US School Agrees To Pay $8,500 To Get Rid Of Ransomware

An anonymous reader writes: Earlier this week, the media was abuzz with the case of the Hollywood hospital that almost shut down its operations because of a ransomware infection, which it eventually paid. Something similar happened around the same time in a South Carolina school district when ransomware shut down an elementary school's servers. The school had to pay $8,500.

habit?

something tells me this is become the norm you're going to have public institutions putting $100K per year aside for ransomware if they leave normal users alone, ransomware creeps can sabotage as many schools as they want

Re:habit?

[sunderland56]

It would be better if it became the habit to spend money on security. That $8500 would have gone a long way towards decent security measures.

One wonders, though, what an elementary school district needs with 25 servers (or more; tfa says 25 were affected). What was so mission critical that it was worth paying cash to get back? Why not just format the affected machines, reinstall, and be done with it? The database that says litte Timmy got a B last year just aren't mission critical.

Re:habit?

[ShanghaiBill]

One wonders, though, what an elementary school district needs with 25 servers

There are a lot of federal dollars available for things like "computers in the classroom" and "cops in schools" that don't really make much sense, but, hey, it's free money, and can't be used for anything else. The elementary school that my kid attends has a $250,000 Cisco enterprise system that handles less traffic than the $39 Netgear router that I have at home. A federal grant paid for it, and on top of that, Cisco made a nice donation to the enrichment program, so it was a no-brainer.

Re:habit?

[Max_W]

...Why not just format the affected machines, reinstall, and be done with it? ...

It could be an inside job too.

Re:habit?

We have no records that your child ever attended our school, but we saved $8500! Oh, and we have new servers!

Re:habit?

The database that says litte Timmy got a B last year just aren't mission critical.

Unfortunately in this day and age that just isn't true. The amount of bureaucracy that is dependent on having these records, from state and federal funding systems to anti-discrimination initiatives, safety initiatives, college and education transfers and so on means these records are absolutely vital. We live in a world where the records and papers that say you have done something or are capable of it are more important than demonstrable ability. It does not matter if your child can read and write at an 8th grade level, without the papers that say they passed, your child will be taking whatever the local bureaucrat says they will take. It might be ok if you never switch school systems, but if you ever need those records it you will wish the school had spent twice as much and then some to get them back

Re:habit?

[spudnic]

What if they were to just format the affected machines, restore from the latest backup prior to the intrusion, and be done...

Oh, wait.

Re: habit?

[Billly+Gates]

Several thousand employees perhaps. School Districts are big employers who also have lawyers, accountants, business analysts, and shared drive and applications too just like the private sector.

Re:habit?

[AK+Marc]

When I left school (yes, it was a while ago) the computers were used to make things easier, but the permenant record was still printed every year and stored in file cabinets. A loss of the computer would cause re-work for the current year's teachers, and delays for those ordering transcripts, but no data loss would happen if every computer were stolen or wiped tomorrow.

Re:habit?

[jenningsthecat]

It would be better if it became the habit to spend money on security...

Also, on VERY frequent offline backups using increasingly cheap mass storage options. And possibly even duplicate server racks. Get a call from your neighbourhood data extortionist? Take the servers offline, patch the hole, restore from backups or switch over to the second rack, and tell the extortionists to fuck off.

Re:habit?

[tsotha]

If I made ransomware I'd put in a six month delay so even if you had a backup you'd lose six months of work.

Re:habit?

Actually no; Most IT decision makers prefer to have easy solutions than strong hard solutions security wise. Veni Vidi Vici

Re:habit?

[stoatwblr]

"It would be better if it became the habit to spend money on security."

And backups. $8500 buys a pretty decent box to run Bacula on.

Re:habit?

[stoatwblr]

Assuming it encrypted the stuff for 6 months, then refused to hand it over when you ran a DB query, etc.

If it's offering up unencrypted data for 6 months then you have 6 months of unencrypted data to work from until it locked the thing last week.

Re:habit?

[BoogieChile]

Or a reliable backup system.

One of our senior management got hit by one of these, and since he had access all the different network shares, did quite a bit of damage.

