Florida city to pay $600K ransom to hacker who seized computer systems

[BobPSU92]

See? Pay that BITCOIN. .

See the link below. From the article:

"(CNN) -- A Florida city is paying $600,000 in Bitcoins to a hacker who took over local government computers after an employee clicked on a malicious email link three weeks ago.

Riviera Beach officials voted this week to pay 65 Bitcoins to the hacker who seized the city's computer systems, forcing the local police and fire departments to write down the hundreds of daily 911 calls on paper, CNN affiliate WPEC reported.

The 65 Bitcoins, which equals $600,000, will come from the city's insurance, officials said.

Once the payment is made, they hope to get access to data encrypted by the hacker. Even with the plans to pay the ransom, the city said, an investigation is under way."

https://www.cnn.com/2019/06/20/us/riviera-beach-to-pay-hacker/index.html

 

[psuro]

I thought governments don't negotiate with terrorists. I guess they don't - they simply acquiesce.

 

[Woodpecker]

Once they pay, the hacker will notify them that, since they were willing to pay 65 bitcoin (anyone know how to type the bitcoin symbol?), then they probably wouldn't mind paying another 35. Their willingness to pay also will make them a target of other hackers.

 

[Sullivan]

I thought governments don't negotiate with terrorists. I guess they don't - they simply acquiesce.

The smart ones don't...

 

[BobPSU92]

I thought governments don't negotiate with terrorists. I guess they don't - they simply acquiesce.

That's the go-to line in many movies. Could Hollywood have gotten it wrong?

 

[BobPSU92]

 

[Big 0]

I don’t think the old police chief from Riviera Beach would have paid it, which in itself is a trivia question. Anyone hazard a guess who it was (was a decorated WWII soldier)?

 

[Cletus11]

i think this is actually really, really scary. This story is out there now so you know that every hacker in Russia, North Korea, Iran, and China are going to go full bore after this. Could cost billions.

 

[psuro]

i think this is actually really, really scary. This story is out there now so you know that every hacker in Russia, North Korea, Iran, and China are going to go full bore after this. Could cost billions.

and hackers in the US, Mexico, England, India, Australia....etc etc etc

 

[BobPSU92]

and hackers in the US, Mexico, England, India, Australia....etc etc etc

So we can’t even stereotype and irresponsibly label hackers (and people who look like them)?

 

[anon_xdc8rmuek44eq]

NPR did a story on this last week. The same thing has happened to several US cities including Baltimore, who didn’t pay their $100,000 ransom and have lost about $20mm in revenue while trying to sort this out on their own. They think the hacking groups are Middle Eastern. Additionally, even when paid they don’t always unlock the computer systems.

 

[psuro]

So we can’t even stereotype and irresponsibly label hackers (and people who look like them)?

Here is their mug shot.

 

[SCNit]

The city of Atlanta was hit with ransom ware and asked to pay something like 100k, they followed FBI advice to not pay. As of last month they’ve lost millions of dollars and are still working to get their systems and data back to 100%. The average ransom is 25 to 50k, and while I don’t agree with their ransom ware tactics most cyber security companies tell their clients to pay.

 

[NittanyLionRoar]

Great...as hackers learn US cities will pay, we’re about to get pummeled with these. This could really bring major cities around the world to their knees.

 

[interrobang]

These aren't even necessarily "hacks" but stupid employees clicking on obvious phishing attempts

 

[Nitwit97]

How about this - if you work for my city and open an email you don’t know the origins of, you will be terminated.

Is that too harsh of a rule?

It’s not that hard to tell a suspect email

The joke will be on those hackers when Bitcoin prices fall back down (TIC).

 

[psuro]

How about this - if you work for my city and open an email you don’t know the origins of, you will be terminated.

Is that too harsh of a rule?

It’s not that hard to tell a suspect email

The joke will be on those hackers when Bitcoin prices fall back down (TIC).

You think it’s that easy to get rid of a municipal employee?

 

[Nitwit97]

You think it’s that easy to get rid of a municipal employee?

I know that is the drawback, right?

But I did say “my” city, so there it is.

So let’s do what government does - get bigger. Hire a designated email opener(s). The salary for one of these will cover the millions in potential losses.

Problem solved.

NEXT!

 

[psuro]

I know that is the drawback, right?

But I did say “my” city, so there it is.

So let’s do what government does - get bigger. Hire a designated email opener(s). The salary for one of these will cover the millions in potential losses.

Problem solved.

NEXT!

That was even worse than your first comment.

 

[Nitwit97]

That was even worse than your first comment.

No, better!!

 

[Nitwit97]

No, better!!

How about this then. . .

“Stop hiring ****ing retards who open suspect emails. “.

 

[BobPSU92]

How about this then. . .

“Stop hiring ****ing retards who open suspect emails. “.

No more e-mail. Snail mail and paper faxes only.

