Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bitcoin Government Security The Almighty Buck

Second Florida City Pays Giant Ransom To Ransomware Gang In a Week (zdnet.com) 139

Less than a week after a first Florida city agreed to pay a whopping $600,000 to get their data back from hackers, now, a second city's administration has taken the same path. On Monday, in an emergency meeting of the city council, the administration of Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000. ZDNet reports: The decision to pay the ransom demand was made after the city suffered a catastrophic malware infection earlier this month, on June 10, which the city described as a "triple threat." Despite the city's IT staff disconnecting impacted systems within ten minutes of detecting the attack, a ransomware strain infected almost all its computer systems, with the exception of the police and fire departments, which ran on a separate network.

A ransom demand was made a week after the infection, with hackers reaching out to the city's insurance provider -- the League of Cities, which negotiated a ransom payment of 42 bitcoins last week. City officials agreed to pay the ransom demand on Monday, and the insurer made the payment yesterday, on Tuesday, June 25, local media reported. The payment is estimated to have been worth between $480,000 to $500,000, depending on Bitcoin's price at the time of the payment. The city's IT staff is now working to recover their data after receiving a decryption key.

This discussion has been archived. No new comments can be posted.

Second Florida City Pays Giant Ransom To Ransomware Gang In a Week

Comments Filter:
  • by Anonymous Coward

    It should always be possible to restore computers from backup images - and this is a great reason to maintain historical images, so you don’t just re-install the ransomware

    • Nothing stopping the same malware re-encrypting everything. I would have just started from scratch... how hard could that be?
    • by xSauronx ( 608805 ) <xsauronxdamnit@NoSPAM.gmail.com> on Wednesday June 26, 2019 @06:45PM (#58831516)

      you dont back up individual workstations. you backup documents to/or store them in a shared area and back that up. then you reimage pcs, restore the backed up data and let people have at it. backing up every workstation would take an insane amount of storage.we have 13k endpoints at work you just...dont do that.

      now for servers you would have nightly incrementals at least, some places probably do more than that. we have ~2k servers that get backed up, but unfortunately the backup system is not robust. it works, it can restore, but we are looking to replace it. what really sucks in the enterprise sometimes is the speed at which that sort of things happens -- you bitch about it to higher ups for a year or two, then they finally let you get some quotes and allocate some money for the next budget year, then you demo a few products to pick something, go through contract deals, and now...you get to spend a lot of time transitioning between systems.

      would it be a good idea to start 2k fresh backups in the same night? its probably not going to finish, and its definitely not going to sync another copy. our biggest datastore is 10s of terabytes and takes days to sync across a 10gb connection to another datacenter. thats all we do with it, its too large to spin off to tape or something. we are sort of terrified of crytpoware, and security has (annoyingly) a lot of tools to try and prevent/catch it. we know we are in a bad place but getting to a good one is a big, big, difficult deal.

      i read someone on reddit that was talking about using ZFS for storage and being able to very, very quickly roll back changes. im interested in reading more about it, but its not like we are going to move our datastores for VMs from XIO to something running ZFS, especially something homegrown. i think veeam and maybe rubrik have change block tracking or something to backup vms quickly but i am not sure about the restore.

      • > i read someone on reddit that was talking about using ZFS for storage and being able to very, very quickly roll back changes. im interested in reading more about it, b

        I am only loosely familiar with the innards of ZFS, but being a journaling filesystem it must have to keep the rollback data somewhere, and the nature of an encryption attack (being that it creates nearly incompressible gibberish) is such that the resulting encrypted stores would differ 100% from the unencrypted contents, which would like

        • Yes, going ZFS means you need at least 220% capacity to support copy-on-write... as well as the resources needed to detect something going on.

        • ZFS and btrfs are not just journaling (basiically guaranteeing a consistent state) they add CoW - Copy on Write. They share blocks with the original snapshot until a block is modified, then store the modified copy. This uses diskspace efficiently for some scenarios like typical desktop usage.
      • Maybe you have too many servers to focus on a single integrated approach. Maybe assets need to be individually categorized in terms of function value and data value. Maybe you do need to invest in a tape silo.

