Cities Pwned By Hackers Pay Out Massive Sums To Save Themselves

In the last week, not one but two Florida cities have been pwned by hackers who used ransomware to cripple their networks. And in both cases, the hackers got paid. And I do mean paid. First up on the list was Riviera City Florida who paid $600,000 USD in Bitcoin to get their data back:

The city’s decision, as reported by CBS News, came after officials came to the conclusion that there was no other way to recover the city’s files. Access to Riviera City data has been locked since May 29, this year, when a Riviera Beach police department employee opened an email and unleashed ransomware on the city’s network. The ransomware locked files and shut down all the city’s services. Operations have been down ever since, with the exception of 911 services, which were able to continue to operate, although limited. The city’s website, email server, billing system, and everything else has been down ever since, with all city communications being done in person, over the telephone, or via posters. The city has been having a hard time recovering from the incident ever since.

Then less than a week later, Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000 after they got pwned:

The decision to pay the ransom demand was made after the city suffered a catastrophic malware infection earlier this month, on June 10, which the city described as a “triple threat.” Despite the city’s IT staff disconnecting impacted systems within ten minutes of detecting the attack, a ransomware strain infected almost all its computer systems, with the exception of the police and fire departments, which ran on a separate network.

A ransom demand was made a week after the infection, with hackers reaching out to the city’s insurance provider — the League of Cities, which negotiated a ransom payment of 42 bitcoins last week. City officials agreed to pay the ransom demand on Monday, and the insurer made the payment yesterday, on Tuesday, June 25, local media reported. The payment is estimated to have been worth between $480,000 to $500,000, depending on Bitcoin’s price at the time of the payment. The city’s IT staff is now working to recover their data after receiving a decryption key.

I have some random thoughts on this.

  • You have to take steps to protect yourself. Such as using advanced threat protection from companies such as Darktrace or Microsoft as the latter has advanced threat protection for Office 365. And it goes without saying that you need up to date AV software on every device on your network.
  • You also have to make sure your data is backed up. And that at least some of those backups are off site. That way you have a fighting chance of getting back up and running if you get pwned.
  • You have to limit what users do because they are the weakest link. By that I mean that they cannot be allow to simply do whatever they want with computers like install their own software. Because you’re just asking for trouble when you allow that.
  • You have to make sure that you’re on top of every patch that comes out for whatever OS you are using and install them as quickly as possible. Ditto for applications. That way you limit the attack vectors that this sort of threat leverages, and you also limit how broad it could spread if it got onto your network.

But the big random thought that I have is that the more that these hackers get paid, the more that they will do this. And the bigger the ransoms will be. So if this is to stop, companies have to take away the incentive to do this by doing the above and perhaps more. By doing that there is no incentive to pay the hackers and the hackers in question will go away and find something else to do.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: