Florida City Pays $600,000 To Ransomware Gang To Have Its Data Back (zdnet.com) 294
The city council for Riviera Beach, Florida, voted this week to pay more than $600,000 to a ransomware gang so city officials could recover data that has been locked and encrypted more than three weeks ago. From a report: The city's decision, as reported by CBS News, came after officials came to the conclusion that there was no other way to recover the city's files. Access to Riviera City data has been locked since May 29, this year, when a Riviera Beach police department employee opened an email and unleashed ransomware on the city's network. The ransomware locked files and shut down all the city's services. Operations have been down ever since, with the exception of 911 services, which were able to continue to operate, although limited. The city's website, email server, billing system, and everything else has been down ever since, with all city communications being done in person, over the telephone, or via posters. The city has been having a hard time recovering from the incident ever since.
Bad idea... (Score:5, Insightful)
That city just became a bigger target since they'll pay.
Re:Bad idea... (Score:5, Insightful)
Have to agree.
There is absolutely nothing that is going to stop the bad guys outside of significant penalty when apprehended, and this simply encourages them.
These are folks willing to lose their ransomware on hospitals, to shut down utilities, basically, hold entire populations ransom. The term terrorism gets thrown a lot these days, but I'd say that this fully qualifies as monetarily motivated terrorism, and it ought to be treated as such.
Re:Bad idea... (Score:4, Insightful)
There is absolutely nothing that is going to stop the bad guys outside of significant penalty when apprehended...
Absolutely wrong.
There's a pretty damn good way to stop the bad guys: Have their efforts fail to be rewarded. If they try and try and fail and fail, most people outside of those with a mental issue stop after awhile.
But I 100% agree with you on this encouraging them. And not just them, others who read the headline and go, "Holy shit, that actually works? I could do that!"
Re:Bad idea... (Score:5, Insightful)
Oh, I am not arguing against a good defense.
But no matter how deep the depth of your defense is, no matter how diligent, the good guys always have to get it right, the bad guys, only once.
So, my point is that yes, they will get through once in a while. And when they do, track them down, and exercise maximum penalty under the law.
This isn't disrupting some chat forum; this is impacting life critical systems, and disrupting untold people's lives out of simple greed. There ought, I think, to be a significant cost associated with someone attempting such blackmail.
Re: (Score:2)
PS: In no way am I arguing pay the ransom. Never pay the ransom. Thought that was understood; apologies for lack of clarity.
Re:Bad idea... (Score:4, Interesting)
How's that working out in Baltimore? Their attack is on-going, we're at six weeks with no end in sight, costing taxpayers $18 million and counting [engadget.com].
In principle, never pay ransom... but... at some point you cut your losses, don't you? I mean, in the case of Baltimore, the attackers asked for $80K [govtech.com], and after $18 million of expenses and losses, maybe paying the $80K would have been the prudent solution?
Re: (Score:3)
Considering Baltimore's IT security situation is so bad, once they paid what's to stop the attackers from doing it again under another name? Or selling the info about Baltimore's weak spots for others to take a shot?
Unless they're certain they're patched and protected, paying is just insane.
And being in the situation in the first place is proof positive they don't have working backups.
Comment removed (Score:4, Insightful)
Re: (Score:2, Insightful)
One of the things I've noticed (maybe you don't, if you have someone else running your filters) is that after all these years, I'm still being sent email spam.
It costs them almost nothing to do it; it's automated. But someone, somewhere, is buying the penis enlargers, paying masturbation-webcam-video ransoms, and looking for hot chicks in their area. You cannot stop this shit by having a policy of not rewarding the
Re: (Score:2)
Make the significant penalty death and these criminals will never hold anyone for ransom ever again.
Re: (Score:3)
There is absolutely nothing that is going to stop the bad guys outside of significant penalty when apprehended, Make the significant penalty death and these criminals will never hold anyone for ransom ever again.
Where has that every actually worked?
