In many cases hackers don't even have decrypt tools to undo their damage. They just move on to another easy prey if don't get paid.
Paying does not guarantee you anything, nada. Honest criminals? Hmm, interesting concept.
Sheriffs dept hacked. Pays 1.1m to hackers.
- Thread starter Chris142
- Start date
Paying does not guarantee you anything, nada. Honest criminals? Hmm, interesting concept.
They don’t provide nor have decrypt tools, what they have is the key.
If, and a big if, they will actually give it and if they don't steal data and don't sell the data.
Happened to us in 2020. Our Sheriff refused to pay and we ended up rebuilding most of our systems from scratch. Don't know where the backups were, not my area of concern. But it was a fair big pain in the butt keeping up with 250-350 inmates on a daily basis. While our IT department was pretty much useless, I ended up bringing in my personal laptop and coming up with a spreadsheet so we could track the inmates, clothing sizes, and a few other things that we need several times each day.
Plenty of places do have backups. The questions would be, are they backing up the right stuff, how far back can they recover from, and can they restore to a clean system they can work from.
FWIW I put these sorts of ransomware hackers in the same category as violent terrorists, and several other of the 'worst of the worst' and think they should be dispatched on sight, and everything they or their families own, seized forever. Serious scorched earth, you and your whole family are going down with you.
If a hacker was to take the money and not unlock things, it would ruin the entire ransomware industry. The other hackers would be very mad.
And by hacker, I think these are organized crime organizations that employ numerous computer experts.
Pay a little for proper security controls or be ready to pay a lot if you get hit with ransomware.
That would be my question to all those mentioning back ups. How do you recover if a hacker locks you out and has control of your system?
I know some will have answers but one must keep in mind out of the tens of millions (or more) systems in the USA a handful of hackers will always and forever be able to find an open door. The thing is Im willing to say (have no idea how accurate that is) 90% of the time an employee is the one that opens the door by downloading an infected file or a website with one. I KNOW it happens in my wife's industry.
I mean we can pick and call companies foolish but it's human nature to think it will never happen to you and your company.
After all, here is something to think about and it's a PERFECT example/analogy regarding ID theft.
How many people lose their lifesavings or victims of ID theft? Ruined credit scores, loans they never took out ect?
So my question, right here in this forum would be how many of you have your credit locked with all 3 major credit bureaus and at least one secondary credit bureau?
Same thing isnt it? Actually it's worse, it is 100% free of cost for you to do it but you haven't because it hasn't happened to you and most likely never will.
Yet for the 10's of millions of computer systems in the USA to protect themselves they have to spend a lot of money and even when they do try to bullet proof a system full of holes is no easy task. More so in an industry where people have to download files.
You think about those scenarios and come up with a recovery plan. That might mean backups plus a spare system to load them on, or just spare hard drives/SSDs that can be installed into the server to get it running on a clean OS.
Part of that might also include security measures that ensure that a hacker can't lock you out.
When the data is worth paying ransom on, it's worth protecting from the start.
Like the old Fram commercial, "You can pay me now or you can pay me later".
It's very difficult to answer that one without getting too deep into nerd-speak; but here is what I do in layman's terms:
I have my backup server, which is darn-near impossible to access by any means (firewall is closed to everything, I use a reverse SSH tunnel to a SSH bastion server, use 2FA/MFA, etc.), log into my production servers and retrieve data at intervals. That way, if anyone gains access to my production servers they cannot access the backup server. The backup server keeps several hours, and discreetly several days, weeks, months and even a year back, separate from each other. So even if a hacker compromises, but did not encrypt, my data, as a last resort I still have data present from before the breach.
Even more importantly, I grab the data from my backup servers and download it locally to my home office, where they are placed on storage media disconnected from my workstation ("air-gapped") and from power.
Not only that, but at my cloud provider (Google Cloud Platform in my case, Amazon for others, Microsoft for others, Oracle, etc.) I make "images" of the entire system - OS and all - daily. In the event of a lesser breach, like a bad actor compromising one of my clients' Wordpress sites, for example, I can very, very quickly and easily simply make a new server with a day-old stored image, find and fix the breach and carry on. And this is essentially what I'd do in the event of a larger breach: Spin up some new virtual machine with my cloud provider, find and fix the vulnerability, restore the data and get back to work.
I've been making web sites since the internet was still called "The Information Superhighway" and I have never had a breach of any sort, thankfully. I am a very small-time developer but most of my clients are regional-scale non-profits who are subject to phishing and social engineering attempts. The thought of letting one of these clients down sits deep enough in my mind that I take security pathologically.
I get the sense that sometimes these larger organizations leave security to people who don't care enough to be pathological, outsource it to people who may not understand their operations properly, or their security operations are the victims of budget shrinkage; like the utilities department I'd read about in Florida a couple of years back who had a bunch of servers connected to one TeamViewer account, administered by someone obviously not pathological about security, with a weak password. Duh.
Heck, my brother-in-law works for a software development firm whose infrastructure is hosted by IBM. At some point the IBM cloud suffered a brief outage. My brother-in-law went to check the IBM cloud status server, which was also down because the status server was at the same @#$% data centre that had gone down!!! Multi-level bureaucracies can be much, much dumber than individuals in the right circumstances.
I happen to agree with you, I’m not sure if I explained it correctly, but human nature to think just enough is enough meaning most companies don’t take that extra step or many extra steps
Well said I would think a lot of these large companies, much like state and federal government offices, a hodgepodge to the equivalent of thousands of extension cords crisscrossing each other, and everybody keeps their fingers crossed that nothing short circuits !
More or less, you wonder if any small group of people actually have hands-on knowledge on their entire network system.
I have used and use many Internet banks, and one that I recently joined up with because of a high rate is freaking scary how clunky their app is and their website absolutely horrible and when you call nobody can give you answers!
I’ve used secure messaging with them. I sent them Screenshots you get an answer that they can’t repeat the issue and the issue is there bill pay does not work.Lol
Like trying to access part of your their website in your online checking, you get nothing but spinning circles confirmed on the latest windows and Mac desktops and nobody has been able to give me an answer except to say try using the Phone app if you want to use bill pay!
This is a bank that a major national bank First Citizens Bank recently purchased which is CITBANK (not Citibank)over a year ago.
It really truly is scary when no one in the entire organization can figure out why this issue is occurring. I’m talking two desktop computers, two laptops, both different operating systems with the latest browsers.
Like you have been building websites since it was called the information superhighway I have been purchasing things online since 1995 when people would freak out that I told them that I use the credit card to pay for things over the Internet.
I have also had up to a dozen real estate websites running at any given time up in New York when I did real estate mostly free services at the time Weebly was one of them but before that I used to host gator and I’m grabbing at straws now it was too long ago.
I’m just saying that because I know what I’m doing and you’ll have to believe me when I tell you I have never seen anything more scary and such incompetent personnel at a online bank no less!!!
Then to get the only answer they can give after a month of back-and-forth telling you just try using the app.
I just recently went online and looked at some reviews and it’s the same complaints!
How can that be? This is a bank!!! LOL
Good post by the way
Last edited:
Because they paid with taxpayer money. Easy come, easy go 
Similar threads
