Indiana County Government To Pay Ransomware

HardOCP News · Nov 9, 2016

I am astounded that an insurance company would advise a city government to pay ransomware in hopes of receiving and encryption code to unlock their systems. You know, since dealing with hackers always works so well, I predict that the hacker take the money and disappear, leaving Madison County high and dry.

On the advice of their insurance company Madison County officials are moving forward to pay the ransom demands by a unknown group that attacked the county’s computer system. Madison County was hit by a ransomware attack over the weekend that prevented access to county records. The malware attack has not affected the election where the voting registration records are maintained on a separate computer server. County officials are hoping the problem will be resolved by Wednesday once the encryption code is received from the hackers.

Twisted Kidney · Nov 9, 2016

At some point employers and educators alike are going to have to understand that computer literacy isn't just turn it off and on again.

Armenius · Nov 9, 2016

You need to have an offline backup if your system is connected to the internet, FFS... I don't understand how governments and businesses cannot get this through their thick skulls in the age of increasingly aggressive cyber attacks and identity thefts.

amddragonpc · Nov 9, 2016

"We're in the process of adding a backup system."

OUCH.

Skripka · Nov 9, 2016

Look...this is Indiana we're talking about...

the-one1 · Nov 9, 2016

Some counties and small city governments don't have the budget for an added layer of backup protection.

One small city I surveyed don't have an offline/offsite backup, all server backups are live on another file server. :/

Kalabalana · Nov 9, 2016

the-one1 said:
Some counties and small city governments don't have the budget for an added layer of backup protection.

One small city I surveyed don't have an offline/offsite backup, all server backups are live on another file server. :/

I believe it comes down to education, and that is a fault felt most at smaller communities.

B00nie · Nov 9, 2016

Just tell the county that a self proclaimed security expert at [H]ardOCP said malware is no big deal and Windows platform is just safe to use. They're fussing out of nothing.

dandirk · Nov 9, 2016

B00nie said:
Just tell the county that a self proclaimed security expert at [H]ardOCP said malware is no big deal and Windows platform is just safe to use. They're fussing out of nothing.

The issue for this stuff is management of technology. Windows is much more secure than in the past but as usual you have to implement it (or how about just not disabling).

Ransomware could happen with almost any system since it attacks files the users have rights to. This has happened to us and is usually not a bid deal... recover from back up simple... Until you figure out some genius thought restricting access to a networked app main directory was just to much of a hassle (figuring out proper data security) and the whole app gets encrypted.

Even in that case we recover back up and then tell them... see the reason why we suggest you use proper data access security practices? People don't learn until it costs them (I will admit I fall into the same trap at times).

11EBSCREW · Nov 9, 2016

You'd be surprised at the level of customer service some of these guys have. I work for a MSP and LOTS of small businesses get hit with Ransomware. With no backup of their data they have little to no options. Pay the ransom or go out of business. Of the 40ish cases we've worked this year for customers 39 of them have had excellent response times. One of them - who purchased the ransomware as a service (yes, really) - had a hard time getting info from the place he bought the ransomware from and it took about 3 days to get the key. We strongly suggest people don't encourage the behavior by paying, when your livelihood and the livelihood of your employees is on the line, sometimes its the best bet.

Backups, backups, backups, backups.

Chebsy · Nov 9, 2016

They would be better paying other hackers to sort this out rather than paying ransomware !!

Skripka · Nov 9, 2016

Chebsy said:
They would be better paying other hackers to sort this out rather than paying ransomware !!

Besting high-level encryption ransomware....most likely not. Odds are they'd piss away a ton more money than just paying up. Such is the nature of high power encryption algorithms. Once the data is locked. It is locked. GOOD.

lostinseganet · Nov 9, 2016

Armenius said:
You need to have an offline backup if your system is connected to the internet, FFS... I don't understand how governments and businesses cannot get this through their thick skulls in the age of increasingly aggressive cyber attacks and identity thefts.

That cost money. Money they rather keep in their pockets.

Skripka · Nov 9, 2016

lostinseganet said:
That cost money. Money they rather keep in their pockets.

Like in the corporate world....nothing gets done or taken seriously until sh*t hits the fan. Badly.

