Some really good conversation has taken place on here regarding the handling of the demands hackers place on individuals or organizations, specifically for ransomware. I'm not entirely opposed to paying a ransom especially if the payment can be tracked! And what can't be tracked these days?
I've posted several articles about the woes of Baltimore. I sure hope the voters of BaltoCity hold their elected officials feet to the fire regarding that fiasco. They can dump a ton of money into programs that ultimately reap no benefits other then to buy votes instead of supporting their police and IT infrastructure.
Now another city is in the news. This time they are going the route of meeting the hackers demands. It will be interesting to see if this plan will work any better then what BaltoCity did. I've not seen new estimates of the cost to them since the last article I shared here.
Settle ransomware fast! That motto is beginning to resonated throughout local government in America. Middleman payments are becoming very popular and we are seeing lots of new tracking tools like this one.
You do have to wonder about how this happened and what could the IT folks done to either prevent or minimize this, and to what degree were they hampered by city government.
For instance, how did the ransomware get it such that someone could click on a link. No email filtering or the like to prevent this?
If this was due to someone in the policy department clicking a link, how was it that other city departments were affected, such as 911, HR/finance, etc. We hear that 911 was affected, policy couldn't enter tickets, and paychecks weren't being issued. Why wasn't the network segregated to prevent lateral moves like this.
Also, what about backups? Couldn't they wipe and restore, or where those affected as well.
I would really like to see a detailed technical postmortem with lessons learned that others can use. But am sure that won't happen. Which is frustrating because this sort of information can help others ensure that issues they see in their environment are addressed ("hey, if we don't fix X, we could be affected just like these guys were, as they had the same situation")
My best guess is that there is not enough money to implement best practices at every single level of government. Our military still uses Win Xp. I have veterans going to college with me and they were pretty open about that. Also, it does not help when employees are not educated or choose to be lazy or careless.