Re: (Score:2)
Doesn't the blockchain record the ownership history of each bitcoin. I doubt that the city of Riviera Beach conducts many transactions in bitcoin. Surely these coin can forever be considered "tainted" and therefore subject to forefiture.
After the transaction, simply post a message saying that the coin was extorted illegally and will be recovered from whoever holds it as soon as a warrant and the technology becomes available to do so. That should make bitcoin users more wary of the provenence of their coins
Re:Bad idea... (Score:4, Insightful)
Agreed.
Also, why is Windows still being used in mission-critical deployments?
Billy G. has always sold it as a gamer's operating system; it was never
meant for this use-case. I mean, that's the real problem here, isn't it?
CAP === 'ferments'
Re: (Score:2)
I mean, that's the real problem here, isn't it?
Not really, not in this case. Most ransomware doesn't need to exploit admin privileges or any sort of exploit to do its work. Just needs dumb users to be dumb users. Most use system encryption APIs just like many legit programs, and the user's access to shared documents (which most require for their job functions). And yes, Linux ransomware is a thing. It's not a bigger thing because it's not the usual desktop OS of choice. If it were, you would see more of it. It really comes down to user training and adm
Re: (Score:2)
If I work for a certain city hall, and would like a nice payday, send me the ransomware, I'll unleash it and steer officials to vote for paying ransom. Once paid i log in to my PayPal one day or check my bitcoin wallet and see a nice kickback.
That's how I see this going.
Re: (Score:2)
I don't know how stupid you have to be to think it's a more likely that they personally compromised and rewarded somebody on staff both brave enough and dumb enough to think they wouldn't couldn't caught deliberately infecting a workplace than simply wait for a dumb user (of which there there are thousands upon thousands) to open a payload in an email sent to thousands of email addresses.
Email attachments are are an attack vector that amounts to thousands open doors, only one of which needs to open, and doe
Comment removed (Score:5, Insightful)
Re: Abject incompetence. (Score:5, Funny)
Re: (Score:2)
Where to start (Score:4, Insightful)
Every single person involved in this decision should be bounced off the taxpayers' teat immediately.
Then start with the mayor and the city council.
Speaking as a public IT employee, if you want to see a difference in how tech is being managed, start with the political leaders. Because year after year, they keep telling their IT staff to do more, provide more, make it happen sooner, and do it without adequate funding. Furthermore, since budgets get constrained, they hire fresh-out-of-college staff who typically do not have the experience necessary to know how to plan, develop, and maintain data-redundant solutions. Even if they did, good luck getting management to approve it.
Let's pretend that there was competent IT staff. And they went to management to request $600,000 for a data-redundant solution. What do you think the answer would be?
On the other hand, I guarantee you that every large city has an emergency slush fund. Can't get work done, because your data is encrypted? Yea, there's a budget for that. Though, let's cross our fingers that Miami doesn't get hit by a hurricane this year, because that budget's now spent.
Not happy about how these priorities are managed? Then speak up at your city council meeting [youtube.com].
Re: (Score:2)
They are watching Baltimore still suffering after six weeks and $18 million in expenses and losses [govtech.com] to avoid paying $80K to the attackers, and decided they didn't have millions of dollars to indulge in their lofty "we don't negotiate with terrorists" principles.
Re: (Score:2)
Re: (Score:2)
Can you think of another crime that the majority react and find ways to tear apart the victim involved?
Off the top of my head? Neo-nazis who get assaulted at rallies.
Re:Abject incompetence. (Score:5, Insightful)
Track them down, send the military if need be, but do not support criminals.
You are assuming that the country where these criminals live will actually give a shit about this. In large parts of the world $600,000.00 is a king's ransom, the average monthly income for a "middle class" family is $500.00 a month. A couple of well placed bribes and suddenly local authorities become very unhelpful. The US military and US government is not going get into an international incident just because the IT department some town in Florida failed to have a disaster recovery plan in place.
Sorry, but stupidity this epic should be painful. With any luck the heads of the IT department will find themselves on the unemployment line and competent managers will be hired to fix this disaster.
