Conti Strain! Are we up the creek?

I took the stick to a local computer genius that is going to scan it for me.
However, its only the PLC files, not the HMI files.......
 
I don't have the originals! I was counting on being able to upload all the PV files in the plants!

Well you can boot the panelview into setup/ config mode. export the file from the onboard memory to a separate stick. As said.. A win CE panelview is very basic. the chance is limited it can get into it and affect it. I would get a thumbstick and use it purely for that.

Disconnect the panelview from the network, boot it into config mode so it doesn't autostart an application, then save/export the current MER file to the thumbdrive. In that mode I don't see any issues. Panelviews don't have a fuil suite windows system so they can't run the ransomware software. The most they can do is host it and some goof browses the network and sees Bumpuglies.exe.. clicks it and BLAMMO its back. Thats where I see the WinCE systems as the danger.. just a host.

again.. after you do this. on your isolated system with AutoPlay turned off for ALL things. You can plug it in and look for any autorun.ini or .exe. if found, kill them.
 
Last edited:
Thanks you all for the advice offered here....
I have been informed that our stuff is likely never coming back. Apparently it will be weeks before many of our major systems are restored and a new network created for it. The backups that I had on the server are likely lost. Hopefully the local computer genius says that my backups stick is clean. At least then I will have the PLC files. No drawings or HMI files, but.... Going to visit him shortly.
 
please keep us updated on how this turns out ... there are a lot of lessons here - for a lot of people ...

best of luck with it ... stay safe - stay well ...
 
This is a lesson learnt, never trust IT, where I worked IT had backups of everything on servers as well as nightly backups of them, although against their wishes, I made two copies of all the software/drawings etc. on two portable hard disks, one I kept at work, the other at home, went to them one day as I needed a backup file off the servers, it appeared it had been removed somehow I know it was there & apart from IT I was the only one with access to that folder, noticed a few others gone as well. So me keeping backups personally ensured that I could restore them if needed, My regime was to back up to the server & the portable drive at work (keeping the last 3 versions at the minimum), the drive at home was only backed up with modified files but 5 days later.
 
This is a lesson learnt, never trust IT, where I worked IT had backups of everything on servers as well as nightly backups of them, although against their wishes, I made two copies of all the software/drawings etc. on two portable hard disks, one I kept at work, the other at home, went to them one day as I needed a backup file off the servers, it appeared it had been removed somehow I know it was there & apart from IT I was the only one with access to that folder, noticed a few others gone as well. So me keeping backups personally ensured that I could restore them if needed, My regime was to back up to the server & the portable drive at work (keeping the last 3 versions at the minimum), the drive at home was only backed up with modified files but 5 days later.

HA, yup. We are pretty fed up with the IT dept at this moment. Realizing yes, its not their fault... But shouldn't there be some plan B? They forced us to put everything there but couldn't secure it. Literally years of work. It hurts to see it happen even with having no personal monetary investment. The thought of loosing all your work stinks and I'm just glad that I now have a (many) secure backups of the most important parts anyway.
I got my stick back, scanned well and certified clean! I bought another one and am making a copy now. This stick is against company policy. However, there are some happy people that I do indeed have it.

My plan is to go in and start uploading HMI applications this weekend while its offline, locally at the machine. As many as I can anyway. On a dedicated fresh computer, not connecting to any networks other than to download the new software, at home, (FTV.ME) not on the plants network at all.. Then take the computer back to my local guy and get him to check it thoroughly. Worst case, if its infected it gets wiped again. Then I can say I have all the HMI and PLC backups clean if it works out.


Here is a question... Am I safe to connect to my infected controls laptop over teamviewer from home as I have always done? Is there a risk of transferring something that way to my personal computer?
 
Here is a question... Am I safe to connect to my infected controls laptop over teamviewer from home as I have always done? Is there a risk of transferring something that way to my personal computer?

Yup. Don't do it.
 
HA, yup. We are pretty fed up with the IT dept at this moment.
I would be pi$$ed too. They failed but were they given the resources to back up in depth?
At Delta we have spent a lot of money on backup solutions. We have about 40TB to back up in depth. The idea here is that the VM may be corrupted but the VM should never be because it is never exposed to the users or internet.

The production floor should have its own copies that are backed up when the software changes or is updated. SSD drives are cheap now. Backing up to SSD drives is easy and doesn't require special software.

I recommend having 20 SSD drives. There is a Monday through Thursday backup. The first Friday is a Monthly back up and there are at least 12 monthly backups. There are also a 2nd friday to 5th friday weekly backups. So we have 4 week day, 4 weekly and 12 monthly and SSD drives are so cheap you can back up even deeper. For instance, having a backup for every day of the month and doing the monthly back ups on the 1st would be better.
 