        Paying the ransoms means that these attacks are going to escalate. We need different approaches if you go from a “hopefully never” restore scenario to a “likely annually or worse” restore scenario. And at the same time we need a different sense of allowable downtime given the l

      • by LostMyBeaver ( 1226054 ) on Wednesday June 26, 2019 @11:30PM (#58832662)
        If I come off as a prick, it's not the intended result. You've simply brought up a constructive discussion that I don't often meet people who are able to contribute productively to. You've made some blanket statements which I see the rational of and I'm not attacking so much as ... simply engaging in a discussion that could prove interesting.

        I'd go further and say :

        Don't image, it's a classic way of solving a classic problem, and if you're a small organization, it might be the only solution, but if you're managing 13k endpoints which is almost a large system, it's terribly inefficient. It tends to lock all the users into a "standard" which tends to force the purchase of very similar computers and treat people as though they're all pretty much the same. The other day, I popped by IT at work to change my password (I don't have a domain joined computer because the image is so locked down, I can't use it for anything meaningful, so every 90 days, I go to IT). I saw people running Windows 7 on their corporate laptops because unless they get the approval to get a new laptop, the image they have is the image the get.

        I have an approach I like and I'm a big fan of.

        Enterprise computers WILL BE ABUSED... simple as that. It won't be malicious, it won't be bad people, it won't be stupid users... people just don't carry a second laptop because "This is my work laptop, I can't use it for personal things".

        As such, I believe strongly that users need to have two computers. They need a personal computer that they can mess up and destroy as much as they want. And they need a company computer which is for the enterprise things.

        Realize that there is some cross over as well. A great example is CAD workstations and graphics workstations. But since those have gone almost entirely cloud based, it's not a big problem. Data tends to get stored in the cloud and in theory the backups are good.

        So, the solution to this is... buy either Macs or Microsoft Surface computers for the employees. I'm not being a fan boy... it's for a specific feature guaranteed to be operational on both systems. Either computer can be completely deleted and reinstalled from the cloud by holding down a button on boot. Anywhere in the world, any time of day, a user can simply wipe their machines and reinstall. If they can't figure it out, their 7 year old at home can google on their phone and find out how.

        Then, using a SSL VPN, provide a portal with two-factor authentication where users connect through a web page and install a client on their computer which will automatically start streaming their applications to their computers. There shouldn't be much needed here... just a domain joined enterprise virtual machine. Windows users can do this without any additional software, Mac users will need VMware Fusion or Parallels (my personal favorite).

        Then the enterprise virtual machine will be configured so that when the user logs in to their work desktop, it will app stream all their user applications. It will also connect to their OneDrive Enterprise (sharepoint) and make all their files available.

        So, while it's not as simple to configure as imaging, it's actually a pretty damn good solution and most importantly, no one ever sits in a hotel room surfing porn from their virtual machine while on a business trip.

        As for large scale backup....

        There are two solutions to this.

        - OneDrive Enterprise which is basically just Sharepoint as a file server with revision control.
        - Windows Backup and Apple Time Machine.

        You need both and you'll end up with two copies of everything. The reason you need both is that OneDrive Enterprise is a REALLY AMAZING product, and while it is transactional, going back in history is a problem for the users themselves. As such, if they get hit by ransomware, they'll get the most recent version of their files which are basically already encrypted. You can of course have the IT department help with this, but this is a pain.

        Windows
      • Back in the day, I used a Netapp Filer for centralised storage. Like ZFS and others, it does near-instant snapshots (even on multi-TB filesystems). It only stores the difference, so a snapshot schedule of daily and weekly only uses about 10% of total storage. If encryption took over, then it would indeed fill the snapshot reserve, which, if nothing else raises about a million alerts. Most importantly though, once the malware was contained, you can system-wide recover to a previous snapshot in minutes. If yo

  • Inside source (Score:1, Interesting)

    by Anonymous Coward

    Clearly, there is a "gang" working with a few city counselors to extract payouts.

  • by Anonymous Coward

    This is what happens when an organization can just declare its income at the point of a gun.

