Second Florida City Pays Giant Ransom To Ransomware Gang In a Week (zdnet.com) 139
Less than a week after a first Florida city agreed to pay a whopping $600,000 to get their data back from hackers, now, a second city's administration has taken the same path. On Monday, in an emergency meeting of the city council, the administration of Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000. ZDNet reports: The decision to pay the ransom demand was made after the city suffered a catastrophic malware infection earlier this month, on June 10, which the city described as a "triple threat." Despite the city's IT staff disconnecting impacted systems within ten minutes of detecting the attack, a ransomware strain infected almost all its computer systems, with the exception of the police and fire departments, which ran on a separate network.
A ransom demand was made a week after the infection, with hackers reaching out to the city's insurance provider -- the League of Cities, which negotiated a ransom payment of 42 bitcoins last week. City officials agreed to pay the ransom demand on Monday, and the insurer made the payment yesterday, on Tuesday, June 25, local media reported. The payment is estimated to have been worth between $480,000 to $500,000, depending on Bitcoin's price at the time of the payment. The city's IT staff is now working to recover their data after receiving a decryption key.
A ransom demand was made a week after the infection, with hackers reaching out to the city's insurance provider -- the League of Cities, which negotiated a ransom payment of 42 bitcoins last week. City officials agreed to pay the ransom demand on Monday, and the insurer made the payment yesterday, on Tuesday, June 25, local media reported. The payment is estimated to have been worth between $480,000 to $500,000, depending on Bitcoin's price at the time of the payment. The city's IT staff is now working to recover their data after receiving a decryption key.
Re: (Score:2, Interesting)
Nah, it's cheaper to hire idiots to manage your IT infrastructure, and just pay the ransom every once in a while.
Re: (Score:3)
What - no backups? (Score:1)
It should always be possible to restore computers from backup images - and this is a great reason to maintain historical images, so you don’t just re-install the ransomware
Re:To late for backups now (Score:2)
Re:What - no backups? (Score:5, Insightful)
you dont back up individual workstations. you backup documents to/or store them in a shared area and back that up. then you reimage pcs, restore the backed up data and let people have at it. backing up every workstation would take an insane amount of storage.we have 13k endpoints at work you just...dont do that.
now for servers you would have nightly incrementals at least, some places probably do more than that. we have ~2k servers that get backed up, but unfortunately the backup system is not robust. it works, it can restore, but we are looking to replace it. what really sucks in the enterprise sometimes is the speed at which that sort of things happens -- you bitch about it to higher ups for a year or two, then they finally let you get some quotes and allocate some money for the next budget year, then you demo a few products to pick something, go through contract deals, and now...you get to spend a lot of time transitioning between systems.
would it be a good idea to start 2k fresh backups in the same night? its probably not going to finish, and its definitely not going to sync another copy. our biggest datastore is 10s of terabytes and takes days to sync across a 10gb connection to another datacenter. thats all we do with it, its too large to spin off to tape or something. we are sort of terrified of crytpoware, and security has (annoyingly) a lot of tools to try and prevent/catch it. we know we are in a bad place but getting to a good one is a big, big, difficult deal.
i read someone on reddit that was talking about using ZFS for storage and being able to very, very quickly roll back changes. im interested in reading more about it, but its not like we are going to move our datastores for VMs from XIO to something running ZFS, especially something homegrown. i think veeam and maybe rubrik have change block tracking or something to backup vms quickly but i am not sure about the restore.
Re: (Score:3)
> i read someone on reddit that was talking about using ZFS for storage and being able to very, very quickly roll back changes. im interested in reading more about it, b
I am only loosely familiar with the innards of ZFS, but being a journaling filesystem it must have to keep the rollback data somewhere, and the nature of an encryption attack (being that it creates nearly incompressible gibberish) is such that the resulting encrypted stores would differ 100% from the unencrypted contents, which would like
Re: (Score:2)
Yes, going ZFS means you need at least 220% capacity to support copy-on-write... as well as the resources needed to detect something going on.