Re:Abject incompetence. (Score:4, Insightful)
I think it would be difficult/illegal (in and of itself) to prohibit private businesses from paying, but government entities? Sure.
Of course, then you need a pretty extensive ad campaign/publicity/etc to make sure the scum in other countries who do this crap get the message...
Comment removed (Score:5, Interesting)
Re: (Score:2)
Baltimore has invested $18M trying to recover from an $80K ransomware attack - where will that $18M in losses and expenses come from? The school budget? The police department? The roads and park department?
Sometimes I think you pay the money and improve your defenses.
Re: (Score:3)
Re: (Score:3, Insightful)
With any luck the heads of the IT department will find themselves on the unemployment line and competent managers will be hired to fix this disaster.
While incompetence could very well be the root cause, in my experience the IT department has been screaming for years for more budget to do better backups, have better antivirus, better security appliances, etc. And those screams have gone unheeded by the bean counters. The budgeting mentality seems to be "we've never been hit by something like this so why should we pay more for security to protect us from it?"
This rolling of the dice works quite well...right up to the point where it doesn't.
Re: (Score:2)
I was assuming the criminals who pulled this off are living in a country where extradition to the US is not something they do. $500.00 a month is the average salary in places like west Africa.
Re: (Score:3)
Re: (Score:2)
Baltimore attackers asked for $80K, and the city has spent $18M to date (and counting).
https://www.govtech.com/securi... [govtech.com]
Re: (Score:2)
Spending $18M to avoid an $80K ransom? Baltimore is following your advice - I wonder where the $18M (and counting) will come from? (That's about what 225+ police officers cost in salaries, BTW)
Re: (Score:2)
Or, another datapoint for Baltimore, two settlements for victims of corrupt police and prosecutors.
https://www.propublica.org/art... [propublica.org]
Re: (Score:2)
And what do you propose as alternative when are this specific situation? No backups and critical files encrypted? Not paying it would fck up things even more for the average joe.
Simply looking at the road directly in front of you and always selecting the path of least resistance is no way to make decisions.
Comment removed (Score:3, Interesting)
Website? Email? (Score:5, Interesting)
Low pay, low budgets, long hours (Score:5, Insightful)
There's also constant pressure to do more with less, a _lot_ less. Businesses will spend money to make money but gov't is viewed as either a sunk cost or a way to line your buddy's pockets. And let's not forget that last one. You're often given crap hardware and software because the mayor's brother in law or maybe the guy that funded his campaign sold it to you.
One time a buddy got a shipment of 1000 NICs in. The NICs were cheap and sold by a local outfit with ties to one of the elected schoolboard members. Every single one had the same MAC address. That meant setting up hacks to use them (because you weren't gonna get anything else) and a ton of extra work. That kind of thing is all over muni IT....
We could fix all this of course. End the corruption, properly fund departments, etc, etc. But nobody seems to want to do it...
Re:Low pay, low budgets, long hours (Score:5, Interesting)
IT budget was 3.3% of the city's total budget, which is about the same as private industries [computereconomics.com]. Non-personnel funding was $1.3 million in 2019, which was ramped up quickly from $660k in 2017, and $1 million in 2018. 10.5 IT positions vs 578 total employees gives them a 1:55 ratio, which would put them around the 75th percentile [workforce.com] - low but not egregiously bad. This confirms that they were paying their IT staff higher than the industry average (average budget but higher salary = lower IT to employee ratio).
This sounds more like outright incompetence and insufficient oversight, rather than lack of funding.
Seems to be a repeating theme... (Score:5, Interesting)
Piss poor infosec, followed by piss poor or non-existent backup policies. Followed by even worse internal protection on allowing machines to run rampant across the network and do whatever they want. Not even surprised anymore, it's going to take multiple serious issues to get people to do even the most basic precautionary measures.
