Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States News Technology

US School Agrees To Pay $8,500 To Get Rid Of Ransomware (softpedia.com) 138

An anonymous reader writes: Earlier this week, the media was abuzz with the case of the Hollywood hospital that almost shut down its operations because of a ransomware infection, which it eventually paid. Something similar happened around the same time in a South Carolina school district when ransomware shut down an elementary school's servers. The school had to pay $8,500.
This discussion has been archived. No new comments can be posted.

US School Agrees To Pay $8,500 To Get Rid Of Ransomware

Comments Filter:
  • by gweihir ( 88907 ) on Saturday February 20, 2016 @12:00PM (#51548605)

    You start paying, they find more targets, make their scam more professional, etc. At the moment, these are still common criminals, as can be seen by the low sums demanded (completely out of proportion compared to the damage done), but that will now change.

    The good thing is that Bitcoin is not really anonymous, unlike the common wisdom. With a bit of lick these people will be identified. The bad thing is that it will take some time and by then others will have copied the scam.

    • by sims 2 ( 994794 )

      But for this bitcoin doesn't need to be anonymous it just needs to be non-seizable most don't use paypal or cc merchant accounts anymore because they get frozen before they can do anything with them.

      Bitcoin doesn't get seized, frozen, revoked or invalidated. So despite being trackable its a better choice because they are unlikely to loose access to it after they've received it.

      • it just needs to be non-seizable

        Start marking the bitcoins 'paid' as ransoms like this as 'dirty', and get as many vendors as possible to ban 'dirty' bitcoins'.

        A user notices that X amount of his bitcoin has been marked dirty and unacceptable, and he has to sell it at a loss is going to get pissed at where he got it from - and probably implement checking for dirt himself. Then the anonymizers and places that accept ransom bitcoins for laundering will have regular users start avoiding them, etc...

    • "The good thing is that Bitcoin is not really anonymous, unlike the common wisdom. With a bit of lick these people will be identified. The bad thing is that it will take some time and by then others will have copied the scam."

      So why is the all-seeing, omnipotent NSA not able to nail ransomware hackers? I've heard the excuse that ransomware was below their level of concern, but now governments are being targeted, and this has already included police agencies. My take is that the NSA cannot see as much as it

      • by Anonymous Coward

        It's the public who have ascribed god like powers to the NSA not the other way around. In the rush to condemn NSA intelligence operations the capabilities and intentions needed to be exaggerated in the extreme. Of course distortions and out right lies are acceptable when attacking the NSA because they are evil incarnate that need to be closed down so any means to accomplish this goal is allowed. The ole "the end justifies the means" is the guiding mantra of today's social justice warriors. And any other o

      • by gweihir ( 88907 )

        The NSA does not claim to see as much as people think. I once asked somebody mid-high in the NSA this question and he said "If we really could do what people think we can do, then the world would look differently." Entirely convincing.

        Your second mistake is that identification of such criminals is a fast process. It is not. Ask again in a year or so.

      • by AK Marc ( 707885 )
        It's not the NSA's job. It's the FBI's. The NSA might be able to help the FBI, but the FBI doesn't care because the political will isn't there. Get Congress to fund the FBI for more cybercrime work. Nope. If it's not putting minorities in jail, the Republican-controlled Congress won't fund it.
      • by tsotha ( 720379 )

        Let's say you traced the bitcoin transaction to Russia or Ukraine (which is pretty likely). What are you going to do if the local sovereign government refuses to extradite? I wouldn't be at all surprised to find the NSA knows who these people are, but we're not ready to go to war over the odd $8500.

    • by ShanghaiBill ( 739463 ) on Saturday February 20, 2016 @01:43PM (#51549153)

      You start paying, they find more targets, make their scam more professional, etc.

      That isn't all bad. In the past, insecure systems were hijacked and used as spam-bots, so the cost of the insecurity was borne by others. At least with ransomware the cost is borne directly by the bozos running MS-Windows on their servers.

      • by gweihir ( 88907 )

        Well, yes. And as they will now scale up their attacks, the problem will get a lot more pressing. Still, not paying them would have also had an effect in that direction and this will hit a lot of people that are actually not responsible for the IT screwups.

        • "And as they will now scale up their attacks, the problem will get a lot more pressing."

          At some point they'll step on the wrong toes and find themselves floating face down in a pond somewhere.

          • by gweihir ( 88907 )

            I doubt it and even if it happens it will not matter. Otherwise we would not have crime, now would we? Threatening violence has never reduced crime to any significant degree. Criminals do not expect they will get caught. The whole idea law enforcement is based on is rather seriously broken.

    • by AK Marc ( 707885 )
      The nice thing about paying is that the FBI can get involved. And there's always a money trail. When they start getting busted and serving time, the copycats will slow down.
  • "The school's IT staff said the ransomware penetrated their network through an older server running outdated equipment."

    And proceeded to propagate through their network through newer servers running outdated equipment...