Re: What - no backups? (Score:2)
Re: (Score:2)
Maybe you have too many servers to focus on a single integrated approach. Maybe assets need to be individually categorized in terms of function value and data value. Maybe you do need to invest in a tape silo.
Paying the ransoms means that these attacks are going to escalate. We need different approaches if you go from a “hopefully never” restore scenario to a “likely annually or worse” restore scenario. And at the same time we need a different sense of allowable downtime given the l
Re:What - no backups? (Score:5, Interesting)
I'd go further and say
Don't image, it's a classic way of solving a classic problem, and if you're a small organization, it might be the only solution, but if you're managing 13k endpoints which is almost a large system, it's terribly inefficient. It tends to lock all the users into a "standard" which tends to force the purchase of very similar computers and treat people as though they're all pretty much the same. The other day, I popped by IT at work to change my password (I don't have a domain joined computer because the image is so locked down, I can't use it for anything meaningful, so every 90 days, I go to IT). I saw people running Windows 7 on their corporate laptops because unless they get the approval to get a new laptop, the image they have is the image the get.
I have an approach I like and I'm a big fan of.
Enterprise computers WILL BE ABUSED... simple as that. It won't be malicious, it won't be bad people, it won't be stupid users... people just don't carry a second laptop because "This is my work laptop, I can't use it for personal things".
As such, I believe strongly that users need to have two computers. They need a personal computer that they can mess up and destroy as much as they want. And they need a company computer which is for the enterprise things.
Realize that there is some cross over as well. A great example is CAD workstations and graphics workstations. But since those have gone almost entirely cloud based, it's not a big problem. Data tends to get stored in the cloud and in theory the backups are good.
So, the solution to this is... buy either Macs or Microsoft Surface computers for the employees. I'm not being a fan boy... it's for a specific feature guaranteed to be operational on both systems. Either computer can be completely deleted and reinstalled from the cloud by holding down a button on boot. Anywhere in the world, any time of day, a user can simply wipe their machines and reinstall. If they can't figure it out, their 7 year old at home can google on their phone and find out how.
Then, using a SSL VPN, provide a portal with two-factor authentication where users connect through a web page and install a client on their computer which will automatically start streaming their applications to their computers. There shouldn't be much needed here... just a domain joined enterprise virtual machine. Windows users can do this without any additional software, Mac users will need VMware Fusion or Parallels (my personal favorite).
Then the enterprise virtual machine will be configured so that when the user logs in to their work desktop, it will app stream all their user applications. It will also connect to their OneDrive Enterprise (sharepoint) and make all their files available.
So, while it's not as simple to configure as imaging, it's actually a pretty damn good solution and most importantly, no one ever sits in a hotel room surfing porn from their virtual machine while on a business trip.
As for large scale backup....
There are two solutions to this.
- OneDrive Enterprise which is basically just Sharepoint as a file server with revision control.
- Windows Backup and Apple Time Machine.
You need both and you'll end up with two copies of everything. The reason you need both is that OneDrive Enterprise is a REALLY AMAZING product, and while it is transactional, going back in history is a problem for the users themselves. As such, if they get hit by ransomware, they'll get the most recent version of their files which are basically already encrypted. You can of course have the IT department help with this, but this is a pain.
Windows
Re: (Score:2)
Back in the day, I used a Netapp Filer for centralised storage. Like ZFS and others, it does near-instant snapshots (even on multi-TB filesystems). It only stores the difference, so a snapshot schedule of daily and weekly only uses about 10% of total storage. If encryption took over, then it would indeed fill the snapshot reserve, which, if nothing else raises about a million alerts. Most importantly though, once the malware was contained, you can system-wide recover to a previous snapshot in minutes. If yo
Inside source (Score:1, Interesting)
Clearly, there is a "gang" working with a few city counselors to extract payouts.
Government is inept (Score:1)
This is what happens when an organization can just declare its income at the point of a gun.
The worse government performs, the more income it decrees for itself. It's totally absurd.