Poor backup polices are perhaps my least favorite to see in action, a friend of mine was dealing with the aftermath of the Slave Lake(Alberta) fire ~8 years ago. There was no offsite, no remote, no rotational backups. They lost a decade worth of data, everything from tax records to lien information to payroll. What was the kicker? Their IT service was farmed out to another company which was supposed to have setup a policy, and taught everyone what to do. Never happened, but when the city came knocking? They closed up shop and both owners fled out of the country. Even the radio station had a better backup policy and only lost 7 days worth of data.
Re: (Score:2)
Surprised NAS makers as well as the backup industry isn't jumping in on this. Free advertising and all that.
There are a few companies that offer this, hell even MS's own AV suite offers ransomware protection free, using a rotational onedrive backup. We're pretty much in the age of cheap data storage, the only reason these things happen is because policies don't exist, or because organizations believe that they're too small to be targeted.
They deserve whatever happens to them (Score:2)
It's 2019, for fuck's sake. Who doesn't take care of their backups?
Let's hope these retards read slashdot; you deserve to be fired. You deserve to be held criminally liable for your incompetence. I hope you never work in this field again. That goes for the idiot IT workers who didn't give 2 shits about their backups AND everyone up the chain of command who was in charge of hiring and managing this crack team of morons.
Re: (Score:3)
Some random Florida city council members are not "tech savvy". Most people are not "tech savvy". They don't even know who to delegate this kind of stuff to.
If the city council members don't even know who to delegate their tech problems to, then they absolutely, positively should not be on the city council.
Re: (Score:3)
Politicians seek office for graft. That is the self-imposed qualification.
The rest is a hot air game to get you to vote for them by spending your own money, and that of your children not yet born, on you.
Re: (Score:2)
Gee, if only there were people who DO understand tech. /s
Or does IT stand for Idiot Technician?
Apparently they can afford $600,000 but can't afford $60 for a spare drive. Bunch of fucking morons.
Re: (Score:2)
Apparently they can afford $600,000 but can't afford $60 for a spare drive. Bunch of fucking morons.
Right, the entirety of the City's IT infrastructure can be backed up onto a 2 TB drive costing $60 [microcenter.com].
Christ, have you ever earned a paycheck working in IT?
Re: (Score:2)
It's 2019, and these idiots fucked around with their backups.
What would you consider a "reasonable" response to such monumental incompetence?
Re: (Score:2)
Ya, not granting you that one. There are core axioms of IT is that your management doesn't understand IT, so you can't hide behind that as an excuse.
I can appreciate management making it harder for the IT team to achieve backup success...but that's where our job starts. We take the constraints, we identify our goals, and we get there via whatever means are necessary.
As someone else mentioned; push come to shove you get an external drive, or a series of external drives, and you use those to do your backups
Re: (Score:2)
the cheap way is to have the intern take home the offsite tape as iron mountain cost to much.
Re: (Score:2)
Any admin who doesn't place a high priority on their backups shouldn't be in IT, it's as simple as that.
"with the exception of 911 services" (Score:2)
Fire the IT Manager (Score:2)
At a minimum, the Riviera Beach IT Manager should be fired.
http://www.rivierabch.com/cont... [rivierabch.com]
Re:Fire the IT Manager (Score:5, Interesting)
Maybe not. He very well may have a nice paper trail showing all of the times he pointed out that this could happen, and was denied the resources to prevent it. Most competent IT folks do.
But if he doesn't, I agree with you.
Re: (Score:2)
His paper trail is probably emails which are now encrypted with the servers being held for ransom...
Objective thinking here... (Score:5, Interesting)
Alright, so let's say I was a hacker, and I wanted to make some money. And I had a ransomware tool that I could deploy...nothing custom or fancy, just some run-of-the-mill cookie-cutter package I got for cheap off the dark web. Do I target a mega corporation, that likely pays for high-tier security experts to keep their data locked tight, a high-risk, high-reward gambit, or do I go after some public entity, someone with valuable data necessary to their daily operations, but lacking the security expertise to keep it properly protected, secured, and redundant?
