• This is a political forum that is non-biased/non-partisan and treats every person's position on topics equally. This debate forum is not aligned to any political party. In today's politics, many ideas are split between and even within all the political parties. Often we find ourselves agreeing on one platform but some topics break our mold. We are here to discuss them in a civil political debate. If this is your first visit to our political forums, be sure to check out the RULES. Registering for debate politics is necessary before posting. Register today to participate - it's free!

Florida city will pay hackers $600,000

Rogue Valley

Lead or get out of the way
DP Veteran
Joined
Apr 18, 2013
Messages
93,583
Reaction score
81,659
Location
Barsoom
Gender
Male
Political Leaning
Independent
Florida city will pay hackers $600,000 to get its computer systems back

Riviera Beach’s records have been held hostage for three weeks.

DVRcIXUX4AIrTWm.jpg


6/20/19
A saga that began with a municipal employee opening a corrupted email has forced a small Florida city to take the extraordinary step of agreeing to pay nearly $600,000 to the hackers who paralyzed their computer systems. With Riviera Beach’s records held hostage, its city council voted unanimously to pay 65 bitcoin to the hackers — a tab that will be picked up by the city’s insurance carrier. For the past three weeks, city employees have not been able to access their emails, emergency dispatchers couldn’t log calls into computers, and workers and vendors had to be paid with paper checks. Even cops had to dig through closets at the police headquarters to find paper traffic citations, the Palm Beach Post reported. Though city spokeswoman Rose Anne Brown told the Associated Press there is no guarantee the city’s records will be returned after the hackers collect, outside security consultants said paying the ransom was the best course of action. The culprits insisted that the ransom be paid in bitcoin, a cryptocurrency that is difficult to trace.

Before the city council approved the ransom payment, it decided to spend nearly $1 million on new computers, hardware and other system upgrades. In May, Baltimore said it would not pay hackers $76,000 after its systems were attacked. The city is still trying to recover, and this week Gov. Larry Hogan (R) appointed Maryland’s first statewide chief information security officer to help guard against cyber threats. Two Iranians were indicted by the U.S. government last year after allegedly launching more than 200 ransomware attacks, including those that hit the cities of Atlanta and Newark. Those hackers collected more than $6 million in ransom and caused $30 million in damage to computer systems, authorities say. The FBI did not immediately respond to a request for comment on the Riviera Beach hacking. But the agency told the AP that 1,493 ransomware attacks were reported in 2018. Victims, including individuals, paid $3.6 million to hackers — an average of $2,400 per hit.

Now why wouldn't/couldn't the DHS and US Cyber Command work on this? Was only the Master File Table encrypted? All files? A hard drive file wipe?
 
Yeah, if they don't have backups to restore from, then they were badly mismanaging their information before the hackers wandered in. That's IT 101 since forever.

Or it was an inside job, and they intentionally corrupted the backups.
 
Yeah, if they don't have backups to restore from, then they were badly mismanaging their information before the hackers wandered in. That's IT 101 since forever.

Or it was an inside job, and they intentionally corrupted the backups.

I know Ukraine was hit hard by Russian (Sandworm group) ransomware in 2017. Most systems were back up and running after two weeks without paying the ransom.

Of course, this is probably a different animal. So far this is costing $1,600,000 in new computers and bitcoin ransom not to mention to hassles involved.
 
I know Ukraine was hit hard by Russian (Sandworm group) ransomware in 2017. Most systems were back up and running after two weeks without paying the ransom.

Of course, this is probably a different animal. So far this is costing $1,600,000 in new computers and bitcoin ransom not to mention to hassles involved.

Well, it sounds like someone's taking the oportunity to gin up spending for new hardware, on top of everything else. Doubtless 1.6 million will become the low estimate soon.

You don't have to replace the hardware outright. At most, you replace the hard drives to eliminate any chance the virus is still concealed there someplace.
 
Florida city will pay hackers $600,000 to get its computer systems back

Riviera Beach’s records have been held hostage for three weeks.

DVRcIXUX4AIrTWm.jpg




Now why wouldn't/couldn't the DHS and US Cyber Command work on this? Was only the Master File Table encrypted? All files? A hard drive file wipe?

I can't answer your questions. But I'd say I'd like to see an actual law forbidding governments from paying ransoms. If potential hostage takers and cyber terrorists know that it's not just unlikely, but legally impossible, that their demands will be met, they won't bother.
 
I can't answer your questions. But I'd say I'd like to see an actual law forbidding governments from paying ransoms. If potential hostage takers and cyber terrorists know that it's not just unlikely, but legally impossible, that their demands will be met, they won't bother.

Well, ransomware extortionists seem to appreciate that logic and mainly squeeze businesses. A business is much more likely to pay and keep quiet about it than a government entity would be so inclined.
 
Well, ransomware extortionists seem to appreciate that logic and mainly squeeze businesses. A business is much more likely to pay and keep quiet about it than a government entity would be so inclined.

It would be possible to pass a law forbidding private businesses from paying them, too. When you think about it, it's interesting that it's illegal for a business to pay off a corrupt foreign official who demands a bribe in order to expedite a permit, for example, since that would be incentivizing criminal conduct by government officials, yet for some reason it's perfectly legal for a business to pay off a ransomware crook or kidnapper.
 
It would be possible to pass a law forbidding private businesses from paying them, too. When you think about it, it's interesting that it's illegal for a business to pay off a corrupt foreign official who demands a bribe in order to expedite a permit, for example, since that would be incentivizing criminal conduct by government officials, yet for some reason it's perfectly legal for a business to pay off a ransomware crook or kidnapper.

When dealing with cyber crimes, legislation lags behind.
 
When dealing with cyber crimes, legislation lags behind.

True. However, I'd argue that physical hostage-taking is essentially the same question, when it comes to whether there should be a law against paying a ransom. If corporations were legally barred from paying ransoms, there'd be fewer hostage-takings.
 
Yeah, if they don't have backups to restore from, then they were badly mismanaging their information before the hackers wandered in. That's IT 101 since forever.

Or it was an inside job, and they intentionally corrupted the backups.

I'd bet anything that they never backed up a single thing.
I'd bet Baltimore never did either.
I'd bet both places will SAY that they backed up their stuff but when it comes down to the truth...NOPE.

And by "backup" I mean daily OFF SITE backups to a protected server designed solely for that purpose, an off site mirror.
I don't mean just shunting an image over to another PC in the same building and on the same network.
 
I'd bet anything that they never backed up a single thing.
I'd bet Baltimore never did either.
I'd bet both places will SAY that they backed up their stuff but when it comes down to the truth...NOPE.

And by "backup" I mean daily OFF SITE backups to a protected server designed solely for that purpose, an off site mirror.
I don't mean just shunting an image over to another PC in the same building and on the same network.

Doubtless. I'll guess further they have pristine billing records for their backup services.
 
Doubtless. I'll guess further they have pristine billing records for their backup services.

I know some pretty lazy IT people. But it gets deeper than that. I also know a few IT people who aren't the least bit lazy, but they're hamstrung. They'd like to do the right thing but the place they work is a Catch-22 situation, so what they wind up having to do isn't recommended but it's not their call.
 
I know some pretty lazy IT people. But it gets deeper than that. I also know a few IT people who aren't the least bit lazy, but they're hamstrung. They'd like to do the right thing but the place they work is a Catch-22 situation, so what they wind up having to do isn't recommended but it's not their call.

I am a pretty lazy IT guy myself, and I know what you mean. :)

Edit: Sorry, was thinking of the border surveillance hack thread. These just state/local mopes.
 
Back
Top Bottom