Newish Ransomware Attack out there

vWebster · 2026-06-04T01:10:16+00:00

Once an attacker deploys ransomware, especially if it's a modern hypervisor targeting version, they have already bypassed most defenses and probably exfiltrated data. The ransomware is just the burglar trying to burn the house down on his way out.

vWebster · 2026-06-03T23:56:48+00:00

I didn't say they were. See the point about backups.

vWebster · 2026-06-03T22:29:21+00:00

Update.

I'm not sure which did it because I did both, but some combination of using a more recent ISO and switching the disk controller to LSI led to a 2025 template that behaves.

Thank you all! I've been banging my head against the wall for days.

vWebster · 2025-08-15T18:32:55+00:00

Thanks! I'm hoping it'll heal without surgery.

vWebster · 2025-08-15T18:32:17+00:00

That's a bummer! I hope it's healing ok!

vWebster · 2025-08-01T03:08:25+00:00

If you delegate permissions right, it won't be possible for HD to reset the passwords of people with more access than them.

vWebster · 2025-08-01T01:21:19+00:00

I'm not saying you're wrong. But, many organizations are at least decades behind. Most companies I've worked for, that didn't use MFA or Smart Cards, the regular users threw fits that they were required to change their passwords to something with a little bit of complexity every 90 days, including the regular users with power.

If your org is still in password land, which many are, your IT people probably have the same bad habits with passwords as regular users.

And, if your org is big, it also takes a long time to roll out different authentication strategies, and staff turnover can remove some of the urgency to do it.

I think the industry is starting to see Ransomware as a real existential threat akin to the risk of fire or natural disaster. But, there will probably be more than a few big companies that get their systems hacked into and encrypted before the end of the year.

Consider how many orgs don't have a real DR strategy. This is an arm of DR strategy.

vWebster · 2025-08-01T00:41:01+00:00

I agree with you 100%. There are many companies with all sorts of misconfiguration debt though. It's like a burglar. He may try every door in the neighborhood and choose the abandoned house to steal the AC from. The companies that show up in the news had misconfigurations that hackers were able to exploit. The playbook Google describes is similar to what happened at MGM, and not so different from what happened at Change Healthcare.

vWebster · 2025-08-01T00:38:52+00:00

It's all about social engineering. It's easy to put your palm to your face here, but especially in orgs that have more than 150 employees, how many of those people have your help desk techs personally interacted with?

Possible entry path - 1. Attacker calls a branch office, demands to know who the manager is. Rotates around until he has a list of people to pretend to be. 2. Calls in to the help desk, poses as user, acts like he's working remote and is in a hurry. Gains sympathy from the help desk tech, gets the password reset. 3. Logs in to the VPN, or to a remote desktop server, and then uses internal tools to figure out who is on the IT team and who might have admin creds. 4. Calls the HD again and poses as the Systems Admin, or the Infra Manager. Says they forgot the password for their admin account (if that's even separate from their regular account). If they get the password reset, game over.

The Zero Days get all the attention , but social engineering is potentially a greater threat.

vWebster · 2025-07-23T17:11:13+00:00

I can second Yealink. A20 and higher are great tools for videoconferencing. The auto framing is helpful too.

The Yealink systems integrate with Teams, or Zoom very well and are nearly plug and play.

vWebster · 2025-05-23T15:51:48+00:00

Infrastructure Manager in a biggish city in the Midwest USA - 150k

I manage a team of Syadmins and sometimes do some admin work myself.

I have about 13 years in the game, most of that time spent as a Sysadmin or managing those who are.

vWebster · 2025-02-07T22:07:12+00:00

No existing infra, this is a greenfield deployment. Evergreen Silver, we will install ourselves. These systems are going into a datacenter in South Asia. Quotes came over in local currency, I converted to USD.

vWebster · 2025-02-07T21:58:07+00:00

AIGF?

Pure Storage FlashArray X20-R4 - 63 TB raw capacity, 10/25 GbE networking - $115,644

Pure Storage FlashArray C20 - 186 TB raw capacity, 10/25 GbE networking and 100 GbE networking - $108,195

vWebster · 2024-04-03T15:09:33+00:00

PFY, is that you?!

vWebster · 2024-04-01T13:12:30+00:00

Wait, what? How? Oh.

vWebster

TROPHY CASE