I'd go after the public sector, every time.
In fact, I'd probably target a place that's recently hiring, someone more likely to have a bit of chaos in their system due to a transitional phase. And since the public sector advertises all openings publicly, all the easier to target. Sure, the payout may not be as big, but any payout is still a win in my book.
Plus, $800K can buy me a lot better ransomware.
Funding criminal enterprises is ok? (Score:2)
Bigger question - will it even work? (Score:2)
I highly question if after paying the ransom, this city will really get back what it has lost. Maybe partial recovery but even then I'm not sure if it will be delivered. All to easy to just run with the cash and not do anything else that might reveal who and where you are.
Re: (Score:3)
They'll probably get it back. It's hard to get the next $600,000 payday if you don't deliver on the previous one. Victims usually lose their data permanently when they get infected by ransomware whose infrastructure has either been abandoned or taken down by the authorities.
Also, there is little for the criminals to gain by not delivering the unlock key. They will sometimes raise their demands, but they want payment to be seen as a sure-fire way to put this event behind them.
they can also stop payment or do an CC change back (Score:2)
they can also stop payment or do an CC change back
On Bitcoin??? (Score:2)
they can also stop payment or do an CC change back
Pretty sure the attackers are not taking the cities corporate Amex LOL!
Aren't all of these ransomware guys taking Bitcoin? How do you "stop payment" on Bitcoin?
Re:they can also stop payment or do an CC change b (Score:5, Funny)
That's why I don't take credit cards for my ransoms. Too many people were doing chargebacks. I was having to charge credit card victims 8% extra (over and above cash victims) and then the credit card company said I couldn't do that because it gave their service "a conspicuous competitive disadvantage" so it was in violation of our crime agreement. Eventually I just had to fire them.
If you don't have cash, I won't even provide decryption services anymore. You're just not worth the potential trouble. If you somehow manage to get my malware and install it, I'll just tell you here now: the passphrase is "password123$5" and please don't bother contacting me for support or payment because I can't deal with that shit anymore.
Note, though, that if you do have cash, then it is a violation of the EULA (which, yes, you did agree to as part of the installation process) to use that passphrase without making payment. It's also a DMCA violation, as I inject some of my data, copyrighted by me, into the ciphertext, thus making the encryption be a technological measure which effectively limits access to a copyrighted work.
Don't like my cash-only policy? Then be someone else's victim. For all I care, you can get your precious malware from the big malware suppliers instead of us mom'n'pops. They'll always take CCs. Just remember, though, that 8% of your payments are being skimmed, so the malware vendor has to raise their prices (on everyone, even cash victims!) to account for that. You'll get ripped off.
Re: (Score:2)
Re: (Score:2)
If the terrorists don't restore the files, then their source of income dries up. There are two fundamental principles at work here; 1) keep ransom demands reasonable (like $80K in the case of Baltimore), and 2) Always restore the files. Ignore either, and you've killed the goose that lays the golden eggs.
It will be amusing (Score:2)
to see if they actually get their data back.
well fuck. (Score:2)
Comment removed (Score:5, Insightful)
Re:Most people here are missing the point (Score:5, Insightful)
Re: (Score:2, Interesting)
Not necessarily. There are a lot of deleted elastic, mongo and S3 buckets out there with ransom notes. They still have to try harder cloud or on-prem.
Answer: data privacy laws (Score:3)
I'm not sure about Florida, but in Minnesota, we have MGDPA, or the Minnesota Government Data Privacy Act [mn.gov]. Any 3rd party managing government data MUST comply with its rules and regulations.
So when I get on the phone with your run-of-the-mill cloud solutions sales rep, and ask him/her if their company complies with the MGDPA, the response is usually the same. "I'll get back to you on that." Most never do, though I did get one who said about two days later, "I just heard back from legal, and we can't."
And
Re: (Score:2)
What if... local governments... outsource their IT... to the cloud?
A lot of people are using M$ and the rest for messaging, etc, with things like O365.