Something over 37,000 files restored from the backups later and no ransom had to go anywhere.

Re: Republicans funding malware...

Exactly. They hate us so they want this to continue. It's the same reason Reoublicans force corporations and governments to buy Microsift garbage.

Re: Republicans funding malware...

Because this is the future Republicans want for us all.

older server running outdated equipment.

[Joe_Dragon]

older server running outdated equipment. Well the Republicans failed to fund the IT newer hardware and software.

Re: older server running outdated equipment.

[guruevi]

Apt-get upgrade doesn't require any new funding, not even new hardware, this isn't hardware failing, this is incompetence succeeding.

Re: older server running outdated equipment.

But it will always claim things are running great by always exiting with a status of zero. Sounds like a politician! I see now why politicians live systemd.

Re: older server running outdated equipment.

And dropping stderr! I can see why Republicans like that since everything they say should go to stderr rather than stdout.

Re: Republicans funding malware...

There's a reason those pukianz force so many agencies to use that SharePoint shit.

It is not a good idea to pay extortionists

[gweihir]

You start paying, they find more targets, make their scam more professional, etc. At the moment, these are still common criminals, as can be seen by the low sums demanded (completely out of proportion compared to the damage done), but that will now change.

The good thing is that Bitcoin is not really anonymous, unlike the common wisdom. With a bit of lick these people will be identified. The bad thing is that it will take some time and by then others will have copied the scam.

Re:It is not a good idea to pay extortionists

[sims+2]

But for this bitcoin doesn't need to be anonymous it just needs to be non-seizable most don't use paypal or cc merchant accounts anymore because they get frozen before they can do anything with them.

Bitcoin doesn't get seized, frozen, revoked or invalidated. So despite being trackable its a better choice because they are unlikely to loose access to it after they've received it.

Re:It is not a good idea to pay extortionists

[Applehu+Akbar]

"The good thing is that Bitcoin is not really anonymous, unlike the common wisdom. With a bit of lick these people will be identified. The bad thing is that it will take some time and by then others will have copied the scam."

So why is the all-seeing, omnipotent NSA not able to nail ransomware hackers? I've heard the excuse that ransomware was below their level of concern, but now governments are being targeted, and this has already included police agencies. My take is that the NSA cannot see as much as it claims.

Re:It is not a good idea to pay extortionists

It's the public who have ascribed god like powers to the NSA not the other way around. In the rush to condemn NSA intelligence operations the capabilities and intentions needed to be exaggerated in the extreme. Of course distortions and out right lies are acceptable when attacking the NSA because they are evil incarnate that need to be closed down so any means to accomplish this goal is allowed. The ole "the end justifies the means" is the guiding mantra of today's social justice warriors. And any other opposition group who dares use same mantra are treated with contempt and called fascists.

Re:It is not a good idea to pay extortionists

"At the moment, these are still common criminals, as can be seen by the low sums demanded (completely out of proportion compared to the damage done), but that will now change."

Actually as covered on here a while back, that low sum is probably a sign that they're already getting a bit more sophisticated. They learned asking for small ransoms yields more money as far more people are likely to just pony up the payment than go through the trouble of fixing the damage themselves.

It'd be nice if businesses and organizations (And individuals) learned how to do fucking backups mind you.

Re:It is not a good idea to pay extortionists

[ShanghaiBill]

You start paying, they find more targets, make their scam more professional, etc.

That isn't all bad. In the past, insecure systems were hijacked and used as spam-bots, so the cost of the insecurity was borne by others. At least with ransomware the cost is borne directly by the bozos running MS-Windows on their servers.

Re:It is not a good idea to pay extortionists

while you are likely correct that the NSA is not really as omnipotent as they would have the public believe you should also consider that so far none of these ransomware attacks, at least none of the ones I've heard about, have hit anything that is critical, or even minimally connected, to national security.

Once a bunch of FBI/CIA/DoD/DoJ/etc. systems get hit and it actually affects the Federal government you will see action at the federal level.

Till then ...

