Tech
Pulling the plug: A way to halt a cyber attacker in your network? | Computer Weekly
There’s a cyber attack under way. An intruder is inside your network: moving freely, collecting data, and setting up a command-and-control (C&C) node for future communication. Except this time, you’re watching them – you can see what they’re doing. The dilemma remains: what do you do? Allow them to continue traversing the network while you operate, wait for forensic specialists to arrive or find a way to stop them?
Earlier this year, a BBC news report on the Co-op incident claimed that the IT team at the UK retailer “made the decision to take computer services offline, preventing the criminals from continuing their hack”.
The criminals sent a message to the BBC, stating: “Co-op’s network never ever suffered ransomware. They yanked their own plug – tanking sales, burning logistics and torching shareholder value.”
In its statement, Co-op said it “took early and decisive action to protect our Co-op, including restricting access to some systems”, which helped to contain the issue, prevent further data being accessed and protect the wider organisation.
When questioned at the Business and Trade Sub-Committee in July, Co-op representatives did not use the phrase “pulling the plug” directly. But Rob Elsey, group chief digital information officer at Co-op, said VPN and remote access were restricted “as a way of ensuring that we were able to keep the criminals out of our systems”.
Elsey explained that software within its network was “effectively trying to communicate with a threat actor’s website”, and after identifying the source, the team took the proactive measure of pausing all communication within that zone.
This, he stressed, was not “pulling the plug”. Co-op’s systems “are heavily segregated, which means this was very much focused on one specific zone”. He told the committee: “Throughout this, all our online business continued to operate normally, and our retail stores and payments are segmented, so they were not part of this attack.”
Which plug do you pull?
Whether Co-op truly pulled the plug is open to interpretation. But in the wake of recent rulings on ransomware payments, the option to take immediate action may lead to more pragmatic decisions.
Ev Kontsevoy, CEO of Teleport, says that while pulling the plug might be an effective short-term tactic, “it’s a sledgehammer approach, not a strategy”, adding: “Taking systems offline might stop lateral movement or data exfiltration in the moment, but it doesn’t solve the root problem: how attackers got in, how long they were there and what they accessed. It also causes unnecessary business disruption, which is one of the more tangible impacts of cyber attacks these days. We should not be encouraging even more disruption by taking systems offline.”
Tim Rawlins, director and senior adviser at NCC Group, tells Computer Weekly that it is not as straightforward as simply “pulling a plug”. The critical question, he says, is which plug – one connected to the outside world, or one on the internal network?
“When people talk about pulling out the plug, we don’t want them to turn off systems completely, because then we lose all the volatile forensic evidence – the data in memory. If you pull the plug in the classic ‘turn it off, turn it back on again’ sense, that’s what we lose,” he says.
Instead, Rawlins advises proper network segmentation: “You’re trying to make it harder to get from this segment to that segment. It’s either entirely physically separated, or it’s got firewalls with additional role-based access control.”
Segmenting a network, he adds, is best practice regardless. In the event of an attack, it makes lateral movement more difficult. “If you can pull the network plug, not the power plug, then you can reduce the chances of it spreading off one host onto multiple hosts – and really that is where ‘pulling the plug’ comes in,” Rawlins says.
“There is an element of shutting down things you believe haven’t been compromised. If you can see the route they came in, you can get ahead of that and stop access to it. But you need to make sure it fails gracefully. If you just turn a system off – literally pull the plug – a lot of systems will crash.
“You can instead shut them down so they are dormant and not available to be attacked – that’s what a lot of organisations will do. The shorthand is to pull the plug; the longhand is that you’ve got to think about it a bit more carefully.”
Context matters
The issue is not simply whether to pull the plug, but what the situation demands. In a LinkedIn poll this reporter ran on this subject, 55% of respondents said pulling the plug was the best way to stop an attack in its tracks. However, comments on the poll made it clear that it’s not so binary. One respondent said it was “drastic, last resort stuff”. Others stressed the need to consider “architecture, segmentation, critical servers, type of incident and many more data points” before acting.
Tim Anderson, chief customer officer for the UK at CyberCX, explains that while taking servers offline is a common and often effective step, it is not straightforward and can introduce new risks.
“It’s important to target the right systems,” he says. “Given how interconnected modern computer systems are – both internally and to the internet – switching everything off can be complex, time-consuming and disruptive.
“Where possible, our digital forensics and incident responders prefer ‘surgical’ network isolations of specific systems or portions of the network. This effectively disconnects the impacted systems from the internet, rather than pulling the power. It can contain the attack and allow investigators crucial time to understand the scale and impact.”
Pulling the plug, he acknowledges, can sometimes be effective, but it’s not preferred. It can be highly disruptive, and sophisticated attackers often deploy methods of regaining access once systems come back online.
Admission of failure?
Another angle is perception. If you do pull the plug, are you effectively admitting failure? Rafal Los, podcast host and head of services GTM at ExtraHop, suggests yes. “That’s one of the few things I’d fire a CISO for – you’re having a security issue and you have to shut down business? You’re fired,” he says.