They do a decent job of stopping "bad" emails, like phishing with links/attachments, etc;
They also give admins the ability to fine tune blacklists, etc;
But I assume that a phishing email or somesuch showed up in a users inbox and the link/attachment was activated, thus starting the problem.
Cloud based messaging services are good but not a complete answer to this issue.
Backups (Score:4, Insightful)
Re: (Score:3)
"Wow, how did this ransomware encrypt their OFFSITE TAPE BACKUPS?"
They all do that. It's of no use to encrypt their real data until you have thoroughly disrupted all their backups, only then do you reveal yourself and encrypt the live data.
We finally got people to make backups but the morons never test any restore operations, so backups are useless when they are needed.
Moar laws (Score:2)
I personally don't understand how it is even legal to knowingly transfer large sums of cash to an illicit criminal enterprise.
There should be federal law which makes these kinds of ransom payments illegal. Don't want to get owned and lose everything? At the very least backup your shit and don't keep backup media online. Backups don't cost 600k.
Who does that *publicly* ? (Score:2)
Paying the ransom may be the best strategy, but at least, keep it secret.
Just say you paid $600k to some data recovery company.
At least they are honest, but sending the message that crime pays is not a good idea. That's unless they can catch the criminals after, but I doubt it.
Frightening IT (Score:2)
I have to say that this story absolutely terrifies me in just how ineptly their infrastructure is being managed.
There is no way one infection should have been able to cause that kind of damage if their infrastructure had been configured properly. Properly segmenting your network and implementing reasonable permission management alone would have been enough to prevent this from happening. Throw in regular backups, anti-virus protection, etc, and the impact would have been minimal.
They either have grossly i
Politicians see I.T. as a cost center. (Score:2)
I've recently interviewed with a few small city/county I.T. shops, they were funded for 2 to 8 positions.
In general the head of I.T. wouldn't have been even a team leader in an average corporation, but they don't have the experience to know that.
Most of what they are doing is help desk functions with little time or funding to do anything else.
When I asked how they were doing backups, disaster recovery, trouble ticketing, the answers were little more than hand waving.
The cities hire people than can swap out
Wow (Score:2)
'nough said. (Score:2)
https://www.reddit.com/r/Progr... [reddit.com]
Re:This is actually a bargain. (Score:5, Insightful)
Hi, I'm an IT leech. If you ran a city, would you rather pay $600,0000 for a secure local network with backups, or $600,000 to criminals who even if they actually return your data will leave the system just as unsecure as before?
Re: (Score:2)
Baltimore has spent/lost $18M so far, betcha they'd like another crack at that $80K ransom demand?
https://www.govtech.com/securi... [govtech.com]
Re:why am I not surprised (Score:5, Insightful)
It doesn’t matter where the infection got started. What matters is that the infection was able to spread to pretty much every single city service. That is inexcusable.
Re: (Score:2)
True, and if you work with cops you just have to accept they're going to click on things they shouldn't. They're as bad as your average office worker, maybe worse because they are often protected from admin discipline for this kind of stuff and they know it.
Not a dig at cops, they've got a hard life-risking job. It's just the reality.
So you design your network security in layers. The public safety network would be almost entirely isolated, only having access to the services it needs access to and that's
Re:why am I not surprised (Score:4, Insightful)
That would be a start.
Re: (Score:3)
lol, right.
Good luck with that.
Yea, I know, but I had to say the obvious...
Re:why am I not surprised (Score:4, Informative)
Or how about a sane backup strategy? I can't imagine restoring from backup would have set them back more than 600k if they had a reasonable plan.
Re:why am I not surprised (Score:5, Informative)
"Or how about a sane backup strategy?"
Very easy to say, much harder to do.
We all know about the low hanging fruit ... no backups; or network attached storage, or simple rsync to a remote site. These are all awful. And yes we see them all the time, and they deserve the mockery and condescension.