Re:It is not a good idea to pay extortionists

[gweihir]

The NSA does not claim to see as much as people think. I once asked somebody mid-high in the NSA this question and he said "If we really could do what people think we can do, then the world would look differently." Entirely convincing.

Your second mistake is that identification of such criminals is a fast process. It is not. Ask again in a year or so.

Re:It is not a good idea to pay extortionists

[gweihir]

I do not disagree. The technical sophistication is also a sign that these are not complete beginners. But there is one other thing: They do not make a lot of money at the moment, but this type of attack does scale. They now got validated. They will try hard to get a lot more targets in the near future.

Re:It is not a good idea to pay extortionists

[gweihir]

Well, yes. And as they will now scale up their attacks, the problem will get a lot more pressing. Still, not paying them would have also had an effect in that direction and this will hit a lot of people that are actually not responsible for the IT screwups.

Re: It is not a good idea to pay extortionists

Maybe but damn they are experts on droids and iphones. Good for something I guess just not much of anything else.

Re:It is not a good idea to pay extortionists

i disagree. I believe the low amounts are why this continues. The easiest path is to pay the low amount then forget about it. If the amounts were large then there would be more resources and attention directed at investigation and prosecution.

Re: It is not a good idea to pay extortionists

[Applehu+Akbar]

Maybe but damn they are experts on droids and iphones. Good for something I guess just not much of anything else.

If that were so, why are they desperately wheedling for Apple to bail them out of their inability to crack an iPhone?

Re:It is not a good idea to pay extortionists

[Firethorn]

it just needs to be non-seizable

Start marking the bitcoins 'paid' as ransoms like this as 'dirty', and get as many vendors as possible to ban 'dirty' bitcoins'.

A user notices that X amount of his bitcoin has been marked dirty and unacceptable, and he has to sell it at a loss is going to get pissed at where he got it from - and probably implement checking for dirt himself. Then the anonymizers and places that accept ransom bitcoins for laundering will have regular users start avoiding them, etc...

Re:It is not a good idea to pay extortionists

[sims+2]

You mean like people do with counterfeit bills?

Re:It is not a good idea to pay extortionists

[AK+Marc]

The nice thing about paying is that the FBI can get involved. And there's always a money trail. When they start getting busted and serving time, the copycats will slow down.

Re:It is not a good idea to pay extortionists

Anonymizers are a script. And there are many of them. They don't discriminate. I don't get it...

Also: Your bitcoin wallet may be a certain percentage dirty because it may have had dirty coins mixed with it at some point in time. Basically, there is no way to do this right.

Re:It is not a good idea to pay extortionists

[AK+Marc]

It's not the NSA's job. It's the FBI's. The NSA might be able to help the FBI, but the FBI doesn't care because the political will isn't there. Get Congress to fund the FBI for more cybercrime work. Nope. If it's not putting minorities in jail, the Republican-controlled Congress won't fund it.

Re:It is not a good idea to pay extortionists

[Firethorn]

Pretty much - People only don't bother checking when the rate is low enough to not matter.

Re:It is not a good idea to pay extortionists

[tsotha]

Let's say you traced the bitcoin transaction to Russia or Ukraine (which is pretty likely). What are you going to do if the local sovereign government refuses to extradite? I wouldn't be at all surprised to find the NSA knows who these people are, but we're not ready to go to war over the odd $8500.

Re:It is not a good idea to pay extortionists

[Applehu+Akbar]

Just hire local mafiosi to do some "wet work."

Re:It is not a good idea to pay extortionists

The NSA does not claim to see as much as people think. I once asked somebody mid-high in the NSA this question and he said "If we really could do what people think we can do, then the world would look differently." Entirely convincing.

Sure it convinced you. He wouldn't be doing his job properly if it didn't seem convincing.

Don't forget your history. He who forgets the past is doomed to repeat it.

And the relevant history lesson: In the second world war the Allies broke the Enigma code, but what was crucial to making the most of it was ensuring the Nazi's didn't find out we had broken it. To keep up that pretence we ran scouting missions solely to create a plausible means of getting the intel we gathered from intercepted Enigma communications, we also deliberately let many people die when doing something to prevent it would give away that we could decrypt their communications.