  • Do we really want to be teaching children to negotiate with terrorists?

  • by Anonymous Coward

    It should be illegal to pay ransomware criminals.

    • It IS illegal to pay criminals for their activities. We should be trying these decision makers for funding terrorism.

    • Re:Shame on them (Score:4, Insightful)

      by ShanghaiBill ( 739463 ) on Saturday February 20, 2016 @01:23PM (#51549021)

      It should be illegal to pay ransomware criminals.

      Especially if, as in this case, they are being paid with tax dollars. I can understand an unprincipled individual or private company paying ransomware, but for a government entity to pay off criminals with public funds is vile. If this was legal, we need to change the law. If it was illegal, the decision maker should be prosecuted.

      • So instead of complaining that they paid off a criminal, you can complain that they spent more tax-payer money than was necessary and demand that the decision-maker be prosecuted.

  • by ls671 ( 1122017 ) on Saturday February 20, 2016 @12:11PM (#51548653) Homepage

    Horry County school district (South Carolina, US). Got it! Thanks for the tip ;-)

    At least banks and other victim institutions keep the whole thing secret. Great idea to render it public.

    Another funny part in TFA:

    Coincidentally, when the ransomware incident happened, the school's administration was looking into hiring an outside security provider.

    What if it wasn't coincidental?

  • So when are we going to start including ransomware into the total cost of ownership?

    Have any technical articles been posted on what all of these 'servers' were running?

    • by ls671 ( 1122017 )

      Have any technical articles been posted on what all of these 'servers' were running?

      Well, take a guess...

    • Re: TCO? (Score:5, Informative)

      by guruevi ( 827432 ) on Saturday February 20, 2016 @12:44PM (#51548815)

      $8500 is cheaper than paying a decent SysAdmin. These criminals know at what point to price their services so that these institutions can continue putting their clients at risk.

      • $8500 is cheaper than paying a decent SysAdmin.

        School administrators have no way of telling a good sysadmin from a bad sysadmin. Either would have a salary+benefits of over $100k/year, which few schools can afford. Schools can get federal grants to buy equipment, but salaries come out of their own budget.

        • School administrators have no way of telling a good sysadmin from a bad sysadmin. Either would have a salary+benefits of over $100k/year, which few schools can afford. Schools can get federal grants to buy equipment, but salaries come out of their own budget.

          Assuming each school needed a full time sysadmin, which they most likely do not. $100k to pay an admin to keep an eye on a portion of the schools in the school board is far more reasonable. And would then come from the board's budget, not the school.

          • by ogdenk ( 712300 )

            I live in SC, many sysadmins are paid $40,000-$50,000/yr in this area. Especially those working for low-budget school systems or smaller organizations.

            • I live in SC, many sysadmins are paid $40,000-$50,000/yr in this area.

              Once you add in benefits, pensions, overhead, and management, $50k is $100k. Burdened employment costs tend to be higher for governments, and even higher for public schools.

              • Once you add in benefits, pensions, overhead, and management, $50k is $100k. Burdened employment costs tend to be higher for governments, and even higher for public schools.

                Software As A Service ?

      • Hell, $8500 is probably cheaper than paying some contractors to test the security of your network. $8500 is peanuts to a hospital running 25+ servers.

      • That assumes they only get hit once.

  • by Kludge ( 13653 ) on Saturday February 20, 2016 @12:19PM (#51548697)

    For me to do my offline backups.

  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Saturday February 20, 2016 @12:24PM (#51548721) Journal
    What is the typical attack vector for something like this? I understand how it might affect a home users own computers either by visiting malicious websites, or being unconcerned with what one runs that was downloaded from ithe Internet, but how does a place like a school get hit?
    • Phishing is the most common, but there are also thousands of sites pushing ransomware through the Angler exploit kit, and similar. I've seen it from restaurant sites and online forums especially. The managers are very clever, they don't push the EK more than a few times from any one site to avoid getting blacklisted. My employer has a crew of folks patching workstations (Flash vulnerabilities are a favorite) and monitoring traffic, and it has still gotten through a couple times and we've had to pull the pl
      • "Phishing is the most common,"

        A stat from several sites I work with - about 200,000 people in all.

        Phishs are spotted and ignored by 97% of users - but that last 3% are a major problem

        We've even had secretarial staff disable antivirus systems giving warnings about infected attachments in order to open things "because it might be important"

        And no, they can't be fired.

  • by kheldan ( 1460303 ) on Saturday February 20, 2016 @12:24PM (#51548723) Journal
    So many useless, off-topic posts in this thread by political trolls; what's up with that? You shits have an issue with political candidates or parties, take it up at the polls, not by shitposting on Slashdot. Anyway..

    Is anyone going to learn from these unfortunate incidents? There is no excuse for there not being decent security precautions and procedures in the IT department of any organization, and there likewise is no excuse for there not being adequate incremental backups of critical systems. Basically this school and the hospital in Hollywood were sloppy, and criminals capitalized (literally) on their sloppiness.
    • "shitposting"... Fine verb!!!!!!!

