US mayors adopt resolution to not pay hackers over ransomware attacks

Their assumption is that they&#x27;re being targeted and that this &quot;united front&quot; will give attackers less reason to target them, when the harsh reality is that these CrytoMalware emails&#x2F;IM Spam are being send to every business&#x2F;government internationally looking for the softest targets.<p>They should have passed a resolution to implement a 1-2-3 Backup Strategy with mandatory offline &amp; offsite backups and testing protocols. But that would cost money and require competent management&#x2F;oversight, instead they&#x27;d prefer to pass a meaningless fiat that won&#x27;t do jack.<p>Honestly until there are consequences for government officials&#x2F;management nothing will change. This is 95% about poor resource management and 5% about CrytoMalware. Nobody should be paying, because they should ALREADY have multiple tiers of backups, that are audited, tested, and reviewed.<p>PS - &quot;It also encrypted our backups&quot; is also pure incompetence. They just didn&#x27;t want to manage rotated backups or pay the storage fee&#x2F;costs of high density tape.

Mayors will pay &quot;cyber-security&quot; consulting firm. The firm will pay the hackers.<p><a href="https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;georgia-county-pays-a-whopping-400000-to-get-rid-of-a-ransomware-infection&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;georgia-county-pays-a-whopping...</a>

I am on a local city commission. As part of this, they gave me an email address (made me unhappy, but whatever). They sent me an email to my personal email address telling me how to log in to my city email address, explaining that my password was a trivial algorithm based on my name, followed by a number an exclamation point. This was a form email: every single address in the entire city has the same password format (with the same number, to be explicitly clear). They disabled the feature to let people change their password. So... anyone can log in to the email account of any official in this city and do stuff like delete mail before they see it (as even if they have audit trails turned on for administrators, the official can still delete mail from their own perspective, and would never know if someone helpfully deleted it &quot;for them&quot;).

This type of acausal deal only works for single-target attacks. If a bad actor is searching for a victim and sees two potential targets, one of which has resolved to never cede to their demands and one who wasn&#x27;t commented, they will attack the ambivalent party.<p>Malware is not a single target attack. Whether or not it&#x27;s probably beneficial to attack one of these cities is not considered. Instead of making gestures, these mayors should be investing in better cybersecurity.

Honestly, I can&#x27;t add much more than what has already been said here... If your data&#x2F;biz&#x2F;org&#x2F;etc is crippled because of these types of attacks, then you really need to have a frank discussion around IT&#x2F;resource allocations&#x2F;goals. These are 100% manageable (worst case).

Is it just me or will hackers use this as a guide of whom to hack?

Is it cheaper to pay the ransom to unencrypt your data or just buy a copy off the dark web?<p>I assume the malware fucks stole a copy to auction off.

Fascinating. The page manages to bypass uBlock Origin and pop up an ad window in the right bottom corner to start paying heavy (which my computer and connection can barely handle) video with sound (!) automatically.

this is beyond stupid. municipal IT systems are vulnerable because of poor resource availability and lack of budgets to properly secure them.<p>paying the ransom ware folks should be considered the cost of doing business. it’s cheaper than actually securing the data.<p>anyway it’s expected. the same mayors that underfund IT would be the same ones to make this ridiculous “red line”.<p>good opportunity here for a cookie cutter IT consultancy to come in to all of these cities and offer cookie cutter service.

I’m curious where the cities that have paid ransomware attackers acquired bitcoin. Did they literally just open a Coinbase account and send funds through there?

Alternatively, they could move to secured cloud services; what with encryption at rest, nightly backups, and inactive file storage.

Ok, but how are they gonna get their data back? Just sacrifice it and lose all digital public records?