Even after the war we didn't admit to being able to break Enigma. For a number of years after the war the British government (not sure if any other countries played a part in this) sold the captured Nazi Enigma machines as a secure unbreakable encryption to other friendly countries, so we could spy on them.

Re:It is not a good idea to pay extortionists

[stoatwblr]

"And as they will now scale up their attacks, the problem will get a lot more pressing."

At some point they'll step on the wrong toes and find themselves floating face down in a pond somewhere.

Re:It is not a good idea to pay extortionists

[gweihir]

That is exactly the point: History proves nicely that the NSA has rather strong limits.

Of course for people deep in paranoia (you seem to be), the NSA is the all-seeing, all-knowing entity that everybody needs to be deeply afraid of. Here is a hint: That idea has been used throughout history to control people and make them self-censor by chilling-effects. Usually it was called "God". This has worked well on many people, despite its obvious invalidity.

Back in the real world, the NSA TAO (Targeted Access Organization, i.e. the "hackers") apparently has something like 200 people working there. They can, at best, hack something like 1000 targets at any time if using heavy automation. Less than 100 targets is a more realistic estimate though, and on every hack they risk losing zero-day code. That is not god-like at all. That is what a good large criminal gang of hackers can do when they really put their mind to it. And they can do some things the NSA cannot, as they do not need to worry about being identified. Specifically because of the "god"-nimbus the NSA is cultivating in public opinion, they must be extremely careful to not get caught and identified.

Bus sure, be paranoid and play right into their hands. Well done.

Re:It is not a good idea to pay extortionists

[gweihir]

I doubt it and even if it happens it will not matter. Otherwise we would not have crime, now would we? Threatening violence has never reduced crime to any significant degree. Criminals do not expect they will get caught. The whole idea law enforcement is based on is rather seriously broken.

Bet it goes like this...

[MrKrillls]

"The school's IT staff said the ransomware penetrated their network through an older server running outdated equipment."

And proceeded to propagate through their network through newer servers running outdated equipment...

Re:Bet it goes like this...

[dAzED1]

I think you mean newer servers running outdated software. But even that doesn't work, given how horrible of a security mess server2012 and win10 are.

Re:Bet it goes like this...

They should bid out the penetration to find someone who will hold their server for less ransom

Re:Bet it goes like this...

Server 2012 and Win10 are pretty much par for the course. MA has always sold insecure crapware. It is not going to change. MS only pays lip service to security.

Re:Bet it goes like this...

[MrKrillls]

Yup.

Is this what we want to be teaching?

[sims+2]

Do we really want to be teaching children to negotiate with terrorists?

Re:Is this what we want to be teaching?

Do we really want to be teaching children to negotiate with terrorists?

Are you joking? The American public school system has become so pussified now that recovery is no longer possible. We're raising a generation of whimpy liberal push-overs who wouldn't stand up and fight to save their own lives.

Re:Is this what we want to be teaching?

[hort_wort]

Do we really want to be teaching children to negotiate with terrorists?

The obvious way around that is to stop calling everyone who breathes a "terrorist".

Re:Is this what we want to be teaching?

America is a nation of entitled cunts who are easy to offend. Fucking stick a fork in it, it's done.

They have guns and big SUVs but they don't have the balls to stand up to corporate corruption or the police state that they're happily voting into office.

Re:Is this what we want to be teaching?

America is a nation of entitled cunts who are easy to offend. Fucking stick a fork in it, it's done.

They have guns and big SUVs but they don't have the balls to stand up to corporate corruption or the police state that they're happily voting into office.

Comments like this are refreshing. It just breaths that the poster doesn't know what they are talking about, I can't help but find it cute.

Thank you pissed off poster for making my day a little bit brighter.

Re:Is this what we want to be teaching?

[sims+2]

We almost have tourist defined as terrorist too but Egypt is farther along in that aspect than we are in the US
http://news.antiwar.com/2015/0...

Although I think we will have that figured out within the next 10 years.

Re:Is this what we want to be teaching?

The comment was true and you brought nothing to the table, cunt ass bitch. If you had anything worth defending you would have defended it correctly.

