1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Florida city agrees to pay ransomware hackers $600,000 to unlock its data

By midian182 · 26 replies
Jun 20, 2019
Post New Reply
  1. According to The Palm Beach Post, the attack on Riviera Beach, Florida, a small city north of West Palm Beach, was launched on May 29 when a police department employee opened an email attachment containing the ransomware. It spread to other IT systems, locking down the city's website, email server, billing system, and others, even affecting 911 dispatch operations.

    On June 3, city officials agreed to spend $941,000 on 310 new desktops and 90 laptops to rebuild its IT systems, but as the original data hadn’t been backed up, a unanimous 5-0 vote took place this week that will see the council’s insurance carrier pay the hackers 65 Bitcoin, around $592,000.

    City spokeswoman Rose Anne Brown told the New York Times that Riviera Beach was working with law enforcement and security consultants, and that it is “well on our way to restoring the city system.”

    We’ve seen numerous US cities hit with ransomware attacks in recent times. Jackson County paid hackers $400,000 to regain access to its systems back in March, and the attack on Baltimore, which didn’t pay the $76,000 ransom, still cost the city $18 million in damages. We’ve also seen instances in Albany, San Diego, and Sarasota, along with those on several hospitals.

    Permalink to story.

     
  2. wiyosaya

    wiyosaya TS Evangelist Posts: 3,993   +2,290

    IMO, this is a really bad idea no matter how you look at it. I keep getting phishing e-mail to files on sites like gagme drive and box from dirt bags trying to pull :poop: They, of course, get sent immediately to the appropriate abuse addresses.

    I hope, though, this city and others have learned a lesson. Backups for critical data are a necessity in this day and age, and for the non-computer literate and exceptionally gullible, mandatory training in recognizing a phishing attempt.
     
    Capaill likes this.
  3. DeanLO

    DeanLO TS Rookie

    My thoughts ...
    Don't pay these ransomware.

    Please have good backups - and test them often!
    ( I am guilty of not testing my backups as often as I should )
    Yeah ... it is a pain to rebuild your environment, but at least you know everything is clean and back to normal.

    Perhaps paying is the less painful route, but realize:
    No guarantee that paying will unlock it.
    No guarantee that unlock will be successful and all your data is intact/error free.
    No guarantee that something else isn't installed or left behind as well that you don't know about.
     
    wiyosaya likes this.
  4. TomSEA

    TomSEA TechSpot Chancellor Posts: 3,124   +1,617

    60 Minutes television news show recently did a segment on these ransomware attacks at various cities and businesses (including hospitals). Seriously, this isn't new. Been going on 2-3 years now. You'd think most - if not all - public entities and businesses would have appropriate security in place by now. It's not that hard to filter out these ransomware attacks if you set up a few security measures.
     
    wiyosaya likes this.
  5. ShagnWagn

    ShagnWagn TS Guru Posts: 731   +561

    $600k can build a pretty nice backup system. Now they lost $600k, and still don't have a backups? Not too smart, eh?

    Instead, they chose to fund these hackers for even more future attacks. Way to go for rolling the snowball, Florida.
     
    Digitalzone and fluffydestroyer like this.
  6. Cycloid Torus

    Cycloid Torus Stone age computing - click on the rock below.. Posts: 4,067   +1,190

    "as the original data hadn’t been backed up" No backup??? OMG, who messed up on that?
     
    TheBigT42 likes this.
  7. brucek

    brucek TS Maniac Posts: 167   +207

    Selfish jerks. This action + the coverage that follows probably just recruited dozens more criminals to start doing this.

    Plus who knows who is getting that money. Best case it's some random crook. But it could also be the government of North Korea, etc.

    If they didn't care enough to back it up, they definitely shouldn't care enough to be funding extortionists.
     
    Mekronid likes this.
  8. Markoni35

    Markoni35 TS Booster Posts: 196   +93

    Wow, United States has became so weak they can't send a few agents to catch those hackers and milk THEM for a few hundreds of thousands of dollars, instead of paying them enormous amount of money. What happened to this once strong country?
     
  9. Bullwinkle M

    Bullwinkle M TS Booster Posts: 136   +71

    What Insurance Company covers such blatant negligence?

    I have never heard of such stupidity

    Would they insure the Titanic from ever sinking as well ?
     
  10. jobeard

    jobeard TS Ambassador Posts: 12,889   +1,530

    This argues that email systems should be isolated from business infrastructures. We can lecture and cajole forever, but some old dogs just can't learn new tricks nor have the discipline to avoid phishing attempts.
     
    Godel and wiyosaya like this.
  11. treetops

    treetops TS Evangelist Posts: 2,565   +551

    If a guy has a bomb and a bank full of people "We don't negotiate with terrorist". "Sure we could give in to demands and save these peoples lives, but that would inspire future terrorist!" Did it ever had anything to do with saving "future lives"? Or has it and will it always be about the money?

    Probably not lol, these guys are just trying to do the logical thing, but why does it take money for that logic to come into fruition?

    Someone should do a skit.
    Criminal "I'll blow her brains out!"
    Cop 1 "And?"
    Criminal points gun at a computer "I'll do it!"
    Cop 2 "This guys an animal!"
    Cop 1 "Take whatever you want, just leave the computer alone, take me!"
     