    The worse government performs, the more income it decrees for itself. It's totally absurd.

  • by Anonymous Coward

    Oh, it already is. So much for any law being a deterrent.

    • It should be illegal to pay the ransom. Especially for governments.

      Sure a city or two will fail. But then it will all stop.

  • Let's see... You've got people working in government and their main exposure to crypto currency is as a means to pay ransoms. Yeah, I don't see that ending well.

    There was just an article on here yesterday about San Francisco banning e-cigs because kids might get ahold of them.

  • by Anonymous Coward

    Local govs buying massive quantities to pay off ransoms would indeed put upward pressure on the price of BTC.

    Better security would crater the market again.

  • by FudRucker ( 866063 ) on Wednesday June 26, 2019 @06:07PM (#58831292)
    they will keep doing it, the only way to make it stop is if everybody that gets hacked cuts em off their cash cow, fuck em and take the loss otherwise they will keep milking that cow for all the cash they can squeeze out of it
    • Re: (Score:3, Insightful)

      by Moof123 ( 1292134 )

      Given all the freedoms given up for supposedly better security, why is no agency like the NSA catching these guys and stringing them up?

      • How do we know the NSA's relationship to Bitcoin doesn't resemble the US Navy's relationship to TOR?

        The main difference being that the NSA would not be required to make this relationship public knowledge.

        It's rather surprising how much benign neglect crypto gets from government enforcement apparatus, given its primary uses.

      • by AmiMoJo ( 196126 )

        Probably because they are not worth catching. The NSA would have to reveal capabilities that it would rather keep secret in order to extradite them to the US to stand trial.

        For a measly half a million dollars they aren't going to give anything up.

    • by Anonymous Coward

      And that is called paying the Dane-geld;
          But we've proved it again and again,
      That if once you have paid him the Dane-geld
          You never get rid of the Dane.

      Rudyard Kipling
      Dane-Geld

      https://en.wikipedia.org/wiki/Dane-geld_(poem)
      https://www.poetryloverspage.com/poets/kipling/dane_geld.html

    • by Anonymous Coward

      Or they could invest in a good tech infrastructure and solid security practices.

      Clearly, doing so would save money in the long run.

    • they will keep doing it, the only way to make it stop is if everybody that gets hacked cuts em off their cash cow, fuck em and take the loss otherwise they will keep milking that cow for all the cash they can squeeze out of it

      Its easy to say if your not the one in the hot seat. Companies pay these ransoms all the time for a simple reason. When the choice is between do something ultmately harmful to society VS die because all your data is lost forever , companies will chose the harm to society choice

  • Comment removed based on user account deletion
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Wednesday June 26, 2019 @06:10PM (#58831330)
    Comment removed based on user account deletion
  • by Anonymous Coward

    How does this payment not violate money laundering regulations? Town sent money to an obviously criminal organization. How is that legal?

    • A basic understanding of money laundering would answer your question. For it to be money laundering illegally obtained money goes through an apparently legal transaction in order to legitimize it. It is not illegal to pay a ransom but is illegal to collect one. This is therefore pretty much the opposite of money laundering. Legitimate money is becoming dirty. If they catch the hackers they will certainly face charges, however we don't blame the victim in *these* cases but rather the perpetrator.
  • by Anonymous Coward

    Take them into a dark alley and don't let them emerge again. These kinds of assholes need to be excised.

    • by gweihir ( 88907 )

      Aren't you a bit hard on the city officials? Sure, they screwed up massively, but I think they should just personally pay for the damage done and be prohibited from ever running for public office again.

  • The demand from cities to buy BitCoin might well be single-handedly running up the price!!

    Who knows how many more cities are doing the same thing in secret.

    Really curious to hear if any of them are getting data restored.

  • by WolfgangVL ( 3494585 ) on Wednesday June 26, 2019 @06:52PM (#58831550)

    The wallet that they paid that into is now forever tainted right? We can go back and trace the BTC over its entire life, so as soon as the BTC is used for anything they get popped.... right?