Re:Is this what we want to be teaching?

Level 2 Badass Alert!

Re:Is this what we want to be teaching?

[St.Creed]

But there is good news too! We can be unpussified by following a few simple steps: http://www.welivesecurity.com/...

Re:Is this what we want to be teaching?

Do you really believe that someone who holds data on a server for ransom is a terrorist.

Has the world gone that retarded?

Re:Is this what we want to be teaching?

Oh. Oh. I got called out.

Okay, this will be fun for me. o_~

"America is a nation" - True.

"of entitled" - False. Plenty of us have died, and as a nation we give a great deal more than we receive from other nations. We are talking about the nation here. We work more than other nations. I mean, look at our richest. They love all the work we do.

"cunts" - False. A derogatory term for females. Aren't you a charmer. According to the 2010 census, only 50.8% of us are female, not all.

"who are easy to offend." - False. I think I pissed you off, making your statement more a reflection of yourself. Also I'm having fun here with a big grin, so I'm not offended. I'm enticed.

"Fucking stick a fork in it, it's done." - What is done? The nation doesn't exist any more? Boy, that'd be a shame. China is already circling the shitter, so I can't imagine what would happen if the most powerful nation in the world disappeared. Well I can, but who'd want to spoil your fun. I will agree that forks are awesome though. Also coming from a southern family, I didn't realize that the phrase "stick a fork in it" was something international (assuming you are outside the US).

"They have guns" - True. We do have a lot of them. Make a lot of them too. Not even a majority of people have a gun. Not even 1 in 10 if I remember correctly. A few people have a lot of guns though. We have guns in museums. We have civil war cannons all over the place for decorations. I once was presented with an opinion that Americans treat guns like the Japanese treat their swords. I'd agree. It is a weapon that made our nation. From that, it holds more meaning to the nation than simply a weapon to kill with. Depending on the sub-culture (We are a big place. Like, really BIG.) I wouldn't be surprised to find that the ownership or skill with a gun can be treated as a right of passage. Machismo is a strange thing.

"and big SUVs" - True. There aren't a lot of small SUVs. I'd argue against the name though. Not much sport or utility in most of them. More about a sense of comfort and security. A repressed desire to drive armored vehicles? For the record, I drive a Mustang. For me it is more about achieving an ideal from my childhood. Can't afford a Lotus GT1 sadly.

" but they don't have the balls" - False. I wanted to find a joke how a lot of trucks and SUVs have balls attached to them or how we have more males than most of the nations in the world, but that would just come off as something else to complain about. How about this. As a nation, and I think this applies more for human nature than simply America, the majority of people are just tired and depressed for things not going in the direction they want. Many think that no matter what they do it will not affect anything. We are a BIG nation, and this is also a good reason why some people get their guns. Aside from this silent and depressed majority that the presidential candidates have been trying to bring out to the voting booth, have you seen how crazy those that get engaged are? Just this cycle alone you've got clowns to the left and jokers to the right. I'd dare say that they could over power any of the sports riots you'd seen, because of the national scale. If that isn't enough testicles for you, I can say, and likely be correct, that we have more ball pits than any other nation. Are you happy with your own nation, or do you not have the balls so you take pot shots at another, easier target? Just a question between me and you.

" to stand up to corporate corruption" - Maybe? This one is a bit hard. It is more about the silent majority, but in this case many you can't assume people will go out of their way to learn about problems they didn't know existed. In general, I'll quote Churchill: "You can always count on Americans to do the right thing - after they've tried everything else."

" or the police state" - True. I'll agree to this with some caveats. Generations of people go in circles.The kids come out opposing their parents. For example the WW2 generation

Shame on them

It should be illegal to pay ransomware criminals.

Re:Shame on them

Isn't funding criminal activity already illegal?

Re: Shame on them

[guruevi]

It IS illegal to pay criminals for their activities. We should be trying these decision makers for funding terrorism.

Re:Shame on them

[ShanghaiBill]

It should be illegal to pay ransomware criminals.