But I've lately seen what I would classify as perfectly "sane backup strategies", that could survive flood/fire/lightning, hardware failure, ransomware/virus infections, accidental data deletion, and so forth fall to malicious breaches, where the hackers have gain remote control/access and are persistent threats.
Even rotating offline backups etc are vulnerable to a persistent threat.
You have to be pretty much paranoid, spare-no-expense, to be secure from a persistent threat with remote access.
" I can't imagine restoring from backup would have set them back more than 600k if they had a reasonable plan."
First, it appears they were insured for this. So they paid their insurance deductible of $25,000, and will likely have a higher deductible going forward. It's extremely easy to imagine that it was cheaper to pay the insurance deductible and premiums than to recreate lost data. The city separately is spending a $1M on new hardware; so it looks like they are doing the right things 'wipe/rebuild from scratch' to be sure there is no further issue; and IT likely has the purse strings loosened after this incident so they are probably getting much more robust systems than they had in terms of firewall, intrusion monitoring, backups.. etc
Honestly, even if they HAD the backups, they'd probably STILL have wanted to rebuild the network from scratch just to be sure. And the 25k deductible to recover some lost data is a drop in the bucket relative to that effort.
Re: (Score:2)
When you set up your infrastructure, you absolutely must work under the assumption that eventually some crap will get through onto your network.
People are spending lots of money protecting "networks" when the only thing anyone actually care about are "systems".
Every dollar spent erecting elaborate networks of castle walls is a dollar not spent protecting systems.
You must have multiple measures to detect and mitigate such an attack, again under the assumption that some of those measures will prove ineffective.
Favorite past time of security industrial complex piling on layer after layer of ineffectual bullshit to Band-Aid up for deficiencies in underlying systems. At least it does its job of providing steady employment at the cost of no or negative incentive for substantive change.
Re: (Score:2)
Why am I not surprised that the infection came through the cop shop? IME nobody is as ignorant about tech as your average cop.
Yea I don't know about that.
All the cops that drive around my town are constantly looking at the laptops in their cars.
I assume they must have to deal with tech quite a bit.
Re:Victim shaming and blaming (Score:5, Insightful)
Found the idiot who doesn't have backups.
This isn't rocket science -- this is basic IT. Apparent they can afford the $600,000 not $60 to have but a spare drive. Bunch of morons.
Re:Victim shaming and blaming (Score:5, Insightful)
Assuming they kept the spare drive offline or at least off their local network.
Re: (Score:2)
JFC, I keep offline and off-premise full-take backups of my laptop and rotate them weekly.
How hard is it for an IT operation of middling size to do the same?
We're not talking about putting AWS on streaming tape here...
Re:Victim shaming and blaming (Score:4, Insightful)
Re: (Score:3)
If the malware has a dormancy period, and doesn't get detected prior to backup, then you've just backed up the malware too. Not ideal.
Unless it's unusually clever malware, you'll still be able to pull the data you need out of the backups piecemeal without getting reinfected. If you're smart enough to use a cross-platform backup format, you can open it up on a different platform entirely, reducing the risk of reinfection still further.
Re: (Score:2)
Apparent they can afford the $600,000 not $60 to have but a spare drive. Bunch of morons.
Right, the entire city can backup their IT operations on a $60 2 TB drive? Seems reasonable, you must be an IT director for some major corporation.
Re: (Score:2)
Re:Victim shaming and blaming (Score:5, Interesting)
Re: (Score:2)
While it's important to have empathy,
No that's not important at all.
people hired to do IT jobs should be good at IT. If they are not then they should look for a different career path. Nobody likes to see people fail, but being in IT means that we should be prepared for failures as much as possible and mitigate against them.
IT should be investing at least as many resources into addressing underlying issues in system design as they do piling on poorly designed security middle boxes and scanners which themselves are security risks and lack necessary higher layer context to be effective at much of anything.
Re: (Score:2)
Re: (Score:2)
Baltimore has blown through $18M and counting...
Re: (Score:3)
Baltimore lost $18M over the last 6 weeks because they took your advice and refused to pay an $80K ransom demand.