Skip to comments.Why Riviera Beach agreed to pay a $600,000 ransom payment to regain data access
Posted on 06/23/2019 3:32:18 PM PDT by dynachrome
The Riviera Beach City Council authorized the citys insurer to pay nearly $600,000 worth of ransom to regain access to data walled off through an attack on the citys computer systems.
In a meeting Monday night announced only days before, the board voted 5-0 to authorize the city insurer to pay 65 bitcoins, a hard-to-track cryptocurrency valued at approximately $592,000. An additional $25,000 would come out of the city budget, to cover its policy deductible. Without discussion on the merits, the board tackled the agenda item in two minutes, voted and moved on.
The dollar amount was not mentioned before or after the vote, only that the insurer would pay through bitcoins, whose value changes daily.
(Excerpt) Read more at palmbeachpost.com ...
“no explanation of whether the city has any guarantee that the ransomers will release it if paid.”
Probably hold ‘em up for more.
Where did they send the check?
The city already planned to spend $300,000 for equipment replacements in the next budget and will accelerate that expense, Councilwoman Julie Botel said. Much of the existing hardware was a half-dozen years old and vulnerable to another malware attack, so it was time to replace it anyway, she said.
None of that will make an ion of difference in a ransomware attack, but the city council and the writer are ignorant of this. Surprised they didn’t blame “Russians”.
The guess is it was a “click on a phoney email” thing.
These generally do, only because no one else will ever pay a ransom if they don't. That is not to say the victim is going to be left alone afterward. But as Baltimore just found out, it can be many times more expensive to fix if you haven't been doing your IT homework than it is simply to pay the ransom.
Diligent, thorough backups and keeping the patch levels up to date and this doesn't happen. Laziness and lack of professionalism and it does. Choose.
A relative of mine predicted this some time ago.
He said corporations, governments, businesses would rue the day they gave up their control over THEIR OWN data.
Baltimore suffered a ransomware attack a few weeks ago. Far as I know, they never paid the ransom. $70,000. Yea, the price of a new luxury car.
They never got around to installing the patch from Microsoft and it’s cost tens of millions of dollars so far.
They are asking people to estimate their water bills and hand deliver the money to their office. Yea, I’ll get right on that Sparky.
Total gross incompetence at many levels.
Daily backup saved the area I worked at from similar trouble, though it seemed to be a simple gather the address book and send itself out again type of attack. One wrong click.
This sort of thing could crash the system hard.
I’m sure this reveals my ignorance but I have to ask:
Why are these ransoms paid in Bitcoin? Why do these news articles always say Bitcoin is untraceable? Isn’t everything we do on the internet traceable somehow? Including Bitcoin payments?
Are the people who run Bitcoin completely outside the jurisdiction of any law enforcement anywhere in the world? Even if Bitcoin payments are made anonymously, wouldn’t law enforcement somewhere be able to subpoena records, and drill down and find out who was extracting Ransom?
Pardon my apparent ignorance on the subject, but none of the news stories I’ve heard about various Bitcoin ransoms have ever addressed the questions I’ve just posed here.
I believe bitcoin is much less traceable as it goes thru various anonymous servers which do not track anything and if the bad guys are in some craphole like pakistan, well, the police won’t care much about Americans getting ripped off.
That is the description of 99.9999% of IT shops (of which another 99.9999% is dominated by H1B visa holders).
Good reason for a small city to go back to paper records or disconnect vital information from the internet.
And from wiki, a whole bunch of info on bitcoin. not regulated and a fair amount of fraud over time.
To the insurer, as that is their deductible amount. The ransom seekers are being paid in bitcoin only.
Just another example of government ineptitude. Nobody will be fired for these screw-ups. Nobody backed up the data? Nobody patched the software? Nobody was working to keep hackers out of the systems? We really should be privatizing almost all government services.
Can I ask another stupid question?
Where do you buy Bitcoin? Do you have to buy Bitcoin in American money or the official currency of some other country? Who sells Bitcoin to you? Couldn’t something like this be a racket, in which the criminal element sells you the Bitcoin needed to pay the ransom that they are trying to extort from you?
Just throwing it out there, but what if it was an inside job? Larceny disguised as ineptitude is a common way for the government to steal tax dollars from projects.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.