Los cites the 2003 SQL Slammer worm as an example of when networks collapsed entirely, leaving shutdown as the only option. But a mere 18 months later, he says, better practices allowed for more surgical interventions, like shutting down specific network segments or ports.
“In 2025, this cannot be a working strategy,” Los argues. “If the answer is ‘shut it all down’, then you’ve got what you perceive to be an uncontrollable bleed in one of your fingers, and your answer is to lop it off.”
He points out that micro-segmentation and zero trust have been discussed for years. If the playbook still ends with pulling the power cable, that signals you’ve lost visibility and control. “At that point, that is every cyber security expert’s absolute worst nightmare,” he says. “I can’t imagine giving the advice to somebody to just shut it down. That sounds, dare I say it, just irresponsible.”
The precedent
Despite these warnings, there are high-profile examples of shutdowns. According to Newsweek, a 2012 cyber attack on Saudi Aramco saw the Shamoon virus delete hard drives, forcing the company to destroy more than 30,000 computers.
Similarly, the 2021 attack on Colonial Pipeline led to several systems being taken offline to contain the breach. That move temporarily halted pipeline operations and disrupted multiple IT systems.
Los acknowledges there are extreme cases where shutting down everything is the only option. But, he said, if that’s the only solution on the table, it reflects being “wholly unprepared as an organisation”.
Rawlins agreed that cutting internet access mid-attack can sometimes make sense, as it deprives attackers of their command-and-control node. But the wider consequences – what else depends on that connectivity – must be weighed.
Final thoughts
Fictional depictions of cyber security often portray pulling the plug as the dramatic solution. But in reality, it’s rarely the final or best option. More often, it reflects poor network architecture or insufficient segmentation.
The true solution lies in preparedness: segmentation, playbooks and rehearsed incident response plans. In cyber security, switching it off and on again may work for some problems – but when it comes to an active attack, it’s rarely the best option.
I’ve always approached taking melatonin supplements with skepticism. They seem to help every once in a while, but your brain is already making melatonin. Beyond that, I am not a fan of the sickly-sweet tablets, gummies, and other forms of melatonin I’ve come across. No one wants a bad taste in their mouth when they’re supposed to be drifting off to sleep.
This is where Onnit’s Instant Melatonin Spray comes in. Fellow WIRED reviewer Molly Higgins first gave it a go, and reported back favorably. This spray comes in two flavors, lavender and mint, and is sweetened with stevia. While I wouldn’t consider it a gourmet taste, I appreciate that it leans more into herbal components known for sleep and relaxation.
-
Photograph: Molly Higgins
-
Onnit
Instant Melatonin Mist
Keep in mind that melatonin is meant to be a sleep aid, not a cure-all. That being said, one serving of this spray has 3 milligrams of melatonin, which takes about six pumps to dispense. While 3 milligrams may not seem like a lot to really kickstart your circadian rhythm, it’s actually the ideal dosage to get your brain’s wind-down process kicked off. Some people can do more (but don’t go over 10 milligrams!), some less, but based on what experts have relayed to me, this is the preferable amount.
A couple of reminders for any supplement: consult your doctor if and when you want to incorporate anything, melatonin included, into your nighttime regimen. Your healthcare provider can help confirm that you’re not on any medications where adding a sleep aid or supplement wouldn’t feel as effective. Onnit’s Instant Melatonin Spray is International Genetically Modified Organism Evaluation and Notification certified (IGEN) to verify that it uses truly non-GMO ingredients.
Apart from that, there may be some trial and error on the ideal amount for you, and how much time it takes to kick in. Some may feel the melatonin sooner than others. For my colleague Molly, it took about an hour. Melatonin can’t do all the heavy lifting, so make sure you’re ready to go to bed when you take it, and that your sleep space is set up for sleep success, down to your mattress, sheets, and pillows.
There’s a lever on the back for this compression mechanism that you manually press down and a separate button to open the dustbin at the bottom. You can use the compression lever when it’s both closed and open. It did help compress the hair and dust while I was vacuuming, helping me see if I had really filled the bin, though at a certain point it doesn’t compress much more. It was helpful to push debris out if needed too, versus the times I’ve had to stick my hand in both the Dyson and Shark to get the stuck hair and dust out. Dyson has this same feature on the Piston Animal V16, which is due out this year, so I’ll be curious to see which mechanism is better engineered.
Bendable Winner: Shark
Photograph: Nena Farrell
If you’re looking for a vacuum that can bend to reach under furniture, I prefer the Shark to the Bosch. Both have a similar mechanism and feel, but the Bosch tended to push debris around when I was using it with an active bend, while the Shark managed to vacuum up debris I couldn’t get with the Bosch without lifting it and placing it on top of that particular debris (in this case, rogue cat kibble).
Accessory Winner: Dyson
Dyson pulls ahead because the Dyson Gen5 Detect comes with three attachments and two heads. You’ll get a Motorbar head, a Fluffy Optic head, a hair tool, a combination tool, and a dusting and crevice tool that’s actually built into the stick tube. I love that it’s built into the vacuum so that it’s one less separate attachment to carry around, and it makes me more likely to use it.