 

[BBrown]

NPR did a story on this last week. The same thing has happened to several US cities including Baltimore, who didn’t pay their $100,000 ransom and have lost about $20mm in revenue while trying to sort this out on their own. They think the hacking groups are Middle Eastern. Additionally, even when paid they don’t always unlock the computer systems.

View embedded media

Yea Baltimore is still having issues with it. They've done some work arounds with the city's email and real estate closings but water bills are a big problem right now.

 

[BBrown]

Here is their mug shot.

 

[RandyL]

I guess it is happening everywhere; just the other day it was reported that a hacker was able to encrypt docs in the County Clerk's Office (where we record most documents) in Clarksburg WV; they paid a $1500 "ransom"; then were asked for $3000 more.

 

[WDLion]

Hacker.

 

[BobPSU92]

Hacker.

The original:

The best:

 

[WDLion]

The original:

The best:

But he never hacked anybody for +300 mil.

 

[BobPSU92]

But he never hacked anybody for +300 mil.

How much did Hack Wilson “hack” the Cubs for? $300?

Hackenberg made out well with the Jets.

 

[Nitwit97]

You’re a genius aren’t you?

The dirty little secret about Ransomware attacks is that most attacks are on businesses corporations not on municipal city or state governments. Furthermore, most businesses pay the ransom...quietly. The public never finds out. The stockholders never find out. The cost of the cyber crime is simply and quietly passed on to the consumer/customer.

https://www.dandodiary.com/2019/01/...es-dirty-little-secret-corporate-victims-pay/

The point is the solution isn’t simply hiring smarter employees or threatening them with termination. Educating staff on threats from Social Engineering attack’s is not a cure all. There is a limit to their effectiveness. Many corporate or gov systems are fighting off 100’s-1,000’s of attacks a day and it only takes one.

I am, actually

And I agree with you, most do not publicize it

Which begs the question - why would ANYONE publicize it. It’s like leaving your wallet on the table and going to the restroom. You are signing up to be targeted


How many days until August 31??

These non-football threads are draining.

 

[Obliviax]

This is simply total incompetence on the part of city officials. I get being hacked but there should always be a backup where you can lose a day or two of data and move on as the very worst case. This defies every and any "best practices" on how you manage in IT department.

 

[BBrown]

This is simply total incompetence on the part of city officials. I get being hacked but there should always be a backup where you can lose a day or two of data and move on as the very worst case. This defies every and any "best practices" on how you manage in IT department.

My understanding of the Balto case is that their IT guy did tell them, 2 years ago, that they were not secure enough. SMH.

 

[Obliviax]

My understanding of the Balto case is that their IT guy did tell them, 2 years ago, that they were not secure enough. SMH.

well, its just stupid. I get a device being compromised and some expense having to be undertaken, but $600K? Sheer incompetence. NIST needs to come up with a govt compliance "best practices" and the individuals held liable like companies are.

 

[anon_xdc8rmuek44eq]

This is simply total incompetence on the part of city officials. I get being hacked but there should always be a backup where you can lose a day or two of data and move on as the very worst case. This defies every and any "best practices" on how you manage in IT department.

In the NPR story, they talk about why city government computer systems are so vulnerable and it's because updating them is expensive and isn't or hasn't been a priority. It's not just data loss - it's frozen government services systems that won't allow for the processing of utility payments, etc.

 

[Obliviax]

In the NPR story, they talk about why city government computer systems are so vulnerable and it's because updating them is expensive and isn't or hasn't been a priority. It's not just data loss - it's frozen government services systems that won't allow for the processing of utility payments, etc.

I understand...there is an easy fix...you automate a backup system in a batch mode so, no matter what, you can rebuild with (at most) a one-day loss of information. I mean, this is like 2+2=4 to anyone in IT

 

[anon_xdc8rmuek44eq]

I understand...there is an easy fix...you automate a backup system in a batch mode so, no matter what, you can rebuild with (at most) a one-day loss of information. I mean, this is like 2+2=4 to anyone in IT

How much does that cost?

 

[BobPSU92]

I understand...there is an easy fix...you automate a backup system in a batch mode so, no matter what, you can rebuild with (at most) a one-day loss of information. I mean, this is like 2+2=4 to anyone in IT

Wouldn’t it be more financially rewarding to use your knowledge for hacking than protecting local governments?

 

[Obliviax]

How much does that cost?

You can get a 4 terabyte addressable hard drive and software for under $200

 

[10 Years After]

Howabout we catch a few hackers, put them up against a wall, take the safties off and pull the triggers. Generally I'm not for this type of response but for these F's I'll look the other way.

 

[N&B4PSU]

I guess it is happening everywhere; just the other day it was reported that a hacker was able to encrypt docs in the County Clerk's Office (where we record most documents) in Clarksburg WV; they paid a $1500 "ransom"; then were asked for $3000 more.

"asked"... well, that's a polite way to put it. lol.