Especially if, as in this case, they are being paid with tax dollars. I can understand an unprincipled individual or private company paying ransomware, but for a government entity to pay off criminals with public funds is vile. If this was legal, we need to change the law. If it was illegal, the decision maker should be prosecuted.

Re:Shame on them

[radarskiy]

So instead of complaining that they paid off a criminal, you can complain that they spent more tax-payer money than was necessary and demand that the decision-maker be prosecuted.

The TFS is incorrect.

The school did not have to pay.

Horry County school district (South Carolina, US)

[ls671]

Horry County school district (South Carolina, US). Got it! Thanks for the tip ;-)

At least banks and other victim institutions keep the whole thing secret. Great idea to render it public.

Another funny part in TFA:

Coincidentally, when the ransomware incident happened, the school's administration was looking into hiring an outside security provider.

What if it wasn't coincidental?

TCO?

[0100010001010011]

So when are we going to start including ransomware into the total cost of ownership?

Have any technical articles been posted on what all of these 'servers' were running?

Re:TCO?

[ls671]

Have any technical articles been posted on what all of these 'servers' were running?

Well, take a guess...

Re: TCO?

[guruevi]

$8500 is cheaper than paying a decent SysAdmin. These criminals know at what point to price their services so that these institutions can continue putting their clients at risk.

Re: TCO?

[ShanghaiBill]

$8500 is cheaper than paying a decent SysAdmin.

School administrators have no way of telling a good sysadmin from a bad sysadmin. Either would have a salary+benefits of over $100k/year, which few schools can afford. Schools can get federal grants to buy equipment, but salaries come out of their own budget.

Re: TCO?

[Mordaximus]

School administrators have no way of telling a good sysadmin from a bad sysadmin. Either would have a salary+benefits of over $100k/year, which few schools can afford. Schools can get federal grants to buy equipment, but salaries come out of their own budget.

Assuming each school needed a full time sysadmin, which they most likely do not. $100k to pay an admin to keep an eye on a portion of the schools in the school board is far more reasonable. And would then come from the board's budget, not the school.

Re: TCO?

[wisnoskij]

Hell, $8500 is probably cheaper than paying some contractors to test the security of your network. $8500 is peanuts to a hospital running 25+ servers.

Re: TCO?

[0100010001010011]

That assumes they only get hit once.

Re: TCO?

[ogdenk]

I live in SC, many sysadmins are paid $40,000-$50,000/yr in this area. Especially those working for low-budget school systems or smaller organizations.

Re: TCO?

[ShanghaiBill]

I live in SC, many sysadmins are paid $40,000-$50,000/yr in this area.

Once you add in benefits, pensions, overhead, and management, $50k is $100k. Burdened employment costs tend to be higher for governments, and even higher for public schools.

Re:TCO?

[AK+Marc]

Windows 8 home?

Re: TCO?

$8500 is cheaper than paying a decent SysAdmin. These criminals know at what point to price their services so that these institutions can continue putting their clients at risk.

What's to prevent the same hackers from doing this again next month to the same school?
Charge them another $8500 and the following month again and so on.

Re: TCO?

What about next week when another user clicks on the malware, encrypting files again? Couldn't that be $8500 a week?

Side question... what happens when a DOUBLE dose hits? Encrypting of the encrypting...

Maybe they need to hire someone to maintain the malware.

Re: Republicans funding malware...

There's a reason those pukianz force so many agencies to use that SharePoint shit.

My brother died because of SharePoint. The Republican mayor forced the city to buy it, and my brother was IT director and had to support it. Most of the city's employees quit because they couldn't do their jobs which made my brother's job even harder since he had even more people angry at him because SharePoint doesn't work. It got to the point where the police chief pulled his gun on my brother and threatened to have him raped in jail that my brother finally just gave-up on life.

Re: Republicans funding malware...

They live it since the version tracking is broken which helps them hide evidence.

This is a good reminder

[Kludge]

For me to do my offline backups.

Re:This is a good reminder

http://www.code42.com/crashplan/

Re: Republicans funding malware...

They hate us cause they anus.

What's the attack vector?

