Florida city agrees to pay ransomware hackers $600,000 to unlock its data

midian182

Posts: 6,185   +51
Staff member

According to The Palm Beach Post, the attack on Riviera Beach, Florida, a small city north of West Palm Beach, was launched on May 29 when a police department employee opened an email attachment containing the ransomware. It spread to other IT systems, locking down the city's website, email server, billing system, and others, even affecting 911 dispatch operations.

On June 3, city officials agreed to spend $941,000 on 310 new desktops and 90 laptops to rebuild its IT systems, but as the original data hadn’t been backed up, a unanimous 5-0 vote took place this week that will see the council’s insurance carrier pay the hackers 65 Bitcoin, around $592,000.

City spokeswoman Rose Anne Brown told the New York Times that Riviera Beach was working with law enforcement and security consultants, and that it is “well on our way to restoring the city system.”

We’ve seen numerous US cities hit with ransomware attacks in recent times. Jackson County paid hackers $400,000 to regain access to its systems back in March, and the attack on Baltimore, which didn’t pay the $76,000 ransom, still cost the city $18 million in damages. We’ve also seen instances in Albany, San Diego, and Sarasota, along with those on several hospitals.

Permalink to story.

 

wiyosaya

Posts: 5,488   +3,586
IMO, this is a really bad idea no matter how you look at it. I keep getting phishing e-mail to files on sites like gagme drive and box from dirt bags trying to pull :poop: They, of course, get sent immediately to the appropriate abuse addresses.

I hope, though, this city and others have learned a lesson. Backups for critical data are a necessity in this day and age, and for the non-computer literate and exceptionally gullible, mandatory training in recognizing a phishing attempt.
 
  • Like
Reactions: Capaill

DeanLO

Posts: 11   +5
My thoughts ...
Don't pay these ransomware.

Please have good backups - and test them often!
( I am guilty of not testing my backups as often as I should )
Yeah ... it is a pain to rebuild your environment, but at least you know everything is clean and back to normal.

Perhaps paying is the less painful route, but realize:
No guarantee that paying will unlock it.
No guarantee that unlock will be successful and all your data is intact/error free.
No guarantee that something else isn't installed or left behind as well that you don't know about.
 
  • Like
Reactions: wiyosaya

TomSEA

Posts: 3,293   +1,979
60 Minutes television news show recently did a segment on these ransomware attacks at various cities and businesses (including hospitals). Seriously, this isn't new. Been going on 2-3 years now. You'd think most - if not all - public entities and businesses would have appropriate security in place by now. It's not that hard to filter out these ransomware attacks if you set up a few security measures.
 
  • Like
Reactions: wiyosaya

ShagnWagn

Posts: 1,297   +1,081
$600k can build a pretty nice backup system. Now they lost $600k, and still don't have a backups? Not too smart, eh?

Instead, they chose to fund these hackers for even more future attacks. Way to go for rolling the snowball, Florida.
 

brucek

Posts: 577   +700
TechSpot Elite
Selfish jerks. This action + the coverage that follows probably just recruited dozens more criminals to start doing this.

Plus who knows who is getting that money. Best case it's some random crook. But it could also be the government of North Korea, etc.

If they didn't care enough to back it up, they definitely shouldn't care enough to be funding extortionists.
 
  • Like
Reactions: Mekronid

Markoni35

Posts: 819   +302
Wow, United States has became so weak they can't send a few agents to catch those hackers and milk THEM for a few hundreds of thousands of dollars, instead of paying them enormous amount of money. What happened to this once strong country?
 

Bullwinkle M

Posts: 380   +280
What Insurance Company covers such blatant negligence?

I have never heard of such stupidity

Would they insure the Titanic from ever sinking as well ?
 

jobeard

Posts: 13,985   +1,782
... for the non-computer literate and exceptionally gullible, mandatory training in recognizing a phishing attempt.
This argues that email systems should be isolated from business infrastructures. We can lecture and cajole forever, but some old dogs just can't learn new tricks nor have the discipline to avoid phishing attempts.
 
  • Like
Reactions: Godel and wiyosaya

treetops

Posts: 3,065   +784
If a guy has a bomb and a bank full of people "We don't negotiate with terrorist". "Sure we could give in to demands and save these peoples lives, but that would inspire future terrorist!" Did it ever had anything to do with saving "future lives"? Or has it and will it always be about the money?

Probably not lol, these guys are just trying to do the logical thing, but why does it take money for that logic to come into fruition?

Someone should do a skit.
Criminal "I'll blow her brains out!"
Cop 1 "And?"
Criminal points gun at a computer "I'll do it!"
Cop 2 "This guys an animal!"
Cop 1 "Take whatever you want, just leave the computer alone, take me!"
 
  • Like
Reactions: Capaill

Capaill

Posts: 1,200   +738
... for the non-computer literate and exceptionally gullible, mandatory training in recognizing a phishing attempt.
This argues that email systems should be isolated from business infrastructures. We can lecture and cajole forever, but some old dogs just can't learn new tricks nor have the discipline to avoid phishing attempts.
And some new dogs don't realise the damage that a phishing attack can do.
 
