Sheriffs dept hacked. Pays 1.1m to hackers.
- Thread starter Chris142
- Start date
Dallas, TX was hit with ransomware recently as well.
https://www.cnn.com/2023/05/03/politics/ransomware-dallas-police-department/index.html
And environmental agency in my area got scammed not too long ago:
https://windsorstar.com/news/local-...efore-292k-phishing-scam-impersonated-staffer
In most of these cases, it is social engineering that gets the hackers the access.
https://www.cnn.com/2023/05/03/politics/ransomware-dallas-police-department/index.html
And environmental agency in my area got scammed not too long ago:
https://windsorstar.com/news/local-...efore-292k-phishing-scam-impersonated-staffer
In most of these cases, it is social engineering that gets the hackers the access.
We have proactive training at my work and they randomly send us phishing emails to see if we open links or report them to IT. Ounce of prevention...
I know of company that got hit with ransomware and refused to pay. They had to break out typewriters and paper to overcome it. Not sure it was cheaper than paying the ransom but at least they didn't give in to the criminals.
I know of company that got hit with ransomware and refused to pay. They had to break out typewriters and paper to overcome it. Not sure it was cheaper than paying the ransom but at least they didn't give in to the criminals.
Morons. Paying is always a bad idea, there is no guarantee the criminals will release your data. Many cases where they take the money and say good luck. At my previous job we had one of our school districts/towns get hacked. Someone at the town hall clicked on ransomware and then sent the link to 4 other people asking what it was. They demanded something similar. Luckily we had a backup of everything that happened every night, so we just started fresh with the backups from before the hack.
If they don't have backups, the fact that they are morons was demonstrated long before they got hit with ransomware and paid up.
An article I was reading noted that some of these ransomware attacks affect the data integrity for many months before the final blow that locks the access. Therefore the bakckups are also unusable. This was in relation to the recent Garmin attack.
Government contract I worked on had backups going back for YEARS.
Garmin did too, but the navigation maps Garmin supplies to their customers have to be current. Plus they needed current customer data for subscription information.
Garmin paid the hackers on this one as do most entities.
Other issue is the use of mapped network drives on Windows machines with read/write access. That's how ransomware is able to encrypt data.
Company I work for now doesn't use mapped network drives. Ransomware might ruin a laptop, but it isn't going to damage any data on a server.
What's the alternatives to using mapped network drives?
There is. The problem is who gets to define "waste".
Paying ransom is always a bad idea. Once you do it, the bad guys know you are an easy mark.
Nearly all of these companies pay because the alternative is a complete business disruption or outright default. The encryption on their data is pretty well unbreakable and they cannot take the time to try and outwit the perpetrators. It's unfortunate but that's the way it is.
Yup. They can almost always forensically determine what the problem was and take some type of step to mitigate a repeat. Even presuming they'd backed up their infrastructure to completely cover what was encrypted, it'd take so long and be so disruptive that it's just easier and less costly to pay the ransom.
My employers was hit with ransomware right before Thanksgiving a couple of years ago.
We were fortunate that our head of IT noticed some suspicious activity at about 10:00 at night, had a good idea of what was going on, and almost immediately came to campus to physically shut down our systems. Doing that likely mitigated some damage, although the worst was already done.
We ended up being closed for a week and a half, and managed to return to some semblance of functionality. Several of our systems(like Blackboard, which is our learning management system and handles...a lot...) are externally hosted but were still down because they are routed through an on-campus single sign on server. The SSO was one of the first systems brought back up. A year and a half later, though, there are still a few lingering things that have not been restored, and still some bugs that pop up.
During the initial recovery, we had a few teams come in including a forensics team that was talking to the FBI and a negotiations team in touch with the hackers.
We were able to restore from backup and only lost about 3 days of emails and other documents-all in all not a terrible outcome.
In any case, though, during a big faculty meeting(the first fully in-person one we'd had in my time there) the question was asked about paying the ransom. The answer we were given was that even though we were in active discussion with the hackers(presumably to get as much information as possible), actually paying the ransom was never under consideration. We were given two reasons-the first was that there was no guarantee that they would actually give us anything of use, but the other was that they had estimated even with the decryption keys on hand, it would likely take as long to decrypt as they estimated restoring/rebuilding from backup would take.
It turned into an interesting finals week, though. Among other things, we did not have copiers. The copiers themselves presumably worked fine, but the PIN boxes that unlock and charge the appropriate accounts weren't working. Our campus print shop could still make copies-we just had to physically walk things over and fill out a paper work order with number of copies and an account number to charge.
We also didn't have email at that point, as our faculty/staff email is on a local Exchange server that was being rather stubborn to come back up(it was the last major system that they got working). It confused the heck out of the students as once our SSO server was back up, they could use their externally hosted Exchange 365 email. We had a few days of paper memos stuck in our mailboxes for campus-wide communication and updates. Once email did come back up, it only worked on the campus network, which honestly was kind of nice(I was hoping that wouldn't get fixed before Christmas break so that I would be free of checking it but it did come back the last day...)
We were fortunate that our head of IT noticed some suspicious activity at about 10:00 at night, had a good idea of what was going on, and almost immediately came to campus to physically shut down our systems. Doing that likely mitigated some damage, although the worst was already done.
We ended up being closed for a week and a half, and managed to return to some semblance of functionality. Several of our systems(like Blackboard, which is our learning management system and handles...a lot...) are externally hosted but were still down because they are routed through an on-campus single sign on server. The SSO was one of the first systems brought back up. A year and a half later, though, there are still a few lingering things that have not been restored, and still some bugs that pop up.
During the initial recovery, we had a few teams come in including a forensics team that was talking to the FBI and a negotiations team in touch with the hackers.
We were able to restore from backup and only lost about 3 days of emails and other documents-all in all not a terrible outcome.
In any case, though, during a big faculty meeting(the first fully in-person one we'd had in my time there) the question was asked about paying the ransom. The answer we were given was that even though we were in active discussion with the hackers(presumably to get as much information as possible), actually paying the ransom was never under consideration. We were given two reasons-the first was that there was no guarantee that they would actually give us anything of use, but the other was that they had estimated even with the decryption keys on hand, it would likely take as long to decrypt as they estimated restoring/rebuilding from backup would take.
It turned into an interesting finals week, though. Among other things, we did not have copiers. The copiers themselves presumably worked fine, but the PIN boxes that unlock and charge the appropriate accounts weren't working. Our campus print shop could still make copies-we just had to physically walk things over and fill out a paper work order with number of copies and an account number to charge.
We also didn't have email at that point, as our faculty/staff email is on a local Exchange server that was being rather stubborn to come back up(it was the last major system that they got working). It confused the heck out of the students as once our SSO server was back up, they could use their externally hosted Exchange 365 email. We had a few days of paper memos stuck in our mailboxes for campus-wide communication and updates. Once email did come back up, it only worked on the campus network, which honestly was kind of nice(I was hoping that wouldn't get fixed before Christmas break so that I would be free of checking it but it did come back the last day...)
Balancing the cost of fixing problem caused and giving in.
Similar threads