[mark-t]

What is the typical attack vector for something like this? I understand how it might affect a home users own computers either by visiting malicious websites, or being unconcerned with what one runs that was downloaded from ithe Internet, but how does a place like a school get hit?

Re:What's the attack vector?

Infected USB device, Phishing with infected documents, compromised credentials / exploiting vulnerabilities in any public facing computers/servers and migrating from system to system. Spreading infection via address books, SMB/NFS shares, DNS hijacking. Use your imagination

Re:What's the attack vector?

Javascript, drive-by downloads, and a clueless school secretary that clicks a link in an email that shows all of the tell-tale signs of being spam with a malware payload, but she doesn't recognize it.

At least that's what I'd guess in this case.

Educating the computer n00bs seems to be a necessity these days. That, and instilling a good, old-fashioned cynic's response. Basically, assume all email is from someone that is out to get you, and verify everything. Problem contained (but not solved).

Re:What's the attack vector?

[jbmartin6]

Phishing is the most common, but there are also thousands of sites pushing ransomware through the Angler exploit kit, and similar. I've seen it from restaurant sites and online forums especially. The managers are very clever, they don't push the EK more than a few times from any one site to avoid getting blacklisted. My employer has a crew of folks patching workstations (Flash vulnerabilities are a favorite) and monitoring traffic, and it has still gotten through a couple times and we've had to pull the plug on some locations until it was stopped. It is easy to see how a school or hospital could fall victim, and also why they would rather pay the ransom than go through and expensive and time consuming restore.

Re:What's the attack vector?

[stoatwblr]

"Phishing is the most common,"

A stat from several sites I work with - about 200,000 people in all.

Phishs are spotted and ignored by 97% of users - but that last 3% are a major problem

We've even had secretarial staff disable antivirus systems giving warnings about infected attachments in order to open things "because it might be important"

And no, they can't be fired.

Re:What's the attack vector?

"Phishing is the most common,"

A stat from several sites I work with - about 200,000 people in all.

Phishs are spotted and ignored by 97% of users - but that last 3% are a major problem

We've even had secretarial staff disable antivirus systems giving warnings about infected attachments in order to open things "because it might be important"

And no, they can't be fired.

Keep in mind that if they did miss something that actually might be important, they could lose their jobs. Perverse incentives and all that.

The real question in all this:

[kheldan]

So many useless, off-topic posts in this thread by political trolls; what's up with that? You shits have an issue with political candidates or parties, take it up at the polls, not by shitposting on Slashdot. Anyway..

Is anyone going to learn from these unfortunate incidents? There is no excuse for there not being decent security precautions and procedures in the IT department of any organization, and there likewise is no excuse for there not being adequate incremental backups of critical systems. Basically this school and the hospital in Hollywood were sloppy, and criminals capitalized (literally) on their sloppiness.

Re:The real question in all this:

[MrKrillls]

"shitposting"... Fine verb!!!!!!!

Re:The real question in all this:

More of an adverb, really, and a fairly common internet-specific term.

Re:The real question in all this:

[pauljlucas]

If most school districts can't pay teachers decent salaries, they presumably can't pay market rate for good sysadmins, so they have to take what they can get.

Re:The real question in all this:

[WindBourne]

the problem is that companies/groups decide to save a few bucks. Sadly, they are ignoring all of the evidence which is running windows and offshoring leaves you vulnerable. While the GOP is certainly be ones behind the offshoring, there is no doubt that the dems are just as stupid. They are the ones wanting to increase H1B, which will lead to more attacks.

Re:The real question in all this:

[edis]

There is something to make good out of this very bad habit: those, that were certainly cornered into making pay terrorists, have to recognize need to submit any decryption tools they were provided with to the people, fighting terrorists of that kind. That including analysts of the BleepingComputer community, makers of security tools, Kaspersky is one that springs to mind in regard to providing decryption utilities for public. Traces of communication and funds have to be professionally investigated as well, as far as it is possible.

There is no acceptable answer in just paying ransom, funding terrorists for their next gigs.

