Rackspace confirms Play ransomware behind recent attack.

[nlinecomputers]

Rackspace confirms Play ransomware was behind recent cyberattack

Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company's hosted Microsoft Exchange environments.

www.bleepingcomputer.com

 

[YeOldeStonecat]

Unpatched systems...heh.

 

[britechguy]

Unpatched systems...heh.

It amazes me that in this day and age there still remain IT professionals who are more suspicious and worried about applying patches than the things those patches address.

One of my favorite quotations of all time, which applies to all sorts of updates/patches, not just the specific context mentioned:

There really isn't a point to checking for updates and not installing them. . . It's important to install all available updates. I've been doing this since the days of DOS, and I still don't have the confidence to pick and choose among updates. There are just too many variables involved - and most people can't evaluate the full consequences of installing/not installing updates.
~ John Carrona, AKA usasma on BleepingComputer.com, http://www.carrona.org/

I know that some of this is from pure laziness, too, but I still hear talk of "bad updates" even though most of us might experience one of those way less than once in a blue moon.

 

[YeOldeStonecat]

Yeah. I understand waiting..."a little bit". The term "death Tuesday" didn't come to fruition without numerous occasions of crashed systems due to a "bad patch". But...don't wait long. We patch on Fridays..giving Microsoft several days to pull a bum patch, fix, and re-release.

 

[nlinecomputers]

Well, you have to be aware that there is a patch...Not sure that the IT department at RS is paying that much attention...

 

[britechguy]

The term "death Tuesday" didn't come to fruition without numerous occasions of crashed systems due to a "bad patch".

I have, literally, not encountered a "crash and burn" level bad patch in many years. The closest I've come to one of those was the disaster that was the early day or so of the Feature Update to Windows 10, Version 1809 (I think it was 1809 that was drive-wiping in certain unusual [but not isolated] circumstances).

When I'm offered them, I apply 'em. [And when I was part of an IT department many moons ago, we checked about what came out several times per week, and applied critical patches and most "important" patches very quickly indeed.]

Addendum: It was that Windows 10 Feature Update that was the final nail in the coffin of the fully automatic feature update, which I miss to this day. Many users find it too taxing to occasionally look at Settings, Windows Update, and hitting the Download and install link for Feature Updates. Microsoft had the right idea to have Feature Updates and cumulative updates be "full manual" for institutional editions (Enterprise and Education), "highly configurable" for Pro, and "fully automatic" for Home.

 

[nlinecomputers]

Don’t confuse Windows 10 with an exchange server. Much more complicated to patch and there are some issues with said patch. It’s caused mailboxes to not mount after the reboot. So it’s understandable that if you have several dozen that you need a rolling patch schedule so that you minimize mail disruptions.

 

[britechguy]

So it’s understandable that if you have several dozen that you need a rolling patch schedule so that you minimize mail disruptions.

Absolutely. But that rolling patch schedule should not take months.

You get a pretty clear indication of what's the likely outcome from every patch process you undertake from the first several.

The idea of starting with a tiny cohort (often of one) for the first cycle, making each subsequent cycle use larger cohorts until you're confident you can "flash cut" the rest (if there are a very great many involved), is not new.