  • Like
Reactions: wiyosaya

wiyosaya

Posts: 5,488   +3,586
This argues that email systems should be isolated from business infrastructures. We can lecture and cajole forever, but some old dogs just can't learn new tricks nor have the discipline to avoid phishing attempts.
Yes, I cannot argue against isolating e-mail systems from business infrastructure; that would go a long way to preventing attacks.

In my case, the e-mails that I received were obvious social engineering - viagra, pharmacy discounts, etc.

However, one was interesting in that it claimed to be a voice mail left for me. I had to look at that a bit closer, and what I found was that it was using one of my sneakemail addresses that was not from the address that I gave to my cell provider, and the biggest clue was that the file was on box.com. That one might have gotten by someone less technical than I.

So if you do isolate e-mail from the infrastructure, then how do you maintain the present ease of downloading legitimate attachments?

One way that I can think of is that e-mail clients run in a sort of virtual host environment. Anything downloaded to that environment is denied execution permission and scanned. Once it is determined to be safe, only then would it possible to transfer it out of the virtual environment.

Perhaps e-mail is relegated to an in-house server that is web based and runs in a similar virtual environment.
Terrible email server setup - no email scans?
Bad OS security permissions - MS to blame?
No backups

OMG...
The phishing e-mail these days do not attach anything to them. They rely on the user clicking on a hyperlink to the infected file. That's more difficult to stop, but not impossible.

For me, though, I could not do my job without running as an administrator.
 

wiyosaya

Posts: 5,488   +3,586
Wow, United States has became so weak they can't send a few agents to catch those hackers and milk THEM for a few hundreds of thousands of dollars, instead of paying them enormous amount of money. What happened to this once strong country?
I highly doubt that stupidity is relegated to only one country.
 
  • Like
Reactions: jobeard

treetops

Posts: 3,065   +784
The phishing e-mail these days do not attach anything to them. They rely on the user clicking on a hyperlink to the infected file. That's more difficult to stop, but not impossible.
"was launched on May 29 when a police department employee opened an email attachment containing the ransomware."

Maybe it said, don't click here.
 

TheBigT42

Posts: 477   +379
"On June 3, city officials agreed to spend $941,000 on 310 new desktops and 90 laptops to rebuild its IT systems"

This is another example of their stupidity. The current hardware can be wiped clean and reused.
 
  • Like
Reactions: wiyosaya

Bullwinkle M

Posts: 380   +280
Right......Right......

and how did that work out?
I'm not sure I understand what you are driving at. Lloyds of London paid the insurance claim. It's a matter of history.
It was a bad analogy

It would be like ensuring the Titanic from sinking after it sank

I can't imagine why ANY tech insurance would cover such incompetence

What was the thought process?

No backups, No problem
No recovery Plan, No problem
Incompetent workers and threats everywhere, No problem
How much insurance would you like?
-------------------------------------------------
"a unanimous 5-0 vote took place this week that will see the council’s insurance carrier pay the hackers 65 Bitcoin, around $592,000."
--------------------------------------
Really?
All we need to do is vote that our insurance carrier will foot the bill?
That's it?

So.... the Insurance Carrier has no say in the vote?

Wow, I didn't know it was that easy to simply vote what your Insurance Carrier must do for you

or maybe the author is just bad at telling stories and that's not what happened

either way, I don't thing we've heard the end of this yet

What happens when the hacker ignores the bitcoin trap you are setting and leaves your data to rot?

Are you Insured for that ?
 
Last edited:

mailpup

Posts: 7,613   +727
TS Special Forces
I only pointed out that the Titanic was insured. You're right. It was a bad analogy.
 

zorven

Posts: 15   +8
"city officials agreed to spend $941,000 on 310 new desktops and 90 laptops to rebuild its IT systems"

Either this report is missing details or that is a big overspend.

90 laptops at $1,500 each = $135,000
310 desktops at $750 each = $232,500
Total = $367,500

Even if I am a little light on my costs, their spend is very high for what they got.
 

jobeard

Posts: 13,985   +1,782
Many here have never worked in a commercial environment and been subject to corporate management of your desktop system. Using the Exchange Server, the admin remotely controls what is installed and the configuration of the desktop. Typically, there is a standard image that all workstations use.

thebigt42 said:
"On June 3, city officials agreed to spend $941,000 on 310 new desktops and 90 laptops to rebuild its IT systems"

This is another example of their stupidity. The current hardware can be wiped clean and reused.
absolutely true, but consider:

1) these are likely much older system and SHOULD be replaced anyway
2) the administrators would get a chance to rethink their management approach (aka standard images)
3) which would (should) include business continuation plan for simple & total resource outage (aka fire, flood & famine)
4) the workstations are only the tip of the iceberg -- all those server systems are where the business assets lay

*IF* you're going to payout profits to fix system wide issues, THEN you have the opportunity to create meaningful change instead of just plugging holes in the archaic dam.