Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday June 22 2019, @02:19PM   Printer-friendly
from the it'll-get-worse-before-it-gets-better dept.

Submitted via IRC for Bytram

A tale of two cities: Why ransomware will just get worse

Earlier this week, the city of Riviera Beach, Florida, faced a $600,000 demand from ransomware operators in order to regain access to the city's data. The ransom was an order of magnitude larger than the ransom demanded by the attackers that struck Baltimore's city government in May. Against the advice of the Federal Bureau of Investigation, however, the Riviera Beach city council voted to pay the ransom—more than $300,000 of it covered by the city's insurance policy.

Baltimore had refused to pay $76,000 worth of Bitcoin despite facing an estimated ransomware cost of more than $18 million, of which $8 million was from lost or deferred revenue. Baltimore lacked cyber insurance to cover those costs.

Riviera Beach is much smaller than Baltimore—with an IT department of 10 people, according to the city's most recent budget, and an annual budget of $2.5 million to support a total city government of 550 employees. (Baltimore has about 50 IT staffers supporting more than 13,000 employees by comparison.) It's not a surprise that Riviera Beach's leadership decided to pay, given that a full incident response and recovery would have likely cost two to three times what they've agreed to pay the ransomware operators, and half of that price tag is covered by insurance. So, Riviera Beach's decision to pay looks like the easiest way out. It's a decision that has been made by many local governmental organizations and businesses alike over the past few years.

Except, it probably isn't an easy way forward. Riviera Beach will still face the costs of fixing the security issues exploited by a phishing email opened by a police department employee. There's no guarantee that data was not stolen from the network, as apparently happened in Baltimore. And the paying of the ransom indicates the city doesn't have an effective disaster recovery plan. Without major upgrades, Riviera Beach could soon end up in the crosshairs of another ransomware attack—especially now that they've shown they'll pay.

Both the Riviera Beach and Baltimore ransomware attacks, along with the half-dozen known recent ransomware attacks against local governments, are indicative of just how unprepared many governments (and businesses) are for ransomware. Over the past few years, ransomware has exploded: data from the FBI shows that another organization is hit by ransomware every 14 seconds, on average. And this trend shows no signs of slowing—in fact, a new trend of targeted ransomware, seeking even bigger payouts, is emerging, in which more sophisticated organizations go specifically after businesses and other organizations more likely to pay out.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday June 23 2019, @12:56AM

    by Anonymous Coward on Sunday June 23 2019, @12:56AM (#858973)

    You don't understand! These tech bro incels can be stopped by no man! Only a real man like Joe Biden can sniff out the female programmers we need!