    • Yeah but they probably live in Eastern Europe or a country without an extradition treaty or any way for Florida law enforcement to access banking records.
    • Re: (Score:2, Insightful)

      They will exchange bitcoins for Monero which is untraceable
    • by mentil ( 1748130 )

      They send it into a popular coin tumbler, and remove 1 bitcoin per day or so into different fresh addresses until they get it all back. Unless the tumblers can all be convinced to blacklist the source address and all downstream addresses it sends to, not much can be done. Of course if all the different addresses send their 1BTC to a single address, which adds up to an amount suspiciously similar to the ransom payout minus the tumbling fee, then they can still be traced.

    • The ransomers send the coins to a couple of low level stooges in Romania, who will convert the coins to cash, then the gang collects from them. Some of the stooges might be arrested, but nothing much will happen to them, and you'll never find the actual ransomware gang. Works fine, even if your ill gotten gains are already in a regular bank account and you want to cash out. This is bread-and-butter stuff for criminals.
  • Millions for defense, but not one cent for tribute.

  • by bradley13 ( 1118935 ) on Thursday June 27, 2019 @01:41AM (#58832946) Homepage

    I sort of understand why organizations like this wind up paying ransom. Having a good backup system and robust disaster recovery processes is hard. A small, underfunded IT staff may not achieve that. That's reality, and...stuff like this happens.

    I used to manage a small company network in my spare time. Sure, I made backups, and backups of the backups. One of the backup machines was, at least theoretically, isolated from the rest of the network. But it was all automated, which means online, which means potentially vulnerable despite one's best efforts. Offsite backups relied on a person doing something mangually, which means that they were not always as current as they should have been. That's reality in small organizations...

    OTOH, paying ransom is the single most counterproductive thing they can do. They make themselves a juicy future target, because they are known suckers. Worse, they make ransomware profitable, giving the criminals an incentive to keep attacking everyone else. For this reason, i think paying ransom should be illegal.

    Better for a few small towns to suffer total loss of their data, than to make ransomware lucrative. Consider all the stories you've ever heard about the old-time mafia - they broke a few kneecaps to keep entire regions paying protection money. Any individual paying money was making a rational decision, but it was disastrous for society, because it made the mafia profitable.

    • For this reason, i think paying ransom should be illegal.

      Unfortunately the one type of organization which profits the most from these sorts of schemes would be exempted from any such rule. They issue their demands for protection money out in the open and have managed to convince all too many people that they are somehow different just because they call themselves a "government".

    • It's like saying when you are getting robbed at gunpoint, by giving the thief your money you are encouraging them to do it again, therefore you should make it illegal. That is a bad knee-jerk reaction, which you might even be able to get politicians to jump onto because it's easy, write and sign a law, done. The proper, but harder and more expensive solution, is to both pursue the criminals, and to educate potential victims how to avoid being robbed.As with everything else, there is no perfect solution. Thi

  • First, they screw up by being an easy target. Second, they screw up by not having working backup and recovery mechanisms. Third they screw up by paying the criminals, encouraging them to continue doing this.

    We really have reached Idiocracy.

    • Natural selection. Once they pay, they better learn fast or they will get attacked again, and again, and again. If a banks has a safe made of drywall easy to circumvent, and then it gets robbed, how long before the thieves will come back again, and then other thieves who heard of this easy to get into safe?

      • by gweihir ( 88907 )

        Natural selection does not work anymore. You may have noticed that the people that screwed up do not pay this from their own money and that nobody gets punished for negligence that could not be much more gross.

  • by sad_ ( 7868 )

    so the previous ransom payout was a success then, the city got their data back? i remember reading about they were going to pay, but nothing about the results.
    which are more interesting because current wisdom says not to pay, as there is a very high chance you'll never get your data back anyway.

  • i never believed i will be hiring a hacker, at a point my bitcoin was stolen and i coulddnt even pay my bills,i had to consult , HELPDESKHACKERS on PROTONMAIL . com ,they recovered the coins and my accounts 2fa was restored.
  • Two of these incidents in as few weeks. And a story about bitcoin's value surging upwards again. Related?

A good supervisor can step on your toes without messing up your shine.

Working...