But Bosch does well in this area, too. You’ll get an upholstery nozzle, a furniture brush, and a crevice nozzle. It’s one more attachment than you’ll get with Shark, and Bosch also includes a wall mount that you can wire the charging cord into for storage and charging, and you can mount two attachments on it. But I will say, I like that Shark includes a simple tote bag to store the attachments in. The rest of my attachments are in plastic bags for each vacuum, and keeping track of attachments is the most annoying part of a cordless vacuum.
Build Winner: Tie
Photograph: Nena Farrell
All three of these vacuums have a good build quality, but each one feels like it focuses on something different. Bosch feels the lightest of the three and stands up the easiest on its own, but all three do need something to lean against to stay upright. The Dyson is the worst at this; it also needs a ledge or table wedged under the canister, or it’ll roll forward and tip over. The Bosch has a sleek black look and a colorful LED screen that will show you a picture of carpet or hardwood depending on what mode it’s vacuuming in. The vacuum head itself feels like the lightest plastic of the bunch, though.
Tech
Right-Wing Gun Enthusiasts and Extremists Are Working Overtime to Justify Alex Pretti’s Killing
Brandon Herrera, a prominent gun influencer with over 4 million followers on YouTube, said in a video posted this week that while it was unfortunate that Pretti died, ultimately the fault was his own.
“Pretti didn’t deserve to die, but it also wasn’t just a baseless execution,” Herrera said, adding without evidence that Pretti’s purpose was to disrupt ICE operations. “If you’re interfering with arrests and things like that, that’s a crime. If you get in the fucking officer’s way, that will probably be escalated to physical force, whether it’s arresting you or just getting you the fuck out of the way, which then can lead to a tussle, which, if you’re armed, can lead to a fatal shooting.” He described the situation as “lawful but awful.”
Herrera was joined in the video by former police officer and fellow gun influencer Cody Garrett, known online as Donut Operator.
Both men took the opportunity to deride immigrants, with Herrera saying “every news outlet is going to jump onto this because it’s current thing and they’re going to ignore the 12 drunk drivers who killed you know, American citizens yesterday that were all illegals or H-1Bs or whatever.”
Herrera also referenced his “friend” Kyle Rittenhouse, who has become central to much of the debate about the shooting.
On August 25, 2020, Rittenhouse, who was 17 at the time, traveled from his home in Illinois to a protest in Kenosha, Wisconsin, brandishing an AR-15-style rifle, claiming he was there to protect local businesses. He killed two people and shot another in the arm that night.
Critics of ICE’s actions in Minneapolis quickly highlighted what they saw as the hypocrisy of the right’s defense of Rittenhouse and attacks on Pretti.
“Kyle Rittenhouse was a conservative hero for walking into a protest actually brandishing a weapon, but this guy who had a legal permit to carry and already had had his gun removed is to some people an instigator, when he was actually going to help a woman,” Jessica Tarlov, a Democratic strategist, said on Fox News this week.
Rittenhouse also waded into the debate, writing on X: “The correct way to approach law enforcement when armed,” above a picture of himself with his hands up in front of police after he killed two people. He added in another post that “ICE messed up.”
The claim that Pretti was to blame was repeated in private Facebook groups run by armed militias, according to data shared with WIRED by the Tech Transparency Project, as well as on extremist Telegram channels.
“I’m sorry for him and his family,” one member of a Facebook group called American Patriots wrote. “My question though, why did he go to these riots armed with a gun and extra magazines if he wasn’t planning on using them?”
Some extremist groups, such as the far-right Boogaloo movement, have been highly critical of the administration’s comments on being armed at a protest.
“To the ‘dont bring a gun to a protest’ crowd, fuck you,” one member of a private Boogaloo group wrote on Facebook this week. “To the fucking turn coats thinking disarming is the answer and dont think it would happen to you as well, fuck you. To the federal government who I’ve watched murder citizens just for saying no to them, fuck you. Shall not be infringed.”
Budget 2026 Live Updates: TCS On Overseas Tour Packages Slashed To 2%; TDS On Education LRS Eased
Trump says India will buy oil from Venezuela, not Iran
Budget 2026: Cabinet gives green signal to Union Budget 2026–27
-
Business1 week agoSuccess Story: This IITian Failed 17 Times Before Building A ₹40,000 Crore Giant
-
Fashion1 week agoSouth Korea tilts sourcing towards China as apparel imports shift
-
Sports1 week agoTransfer rumors, news: Saudi league eyes Salah, Vinícius Jr. plus 50 more
-
Sports5 days agoPSL 11: Local players’ category renewals unveiled ahead of auction
-
Entertainment1 week agoThree dead after suicide blast targets peace committee leader’s home in DI Khan
-
Sports1 week agoWanted Olympian-turned-fugitive Ryan Wedding in custody, sources say
-
Tech1 week agoStrap One of Our Favorite Action Cameras to Your Helmet or a Floaty
-
Tech1 week agoThis Mega Snowstorm Will Be a Test for the US Supply Chain