All right what ends well with the recovered backups of the Lazio regional database? The comment by Umberto Rapetto, director of Infosec.news
We are in the balance between the abuse of public credulity and the procured alarm. However you want to turn it around, the pathetic story of hackers in the Lazio Region sways dangerously between the enthusiastic "they recovered everything" and the reassuring "come on, nothing happened".
Probably the control room of the public body's communication believes that it has in front of an audience of stunned or, worse, of "boccaloni" ready to drink the extravagant and contradictory versions of the incident that follow one another in rapid sequence in the dismayed incredulity of those who really he knows something about it and in the impatience of those who – with normal common sense – are simply tired of having a different story drawn up every half day.
WHAT DID THE LAZIO REGION SAY?
One could cannonade at zero elevation against the Lazio Region, but the Geneva Convention prohibits barbaric demonstrations of abuse of power against those who are not in a position to defend themselves.
Considering that Zingaretti and his friends, net of the dramatic aspects of the story, have fueled the cornucopia of "memes" that have rained down on social media and on WhatsApp in the nicest humorous storm of recent times, I thought they deserve clemency or – at least – the dilution of an imaginary process "in small installments", each centered on a single charge.
This benevolent thought leads us to face – also for the clarity that is owed to the astonished readers already sufficiently bewildered – one theme at a time and to give absolute priority to the mysterious question of "backup".
THE FANTOMATIC RESCUE COPIES
When the computer crash was found, mere mortals imagined virtual lifeboats, or the fateful (albeit obvious) use of "backup" copies, or the duplication of electronic archives made with close frequency to face any emergency determined by a technical failure or malicious action.
HOW THE RANSOMWARE BANDITS WORK
A ransomware attacker resembles a time bomb and knows when to detonate a bomb. Unlike who is the target, the bandit does not proceed in an amateur way even when he is not part of a real criminal organization. Even the most foolish of criminals knows that he has to cause the digital explosion when his "target" starts the copy operations: in this way the rogue proceeds to undue encryption of the information assets targeted and ensures that the backup copy is extracted from an already damaged original.
Those who are really in the trade, in addition to knowing these dynamics perfectly and running for cover with safety procedures capable of avoiding this kind of drama, repeatedly make backup copies and keep the relative copies "offline", ie not connected to the Internet.
HOW AND WHEN TO MAKE SAVE COPIES
To put it simply (because it really is simple) a provident system administrator – in such cases – could have counted on the availability of multiple backup copies, one from the previous day, two days before, three and so on. Those disks – unreachable by the evil cyber pirates because stored in the safe – would have allowed the almost immediate "restart" within a few hours, just the time to verify the integrity of the most recent backup possible.
THE BACKUP RISES
A week of blackout should induce whoever manages the computer system to give courageous proof of self-awareness. If the team (in which "internal" regions, suppliers and subcontractors are intertwined) had a shred of dignity, it would proceed to a collective harakiri in live streaming.
After the statements of the politicians of the public body who admitted the encryption of the data and also of the backup copy, the Region resurrected John Belushi and decided to play the “grasshoppers” card . For those who haven't seen (very serious) “The Blues Brothers”, let's talk about the most bizarre list of excuses to justify a reprehensible lack.
After all these days it turns out – to the amazement of the population surprised by the miracle – that the backup had not been encrypted, but only deleted and that thanks to a providential software it has re-emerged from its ashes, sorry, from the trash …
DOUBTS ABOUT COMMUNICATIONS IN THE LAZIO REGION
The incredibility of the discovery is so obvious that even Ignazio Marino, the regretful mayor of the capital, felt he had to tweet " I hope I'm wrong but this back-up that materializes six days after the hackers' raid and the rescue with US software looks like much to the payment of almost 5 million dollars in bitcoins to regain control of the Colonial pipeline in the USA… ”.
HAS A REDEMPTION BEEN PAID?
If the taxpayer is interested in knowing, and really knowing, if a ransom was paid which fortunately was followed by receiving the keys to unlock everything (the criminals could also pocket the large sum and not send the "antidote"), to me ( and not just me) I'm interested in understanding how it took six days (and not six minutes) to understand that the backup was not encrypted, but deleted as stated by a well-known consultant.
"PLEASE STONE ME …"
A memorable tweet , in fact, challenging the rattles of many users of the twittering social network, would have given the news with the tone of a wedding card or a blue or pink bow: " I confirm with joy that the Lazio Region has recovered the data without payment of ransom. Not by decrypting the data but by recovering the backups that were not encrypted but only deleted. But working at a low level, the LazioCrea technicians have recovered everything ”.
It was 7:26 pm on August 5th.
Yeah, if those from LazioCrea are so good why don't they turn this prodigious ability to recover everything into a business? They may have a market waiting for them …
(Extract from an article published on infosec.news)
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/vi-racconto-i-miracoli-della-regione-lazio-sui-backup/ on Sun, 08 Aug 2021 08:31:27 +0000.