.QEBEN instead of .ACD, .RSS as well as just about every other type of file on the network. In each folder is a read me.txt file that has instructions on how to pay them in order to return the files to us.
It’s completely over my head and the IT folks I’m sure are pulling their hair out now. This is day 2. All I can do now is on my IPhone. This stinks!
My regal question is….. zI do have backups of my PLC files. However, I’m worried that the backups are corrupted as we have no idea how long the offensive file has been with us. Does anyone know of a way I can scan this backup stick somehow before using them? Technically, I’m not even supposed to have this backups on a stick as per company policy, however, it could very well pull us from the flames.
I’m to scared to even put it into my computer!
I’m guessing that it’s not going to be a simple solution or IT would have fixed it already. This is the first time in 10 years I’ve seen their systems down.
This still has us crippled.
Our IT department is fumbling and useless. They are in over their heads and not going to rectify the situation. Everything remains encrypted and missing. Nothing works.
I'm going today to purchase a new laptop, it will be forever free from IT.
I'm going to buy all new software, free of corporate ownership.
Ill go around and pull backups as I'm not sure if the backups that I do have on a stick are infected or not. I'm considering them garbage at this point. I did put it in an old sacrificial computer and they look ok, but what lies beneath is what scares me, I don't know much about how this works.
Here is the issue. Our machines are all tied to the corporate IT controlled switches. I'm guessing its risky action to give my new computer a static IP address and tether it to the network to do uploads. Is there a risk that in connecting my new computer to the network that I will catch this virus so long as I don't upload any files from the network, simply create communication to each PLC and upload?
Does anybody have an opinion on this? Networking isn't my strong suit.
Aside from loosing plant to plant comms by going the IT free route (we have two neighboring plants) The other downside to all this is I will loose my outside access to the plant. I finally, after years of waiting for internet at home just got connected, thanks to Musk. Now because of this, I'm loosing my outside connection before I even get to use it. Iv mentioned getting a second internet connection here free of corporate once again but it might not fly.
Unfortunately this has cast into the stone ages and it seems that there is nobody on our team trying to help. Now its all my problem. They want me to start panicking about it and create a magic solution when its their stupid policies that got us here in the first place... Funny how this works. . Yes I'm a bit sour. I cant believe, I cant conceive how they didn't have a contingency plan. I cant understand why we cant roll our network back to an earlier date. But then again, they cant even keep the office printers reliably on the network.
Stay out of it, Colonial Pipeline paid because they couldn't take the cost hit of unscrewing it by going waaaay back in backups. Either your company will pay.. or it will die if loss of those files can ruin it.
Any ransomware worth its weight will wait Weeks to Months to fire and arrest control of the system, encrypting everything. This ensures its DEEP into the backups and cannot be gotten rid off. If it infects and fires that day.. whats the point? Just restore from a few days ago. Yes a real pain in the rear for data loss, etc. But it won't generally destroy a business. Weeks.. yes. Months.. Totally.
If you really want to try and see.. Get a Raspberry PI. IT runs off a SD card. If your sticks can be tested with some scanner software from linux and is cleared.. you are PROBABLY okay.. Not 110% sure. And if its infected and gets ahold of the Pi's OS files and locks them up.. 5 dollar MicroSD card shot. No big loss.
DO NOT get a laptop and connect it to the network, It'll get hit more than likely. The way it propagates across a network is using known and unknown vulnerabilities. You're best defense is keep the windows firewalls on, Tell it your on a public network when you connect. This will disable file sharing so that avenue should be closed... should.
TO encrypt something like this it has to be tailored for the general OS type. Windows OS cannot infect a Linux OS easily. You'd have to write it that way to do it. documents that are a stored on a linux server but used by Windows clients are readily infectible by a windows tailored attack program.
I've looked and read on this stuff.. and I am SOOOOOOO glad I abandoned the IT field... I do NOT want to deal with this stuff.
We have the same thing, after you are "hooked" a couple of times, you become extremely cautious. I have marked valid emails as phishy, better safe than sorry.
I roll my eyes and delete them. Don't even hit the Report Phishing deal in the email system. They tailor that stuff to the average user to snag them. I did mark one early on ABOUT the training.. It looked sketchy as all get out. and was signed.. IT Team.
IT dept manager responded to that report with Nope, its legit.
Training took me all of 10 minutes... click through everything not reading a thing.. answer the questions. Got 1 wrong because I took the slightly more paranoid option than was wanted(There should'a been two right answers, wanted and extra paranoid). passed easy.