I would be pi$$ed too. They failed but were they given the resources to back up in depth?
At Delta we have spent a lot of money on backup solutions. We have about 40TB to back up in depth. The idea here is that the VM may be corrupted but the VM should never be because it is never exposed to the users or internet.

The production floor should have its own copies that are backed up when the software changes or is updated. SSD drives are cheap now. Backing up to SSD drives is easy and doesn't require special software.

I recommend having 20 SSD drives. There is a Monday through Thursday backup. The first Friday is a Monthly back up and there are at least 12 monthly backups. There are also a 2nd friday to 5th friday weekly backups. So we have 4 week day, 4 weekly and 12 monthly and SSD drives are so cheap you can back up even deeper. For instance, having a backup for every day of the month and doing the monthly back ups on the 1st would be better.

Do you guys keep any of them off site? I think we have periodic ones keep off site somewhere in case of something catastrophic.
 
Do you guys keep any of them off site? I think we have periodic ones keep off site somewhere in case of something catastrophic.
I know this is long but if it keeps just one person/company out of trouble it is worth it.


Yes, the SSDs. We take those home. My business partner takes home the monthly backups and I take home the others. We use to use tape backups. Tapes are slow and expensive and the software for backing them up is slow and expensive. Now there are 8TB SSDs. I think mine cost $160. The tape drives cost a bundle and the same goes for the tape back up software. I can buy a lot of SSDs for the prices of a tape backup system. The Synology NAS has a USB 3.0 port that makes it easy to back up to a SSD. It is easy to restore from a SSD.


We have been using my backup schedule since the mid 80s when we had QIC 40 drives.



Now we are thinking about moving one, my, of the Synology NAS back to my place but I would need to pay $30/month extra for unlimited data. Then we wouldn't need to back up with the SSD. However, once a SSD is separated from the system it can't be corrupted in any way whereas anything that is attached to the network could possibly be corrupted. There are advantages to having a separate SSD backup.



My NAS has 30TB of backup. I have an old Drobo5N with about 21 TB and a Seagate USB drive with 8TB. That is just my personal stuff but I back up a lot of company stuff too.


Delta has a NetApp server which has redundant power supplies and CPUs. It also has a feature where it reduces storage by keeping only one copy of a file but then uses links to the one copy. The OS must keep track of the number of links.
https://en.wikipedia.org/wiki/NetApp_FAS


We also have 3 servers use VSphere to run many of the VMs. The VSphere servers balance the load between the 3 VSphere servers.


We have a pretty sophisticated setup. It has taken a lot of time and money but before we always had people *****ing about slow response and when a server went down we would lose at least a day's work. Now that doesn't happen. We also have backup in depth.


Also, our servers have a means to backup particular folders on our users computers. Accounting, circuit design as well as software is backed up.

backup, backup, backup.
 
Our IT policy was also to ban/disable USB to company PC's, however, I had a good relationship with IT (after a disastrous error by them on one of our Scada systems after I pulled them out of the mire), I was given access to the servers areas others could not, even given a local admin password for every PC off the network, & use of portable hard drives & USB's, normally, IT do not like engineering to have that sort of access but working closely with them sort of made me one of the team. I was with that company for 16 years, we never had a virus cause any problems (we had a few that tried but never got past the security). the only time we did have a problem was when a very large UPS I mean as big as a shed, that supplied the servers caused many failures of hardware & shut the whole system down, within an hour there was two lorries fully kitted out & populated with our applications to get the IT systems up & running, apparently IT did have some contract in the event of catastrophic failure of the system. I was tasked with looking at the UPS, it turned out that the 3 phase UPS had lost it's neutral (bad Moloex type plug & socket), this had essentially put 415 across the servers & equipment, within a day the IT had dug out some old PC's, daisy chained bucket a load of hard drives in them & got the system back up temporarily to release the need for the backup units parked outside (probably cost a fortune for every day in use). So yes some IT departments very bad, but the guys I worked with gave me hope.
 

Similar Topics

Customer does not want any silo penetrations. Hates level sensors on top of silos. No capacitance sensors either. Would be great if it had...
Replies
6
Views
1,484
Hello, I'm currently working on a project where I need to read values off my 0-3kg Strain Gauge and display them on my HMI display. I've...
Replies
9
Views
1,803
Hey all, Another weird one. Long story short, I need to find a way to strain relief a phoenix/euroblock connector that will be getting a lot of...
Replies
2
Views
1,081
This is 99% a structural design flaw, but most people here have the capacity to manage this. First, some R&D background. I have a strain gauge...
Replies
5
Views
1,441
Hi Guys, We have a press that has about 30 inches of travel, and in that press goes a mold. There are different molds for different parts. The...
Replies
4
Views
2,194
Back
Top Bottom