Florida city will pay hackers $600,000 to get its computer systems back

[Speedy]

https://www.washingtonpost.com/business/...tems-back/

A saga that began with a municipal employee opening a corrupted email has forced a small Florida city to agree to pay nearly $600,000 to the hackers who paralyzed its computer systems — a cautionary tale for smaller governments whose security systems may also be unprepared for such an attack.

With Riviera Beach’s records held hostage, its city council voted unanimously to pay 65 bitcoin to the hackers — a tab that will be picked up by the city’s insurance carrier. For the past three weeks, city employees have not been able to access their emails, emergency dispatchers couldn’t log calls into computers, and workers and vendors had to be paid with paper checks. Even cops had to dig through closets at the police headquarters to find paper traffic citations, the Palm Beach Post reported.

Experts say the Florida case is just one example of how vulnerable municipalities are to ransomware attacks, and how much more common these hits have become. Compared to larger corporations or state-level governments, cities don’t necessarily have security measures in place to preempt cyber attacks. And a downed system could have serious effects on citizens who rely on city hall to carry out basic, if not life-saving services.

[AllGold]

Ok, so no security (or inadequate security). But no backups, either? (I didn't read the story because of the pay wall.)

[mattkime]

....yuk.

Maybe the federal government will set guidelines for information protection?








HAHAHAHAHAHA

When do the pirates IPO?

[GGD]

What guarantee do that have that the hackers will unlock them when they pay.

[deckeda]

GGD wrote:
What guarantee do that have that the hackers will unlock them when they pay.

They work by reputation. People know they’ll get their data back, so they pay. When the day comes that hackers don’t do that, hackers go out of business.

[GGD]

deckeda wrote:
[quote=GGD]
What guarantee do that have that the hackers will unlock them when they pay.

They work by reputation. People know they’ll get their data back, so they pay. When the day comes that hackers don’t do that, hackers go out of business.
But don't they usually give a deadline of much shorter than 3 weeks to pay-up or lose the data?

[Mike Johnson]

That’s the smart move.

[C(-)ris]

AllGold wrote:
Ok, so no security (or inadequate security). But no backups, either? (I didn't read the story because of the pay wall.)

A lot of times the backups are corrupted as well. As the virus spreads it will hit any device connected to the network. Which would include the backup server. Also could be that a client machine has the backup share mounted for whatever reason.

The only way to protect your backups is to physically disconnect them. That is a physical process, not an automated process. Which means it is easy to forget. Most places would rather have the backups keep running then have the device accidentally unplugged for months and have nothing.

The real problem is there are way to many zero day exploits that aren't being patched quick enough, or shouldn't be there in the first place. Hackers and government agencies have access to these security holes for months and use them until someone notices. If the NSA and CIA spent less time hacking into computers to gain information and more time helping the private and pubic sector harden their systems this wouldn't be as large a problem as it is. But it is totally worth it if the city of Baltimore gets hosed for months if it means they got a shred of intel on someone else.

[mattkime]

Ding ding ding.

I don't doubt that they looked at their backups only to discover that it had been present in the backups for some time.

That said, this shouldn't be a difficult problem to solve...if the will to solve it exists.

[C(-)ris]

mattkime wrote:
Ding ding ding.

I don't doubt that they looked at their backups only to discover that it had been present in the backups for some time.

That said, this shouldn't be a difficult problem to solve...if the will to solve it exists.

That was the part I don't get about both Baltimore and this one. They are complex systems, sure. But they aren't THAT complex. Email down for weeks? It takes 24H tops wipe and rebuild an Exchange server. A city that large should have support contracts and resources to fix the problem quickly. Plus, insurance is paying for it anyway. Sure, you might not have your data, but you should still be able to communicate. Ditto for a phone system. They are all virtual now with IP phones, rebuild it from scratch and start programming off of any phone lists or documentation you still have.

I worked for a 70 person marketing firm as a contractor that had their entire building, servers and everything wiped out in a fire on a Thursday night. They were up and running by Monday morning in a new location with brand new hardware for everything and all their data restored from their offsite backups. It cost a small fortune and dozens of people working 24 hour days for the entire weekend, but it was doable.

Backup drives were physically driven in from a different state. Servers and workstations were overnighted. We ate up the entire stock of an Apple Store of iMacs and MacBook Pros and had more overnighted. Was a fun time.