    Capaill likes this.
  12. Capaill

    Capaill TS Evangelist Posts: 894   +497

    And some new dogs don't realise the damage that a phishing attack can do.
     
    wiyosaya likes this.
  13. Digitalzone

    Digitalzone TS Booster Posts: 99   +47

    Terrible email server setup - no email scans?
    Bad OS security permissions - MS to blame?
    No backups

    OMG...
     
  14. wiyosaya

    wiyosaya TS Evangelist Posts: 3,993   +2,290

    Yes, I cannot argue against isolating e-mail systems from business infrastructure; that would go a long way to preventing attacks.

    In my case, the e-mails that I received were obvious social engineering - viagra, pharmacy discounts, etc.

    However, one was interesting in that it claimed to be a voice mail left for me. I had to look at that a bit closer, and what I found was that it was using one of my sneakemail addresses that was not from the address that I gave to my cell provider, and the biggest clue was that the file was on box.com. That one might have gotten by someone less technical than I.

    So if you do isolate e-mail from the infrastructure, then how do you maintain the present ease of downloading legitimate attachments?

    One way that I can think of is that e-mail clients run in a sort of virtual host environment. Anything downloaded to that environment is denied execution permission and scanned. Once it is determined to be safe, only then would it possible to transfer it out of the virtual environment.

    Perhaps e-mail is relegated to an in-house server that is web based and runs in a similar virtual environment.
    The phishing e-mail these days do not attach anything to them. They rely on the user clicking on a hyperlink to the infected file. That's more difficult to stop, but not impossible.

    For me, though, I could not do my job without running as an administrator.
     
  15. wiyosaya

    wiyosaya TS Evangelist Posts: 3,993   +2,290

    I highly doubt that stupidity is relegated to only one country.
     
    jobeard likes this.
  16. treetops

    treetops TS Evangelist Posts: 2,565   +551

    "was launched on May 29 when a police department employee opened an email attachment containing the ransomware."

    Maybe it said, don't click here.
     
  17. wiyosaya

    wiyosaya TS Evangelist Posts: 3,993   +2,290

    Interesting.
     
  18. TheBigT42

    TheBigT42 TS Maniac Posts: 322   +220

    "On June 3, city officials agreed to spend $941,000 on 310 new desktops and 90 laptops to rebuild its IT systems"

    This is another example of their stupidity. The current hardware can be wiped clean and reused.
     
    wiyosaya likes this.
  19. mailpup

    mailpup TS Special Forces Posts: 7,401   +627

    The Titanic was, in fact, insured.
     
  20. Bullwinkle M

    Bullwinkle M TS Booster Posts: 136   +71

    Right......Right......

    and how did that work out?
     
  21. mailpup

    mailpup TS Special Forces Posts: 7,401   +627

    I'm not sure I understand what you are driving at. Lloyds of London paid the insurance claim. It's a matter of history.
     
  22. Bullwinkle M

    Bullwinkle M TS Booster Posts: 136   +71

    It was a bad analogy

    It would be like ensuring the Titanic from sinking after it sank

    I can't imagine why ANY tech insurance would cover such incompetence

    What was the thought process?

    No backups, No problem
    No recovery Plan, No problem
    Incompetent workers and threats everywhere, No problem
    How much insurance would you like?
    -------------------------------------------------
    "a unanimous 5-0 vote took place this week that will see the council’s insurance carrier pay the hackers 65 Bitcoin, around $592,000."
    --------------------------------------
    Really?
    All we need to do is vote that our insurance carrier will foot the bill?
    That's it?

    So.... the Insurance Carrier has no say in the vote?

    Wow, I didn't know it was that easy to simply vote what your Insurance Carrier must do for you

    or maybe the author is just bad at telling stories and that's not what happened

    either way, I don't thing we've heard the end of this yet

    What happens when the hacker ignores the bitcoin trap you are setting and leaves your data to rot?

    Are you Insured for that ?
     
    Last edited: Jun 20, 2019
  23. mailpup

    mailpup TS Special Forces Posts: 7,401   +627

    I only pointed out that the Titanic was insured. You're right. It was a bad analogy.
     
  24. zorven

    zorven TS Rookie

    "city officials agreed to spend $941,000 on 310 new desktops and 90 laptops to rebuild its IT systems"

    Either this report is missing details or that is a big overspend.

    90 laptops at $1,500 each = $135,000
    310 desktops at $750 each = $232,500
    Total = $367,500

    Even if I am a little light on my costs, their spend is very high for what they got.
     
  25. jobeard

    jobeard TS Ambassador Posts: 12,889   +1,530

    Many here have never worked in a commercial environment and been subject to corporate management of your desktop system. Using the Exchange Server, the admin remotely controls what is installed and the configuration of the desktop. Typically, there is a standard image that all workstations use.

    absolutely true, but consider:

    1) these are likely much older system and SHOULD be replaced anyway
    2) the administrators would get a chance to rethink their management approach (aka standard images)
    3) which would (should) include business continuation plan for simple & total resource outage (aka fire, flood & famine)
    4) the workstations are only the tip of the iceberg -- all those server systems are where the business assets lay

    *IF* you're going to payout profits to fix system wide issues, THEN you have the opportunity to create meaningful change instead of just plugging holes in the archaic dam.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...