Corporate don't care that their web server is slow and vulnerable. They won't spend the extra money to harden it and fix it.....not until something terrible happens.

nightfly · Nov 9, 2016

Skripka said:
Like in the corporate world....nothing gets done or taken seriously until sh*t hits the fan. Badly. Corporate don't care that their web server is slow and vulnerable. They won't spend the extra money to harden it and fix it.....not until something terrible happens.

Then they hire the right people, who come in and fix everything. So after that, business hums along as it should, as the smart guys do their job. But....bosses see everything is running smoothly, figure they don't need the smart guys anymore. Figure they can lay them off and save a lot, and pocket some nice bonus money for saving labor costs. And soon they're right back where they started. Wash, rinse, repeat. This is the dumb ass thinking that keeps small and medium businesses stuck where they are. Small-think.

Skripka · Nov 9, 2016

nightfly said:
Then they hire the right people, who come in and fix everything. So after that, business hums along as it should, as the smart guys do their job. But....bosses see everything is running smoothly, figure they don't need the smart guys anymore. Figure they can lay them off and save a lot, and pocket some nice bonus money for saving labor costs. And soon they're right back where they started. Wash, rinse, repeat. This is the dumb ass thinking that keeps small and medium businesses stuck where they are. Small-think.

Happens at large enterprises too.

My last workplace used a computer-controlled dimmer lighting system from ETC dating to the 1980s. It "works". Except you cannot get parts for love or money for it. Indeed we were lucky during my tenure we only had to reprogram it once. Imagine reading in 2010 a manual that reads "REQUIRED: IBM COMPATIBLE PC with at least DOS 2.0 or higher. HARDWARE REQUIRED: Parallel port". Yea we made it work....but when that thing breaks they are hosed, and have no money destined to replace it.

Uvaman2 · Nov 9, 2016

Soon to be fired IT person: We really need some offline backups here, I think a 6k small server would do it... or you can maybe do it cheaper online, encrypted with Amazon or whatever.
Repsonse: Well, there is no money, and we are closing your position, thank you for your service, but its no longer needed.

6 months later, ransomware, a lot of acting surprised, and money just shows up.

Tweak42 · Nov 9, 2016

Steve said:
I am astounded that an insurance company would advise a city government to pay ransomware in hopes of receiving and encryption code to unlock their systems. You know, since dealing with hackers always works so well, I predict that the hacker take the money and disappear, leaving Madison County high and dry.

On the advice of their insurance company Madison County officials are moving forward to pay the ransom demands by a unknown group that attacked the county’s computer system. Madison County was hit by a ransomware attack over the weekend that prevented access to county records. The malware attack has not affected the election where the voting registration records are maintained on a separate computer server. County officials are hoping the problem will be resolved by Wednesday once the encryption code is received from the hackers.

In a lot of these cases it appears that paying the ransom seem to be fastest way to getting the data back and resuming business. It's in their interest for hacking groups to give out the key so there's less incentive for law enforcement to pursue them. Of course once the data is recovered it should fall to the insurance company to up their rates and/or get assurances that data is being properly backed up.

Oldie · Nov 9, 2016

the-one1 said:
Some counties and small city governments don't have the budget for an added layer of backup protection.

One small city I surveyed don't have an offline/offsite backup, all server backups are live on another file server. :/

Bandwidth can be a limiting factor for some entities and tape libraries are frankly difficult to manage for smaller shops. Even if you have a Tier 1 solution like Veeam restoration can take days or longer depending on how much data you have, whether you have to go to your offsite source and what kind of traffic your hardware can handle.

Indiana County Government To Pay Ransomware

HardOCP News

[H] News

Twisted Kidney

Supreme [H]ardness

Armenius

Extremely [H]

amddragonpc

[H]ard|Gawd

Skripka

[H]F Junkie

the-one1

2[H]4U

Kalabalana

[H]ard|Gawd

B00nie

[H]F Junkie

dandirk

[H]ard|Gawd

11EBSCREW

n00b

Chebsy

Gawd

Skripka

[H]F Junkie

lostinseganet

[H]ard|Gawd

Skripka

[H]F Junkie

nightfly

2[H]4U

Skripka

[H]F Junkie

Uvaman2

2[H]4U

Tweak42

Gawd

Oldie

Mean Old Administrator