Gov is a monopoly. Have we learned nothing yet? (Score:1)
Monopolies are bad.
Violently imposed monopolies are really bad.
Re: (Score:2)
man, people still leave their cars unlocked all the time and get robbed. dont click something you got in an email? thats practically a psychic power
Re: Have we learned nothing? (Score:1)
Your link to BigTits.jog.exe is broken. I kept trying to click on it to open it but it didnâ(TM)t work. Please fix it.
Something like this should be illegal (Score:1)
Oh, it already is. So much for any law being a deterrent.
Re: (Score:2)
It should be illegal to pay the ransom. Especially for governments.
Sure a city or two will fail. But then it will all stop.
Ban incoming (Score:1)
Let's see... You've got people working in government and their main exposure to crypto currency is as a means to pay ransoms. Yeah, I don't see that ending well.
There was just an article on here yesterday about San Francisco banning e-cigs because kids might get ahold of them.
So this is why BTC is on the rise (Score:1)
Local govs buying massive quantities to pay off ransoms would indeed put upward pressure on the price of BTC.
Better security would crater the market again.
as long as they keep paying those hackers (Score:3)
Re: (Score:3, Insightful)
Given all the freedoms given up for supposedly better security, why is no agency like the NSA catching these guys and stringing them up?
Re: (Score:2)
How do we know the NSA's relationship to Bitcoin doesn't resemble the US Navy's relationship to TOR?
The main difference being that the NSA would not be required to make this relationship public knowledge.
It's rather surprising how much benign neglect crypto gets from government enforcement apparatus, given its primary uses.
Re: (Score:2)
Probably because they are not worth catching. The NSA would have to reveal capabilities that it would rather keep secret in order to extradite them to the US to stand trial.
For a measly half a million dollars they aren't going to give anything up.
Re: (Score:1)
And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
Rudyard Kipling
Dane-Geld
https://en.wikipedia.org/wiki/Dane-geld_(poem)
https://www.poetryloverspage.com/poets/kipling/dane_geld.html
Re: (Score:1)
Or they could invest in a good tech infrastructure and solid security practices.
Clearly, doing so would save money in the long run.
Re: (Score:3)
Its easy to say if your not the one in the hot seat. Companies pay these ransoms all the time for a simple reason. When the choice is between do something ultmately harmful to society VS die because all your data is lost forever , companies will chose the harm to society choice
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Hurr durr look at me being smug about tulips errr I mean bitcoins. Hell I can buy bitcoins from my phone with Coinbase or Gemini which is actually under regulation. The bad guys buy anonymous crypto like Monero with their bitcoins and move things around a bit. Cash out a little bit at a time at another exchange and then profit. Easy money without getting out of your chair.
Re: (Score:2)
Comment removed (Score:5, Interesting)
How is that legal to pay? (Score:1)
How does this payment not violate money laundering regulations? Town sent money to an obviously criminal organization. How is that legal?
Re: How is that legal to pay? (Score:2)
Re: (Score:1)
Re: How is that legal to pay? (Score:1)
Hunt the bastards down. (Score:1)
Take them into a dark alley and don't let them emerge again. These kinds of assholes need to be excised.
Re: (Score:2)
Aren't you a bit hard on the city officials? Sure, they screwed up massively, but I think they should just personally pay for the damage done and be prohibited from ever running for public office again.
I guess that explains it (Score:2)
The demand from cities to buy BitCoin might well be single-handedly running up the price!!
Who knows how many more cities are doing the same thing in secret.
Really curious to hear if any of them are getting data restored.
Not sure about that (Score:2)
Chances are good that paying works. If word starts getting out that you get fucked anyhow, no one will pay.
Yes but with every communication they send, chances are also pretty good that Seal Team 6 will be through the door before too long. With large enough interest by the feds it is not impossible to triangulate on someone taking in these huge payments and sending unlock keys.
