> A similar breach recently cost Baltimore $18 million to repair damages.<p>No. $18 million was an <i>estimate</i> somebody gave once, who knows where it came from.<p>In fact, damages have <i>not</i> been repaired in Baltimore. 6 weeks later, most city services are still down. You can't pay a parking ticket or a water bill online. (You can send a check in; I am not sure where they <i>record</i> that you paid when they cash your check, and am not particularly confident they'll actually have a record I paid).<p>We in fact do not know how much money they've spent thus far, there have been no press briefings on this. Estimates of how much they will spend before it's over (will it ever be over?)... we all know how IT estimates work.<p>I think it will probably be quite a bit more than $18 million. And then there's estimating "damage to the economy." (There were two weeks when real estate transfers were frozen, because there was no way to check city liens. They can be done now, using a paper-based system that actually has those involved in the transaction sign an unusual contract agreeing to take on liability for unknown liens in unusual ways (I'm being vague cause I don't totally understand it), that some but not all title companies are willing to use).<p>The Baltimore ransomers only wanted ~$100K. If I were the mayor, yeah I'd pay it.<p></Baltimore resident>
Could they have avoided the ransom by having daily (or hourly) backups to non-rewritable (write once) media? So the malware won’t encrypt the backups, obviously.<p>I think that the last day’s work (or last hour’s work) will be lost or will require a lot of manual fixing regardless of whether they pay the ransom. If they pay, they’ll still have to fix partial database transactions, corrupt files, etc., for the attack date. If they don’t pay, they can recover from earlier good backups and reconstruct that one day’s worth. My reasoning is that the attack date’s data is going to be corrupt and untrustworthy in either case, and it’ll be equal work either way. (Or at least it’ll be less than $600,000 of work to fix that one day.)<p>I imagine that they either weren’t doing backups at all, or their backups were directly accessible and writable by the malware.
>On Monday, Councilwoman KaShamba Miller-Anderson, the chairwoman of the board, asked Justin Williams, the interim information technology manager, for something seemingly simple. Could the elected officials’ new email addresses be posted online for the public to get in touch with them?<p>>Underscoring the enormity of the city’s troubles, Mr. Williams explained that the webmaster hoped to get to that soon.<p>>“He’s been working very feverishly to get that done,” Mr. Williams said.<p>...the webmaster is working feverishly to post a static piece of text to a website? I guess it really is hard to fire government workers.
maybe state governments should preempt this and make it illegal for municipalities or state agencies to pay ransoms, so they are less attractive targets
Look, virtually nowhere in the public sector is security taken seriously. And nowhere in local government is security taken seriously. City governments might as well be pinatas... the way their budgets work, they'd never be able to replace large systems that were compromised. Without legislation banning them from paying, paying the ransom is likely really appealing to them. Security should be bumped up, but let's face it... that's not going to happen given how nobody who knows anything about tech would be caught dead working for local government. So many things have to change.
The laxness of infosec in government continues to astonish me. It's not like these types of attacks are new either. I can only assume that the people in charge of infosec in such situations are bureaucrats without much technical knowledge.
I would very much like to hear from the insurance carrier here, and know what the post mortem and preventive countermeasures will be.<p>Update: The servicer appears to be Gallagher Basset based on the 2018-19 budget and legal cases cited online.<p>City records (CC agendas, minutes) are painful if not impossible to navigate.
Curiously, no open IT / security positions listed:<p><a href="https://rivierabch.applicantpro.com/jobs/" rel="nofollow">https://rivierabch.applicantpro.com/jobs/</a>
I've noticed outside software or technical companies IT is basically 100% turn key with off the shelf mostly junkware (even 'enterprise') software being used. I attribute this to the mismatch between HR and the position being hired for and what higher education teaches w.r.t IT. Honestly what needs to happen is interviews need to be farmed out to places that understand the respective industry and not just certifications and higher education.
Let's look at this a bit differently - Ransomware is a type of malicious software designed to block access to a computer system or computer files until a sum of money is paid. Most ransomware variants encrypt the files on the affected computer, making them inaccessible, and demand a payment to restore access.<p>Ransomware is a type of malicious software designed to block access to a computer system or computer files until a sum of money is paid. Most ransomware variants encrypt the files on the affected computer, making them inaccessible, and demand a ransom payment to restore access.<p>Ransomware is rarely individually targeted, but rather a “shotgun” approach where the attackers (Clue I) acquire lists of emails or compromised websites and blast out ransomware.<p>Microsoft used a method to install software giving it superuser rights without a login. (Clue II) Most ransomware is based on this same install job. It is lightweight but identifiable.<p>Ransomware is a tripartite intruder and is based on what's already there on Windows (mscexe) in your compute and a substitution of legit program (outlook encrypt) Once the 3 parts are there your system is theirs and only a windows product key method "EFHST-G6ERT-VXWMT-FF8MB-MYERR" can free it - all thanks to Microsoft's product key methodology.<p>Oh and "backups" & PCmatic won't help and because Microsoft uses the same method to stop you from sharing software. You have seen the screen yourself => you have entered an invalid the product key!<p>Ransomware can be shipped with a NSA crack( EternalBlue ) forced onto the city of Baltimore (Clue III ) but the same code to create a superuser is open to the public is the
end to all protection - because it hides using Microsoft's hidden directory method.<p>Well what to do now, pay the BTC? Yes and NO Yes buy BTC and NO this is where we create a pigeon drop for out NSA connected friends - we don't accept the face price and try to keep our BTC keys and Encrypt theirs.<p>For the FBI and NSA the profit from robbing Venezuela, Iran, Russia, Ukraine and Switzerland has been too great for them to stop. As witnessed with Venezuelan money gone and power outage.<p>That said, demand that Microsoft be held liable for product defects and to make all actions visible to the end user community ( no hidden files or directories ).
I will continue to smugly assert that backup must include an offline component. Given that total data loss is a non-zero possibility (and, increasingly, more and more likely) the argument that having even a simple offline component (say, some encrypted USB disks for a small business, tape or such for a larger business) is too expensive or cumbersome doesn't make sense to me.
Lady opens a random email (most likely in her junk folder) from someone she doesn't know and end's up costing the company hundreds of thousands of dollars? In 2019? Something is rotten in the state of Denmark.