    • If most school districts can't pay teachers decent salaries, they presumably can't pay market rate for good sysadmins, so they have to take what they can get.
    • the problem is that companies/groups decide to save a few bucks. Sadly, they are ignoring all of the evidence which is running windows and offshoring leaves you vulnerable. While the GOP is certainly be ones behind the offshoring, there is no doubt that the dems are just as stupid. They are the ones wanting to increase H1B, which will lead to more attacks.
    • by edis ( 266347 )

      There is something to make good out of this very bad habit: those, that were certainly cornered into making pay terrorists, have to recognize need to submit any decryption tools they were provided with to the people, fighting terrorists of that kind. That including analysts of the BleepingComputer community, makers of security tools, Kaspersky is one that springs to mind in regard to providing decryption utilities for public. Traces of communication and funds have to be professionally investigated as well,

      • There is no acceptable answer in just paying ransom, funding terrorists for their next gigs.

        First of all there is little to no evidence that these were 'terrorists', not in the current-events sense of the word, it's just cyber-criminals, could be anyone really, could be some edgy teenagers looking to score some cash any way they can. Secondly, if you're saying we need to comply with anything and everything that the police (local LEOs, FBI, NSA, CIA, etc) demand of us, just because they demand it, then I have two choice words for you which I will uncharacteristically refrain from using on you, and

        • by edis ( 266347 )

          It is about professional and most efficient handling of the given circumstances. We are mostly professionals gathering here. Teenagers are not very likely to have balls for arranging that scale of operations with the quality needed.

          I am not going to deal with your opinion just because it bears very little in the above-mentioned light of professional stance.

          • I am not going to deal with your opinion just because it bears very little in the above-mentioned light of professional stance.

            Same to you, buddy.

    • "decent security precautions" are hard, given that Angler pushes come from thousands upon thousands of different sites. All it takes is one host a little behind on patching and BAM. Maintaining backup regimes is expensive, it's much cheaper to take your chances and pay the very affordable ransom instead.
      • it's much cheaper to take your chances and pay the very affordable ransom instead

        I find that to be an extremely cowardly attitude to take, and a completely unnecessary and irresponsible one to boot. It's a don't-give-a-damn attitude and I find it reprehensible; if someone worked for me and took that sort of attitude towards the problem, they'd be fired on the spot.

    • Based on the number of phishing emails I see weekly I doubt people are ever going to learn. Stuff like this is done because it works and has been working for decades.
  • Perhaps people will start to take computer security seriously, if they see that it has an immediate impact on their budgets.
  • by Pseudonymous Powers ( 4097097 ) on Saturday February 20, 2016 @12:40PM (#51548787)

    God dammit, when I heard my elementary school got hacked I thought I was finally going to be able to get out from under the pernicious shadow of my Permanent Record!

  • ... someone stole my slide rule. I had to pay them 1s and 6d to get it back. How times have changed!
  • Seriously, as long as groups/companies insist on running windows and offshoring the work, they will continue to be hit by ransomware and others.

    Several decades ago, America used to be concerned about Security. Now, it is a joke.
    • Ransomware isn't particularly sophisticated,and would work just as well on Linux if anyone wanted to code it up. Take everyone off Windows and I am sure someone would. I'm curious why you think America used to be concerned about Security. Remember SQL Slammer, Love Letter, and friends? The underlying architecture of the systems (e.g. disallow script access to Outlook address book) only changed when the security cost became too high, not before.
  • You could fit a typical student record on a 3x5 card ... suck it up and just tell the crooks to go pound sand.
    • You could fit a typical student record on a 3x5 card ... suck it up and just tell the crooks to go pound sand.

      Assuming that payroll wasn't handled by one of the servers affected...

      • You could fit a typical student record on a 3x5 card ... suck it up and just tell the crooks to go pound sand.

        Assuming that payroll wasn't handled by one of the servers affected...

        Housed in the elementary school, instead of at the district level?

        In any case, if they can't piece together what they were paying people ... sheesh.

  • ... what about good backups?!

    Just last week, one of my co-workers attended a Cisco seminar where they were peddling an "all inclusive" system to try to stop malware, and especially ransomware. It involved software you had to load on all of the clients, server-side software and special firewall type gear, all to try to "proactively stop ransomware from phoning home or uploading content anyplace". The price tag, obviously, was pretty steep as well.

    Pulling his buddy, who worked at Cisco, aside for a minute, he

    • by Dadoo ( 899435 )

      what about good backups?!

      Give it time, and they'll figure a way around that, too. Off the top of my head, I'd say ransomware writers could put a delay in their software, before it does anything - say 6 months after it finds a new system. By that time, the ransomware will be all over the backups. Then what?

  • What was the name of the computer Operating system this ransomware ran on?

No spitting on the Bus! Thank you, The Mgt.

Working...