So I could see weighing that, and deciding to take a few very large paydays then doing absolutely nothing further to reveal who you
My understanding... (Score:3)
The wallet that they paid that into is now forever tainted right? We can go back and trace the BTC over its entire life, so as soon as the BTC is used for anything they get popped.... right?
Re: My understanding... (Score:2)
Re: (Score:2)
Re: My understanding... (Score:3)
Re: (Score:3)
They will definitely send the drones out to counter these eastern Europeans.
But to Iran.
Geography was never the governments strong point. E.g. Iraq vs Afghanistan.
Re: (Score:2, Insightful)
Re: (Score:3)
So Monero is about to spike?
Re: (Score:2)
They send it into a popular coin tumbler, and remove 1 bitcoin per day or so into different fresh addresses until they get it all back. Unless the tumblers can all be convinced to blacklist the source address and all downstream addresses it sends to, not much can be done. Of course if all the different addresses send their 1BTC to a single address, which adds up to an amount suspiciously similar to the ransom payout minus the tumbling fee, then they can still be traced.
Re: (Score:3)
maxim (Score:2)
Millions for defense, but not one cent for tribute.
Paying ransom: make it illegal? (Score:4, Interesting)
I sort of understand why organizations like this wind up paying ransom. Having a good backup system and robust disaster recovery processes is hard. A small, underfunded IT staff may not achieve that. That's reality, and...stuff like this happens.
I used to manage a small company network in my spare time. Sure, I made backups, and backups of the backups. One of the backup machines was, at least theoretically, isolated from the rest of the network. But it was all automated, which means online, which means potentially vulnerable despite one's best efforts. Offsite backups relied on a person doing something mangually, which means that they were not always as current as they should have been. That's reality in small organizations...
OTOH, paying ransom is the single most counterproductive thing they can do. They make themselves a juicy future target, because they are known suckers. Worse, they make ransomware profitable, giving the criminals an incentive to keep attacking everyone else. For this reason, i think paying ransom should be illegal.
Better for a few small towns to suffer total loss of their data, than to make ransomware lucrative. Consider all the stories you've ever heard about the old-time mafia - they broke a few kneecaps to keep entire regions paying protection money. Any individual paying money was making a rational decision, but it was disastrous for society, because it made the mafia profitable.
Re: (Score:2)
For this reason, i think paying ransom should be illegal.
Unfortunately the one type of organization which profits the most from these sorts of schemes would be exempted from any such rule. They issue their demands for protection money out in the open and have managed to convince all too many people that they are somehow different just because they call themselves a "government".
Re: (Score:2)
It's like saying when you are getting robbed at gunpoint, by giving the thief your money you are encouraging them to do it again, therefore you should make it illegal. That is a bad knee-jerk reaction, which you might even be able to get politicians to jump onto because it's easy, write and sign a law, done. The proper, but harder and more expensive solution, is to both pursue the criminals, and to educate potential victims how to avoid being robbed.As with everything else, there is no perfect solution. Thi
About the worst thing they could have done (Score:2)
First, they screw up by being an easy target. Second, they screw up by not having working backup and recovery mechanisms. Third they screw up by paying the criminals, encouraging them to continue doing this.
We really have reached Idiocracy.
Re: (Score:2)
Natural selection. Once they pay, they better learn fast or they will get attacked again, and again, and again. If a banks has a safe made of drywall easy to circumvent, and then it gets robbed, how long before the thieves will come back again, and then other thieves who heard of this easy to get into safe?
Re: (Score:2)
Natural selection does not work anymore. You may have noticed that the people that screwed up do not pay this from their own money and that nobody gets punished for negligence that could not be much more gross.
success? (Score:2)
so the previous ransom payout was a success then, the city got their data back? i remember reading about they were going to pay, but nothing about the results.
which are more interesting because current wisdom says not to pay, as there is a very high chance you'll never get your data back anyway.
when they pay hackers to do something. (Score:1)
Bitcoin surge related? (Score:2)
Two of these incidents in as few weeks. And a story about bitcoin's value surging upwards again. Related?