Re:The real question in all this:

[jbmartin6]

"decent security precautions" are hard, given that Angler pushes come from thousands upon thousands of different sites. All it takes is one host a little behind on patching and BAM. Maintaining backup regimes is expensive, it's much cheaper to take your chances and pay the very affordable ransom instead.

Re:The real question in all this:

You keep using that word; I do not think it means what you think it means. There is no evidence that these criminals are terrorists.

Re:The real question in all this:

[edis]

You can widen the use of the word, deriving from what terror is associated with:
ORIGIN late Middle English : from Old French terrour, from Latin terror, from terrere ‘frighten.’
Take a look at the meanings of terrorize, for your next.

If digging a little, you would quickly find, that "the definition of terrorism has proven controversial".
This gives you no good ground to tell that you know better than others what the word means.

Re:The real question in all this:

[kheldan]

it's much cheaper to take your chances and pay the very affordable ransom instead

I find that to be an extremely cowardly attitude to take, and a completely unnecessary and irresponsible one to boot. It's a don't-give-a-damn attitude and I find it reprehensible; if someone worked for me and took that sort of attitude towards the problem, they'd be fired on the spot.

Re:The real question in all this:

[kheldan]

There is no acceptable answer in just paying ransom, funding terrorists for their next gigs.

First of all there is little to no evidence that these were 'terrorists', not in the current-events sense of the word, it's just cyber-criminals, could be anyone really, could be some edgy teenagers looking to score some cash any way they can. Secondly, if you're saying we need to comply with anything and everything that the police (local LEOs, FBI, NSA, CIA, etc) demand of us, just because they demand it, then I have two choice words for you which I will uncharacteristically refrain from using on you, and they're not nice words at all.

Re:The real question in all this:

[edis]

It is about professional and most efficient handling of the given circumstances. We are mostly professionals gathering here. Teenagers are not very likely to have balls for arranging that scale of operations with the quality needed.

I am not going to deal with your opinion just because it bears very little in the above-mentioned light of professional stance.

Re:The real question in all this:

[kheldan]

I am not going to deal with your opinion just because it bears very little in the above-mentioned light of professional stance.

Same to you, buddy.

Fuck that...

I've got good backups... So I'd rather spend the $8500 on an airplane ticket and a pipe wrench. At least then I could have a little fun while I beat the life out of that little hacker faggot.

Good!

[whoever57]

Perhaps people will start to take computer security seriously, if they see that it has an immediate impact on their budgets.

i hope you know / this will go down

[Pseudonymous+Powers]

God dammit, when I heard my elementary school got hacked I thought I was finally going to be able to get out from under the pernicious shadow of my Permanent Record!

When I was at school...

[Skiron]

... someone stole my slide rule. I had to pay them 1s and 6d to get it back. How times have changed!

Windows and offshoring

[WindBourne]

Seriously, as long as groups/companies insist on running windows and offshoring the work, they will continue to be hit by ransomware and others.

Several decades ago, America used to be concerned about Security. Now, it is a joke.

Re:Windows and offshoring

[jbmartin6]

Ransomware isn't particularly sophisticated,and would work just as well on Linux if anyone wanted to code it up. Take everyone off Windows and I am sure someone would. I'm curious why you think America used to be concerned about Security. Remember SQL Slammer, Love Letter, and friends? The underlying architecture of the systems (e.g. disallow script access to Outlook address book) only changed when the security cost became too high, not before.

Re:Windows and offshoring

Actually, ransomware doesn't work as well on linux. Fewer holes, especially long-lasting ones. Put a windows machine with no extra security on a non-firewalled net connection (public ip address), count the hours before it is taken over. Do the same with linux, and count they years before something bad happens.

Linux machines typically doesn't have a virus scanner - there is really no need.

Re:Windows and offshoring

bullshit, i tried that some years ago on fedora 13, i only used that machine as a DNS cache, it got poisoned in hours and I got a non persistent bot in about a week, i found out about it as it saturated my uplink. The truth is that a non hardened Linux server is as weak as a non hardened Windows one as soon as you have some services running.

Re:Horry County school district (South Carolina, U

[Hognoxious]

Anyone else read that as Horny County?

An *elementary* school?

[cascadingstylesheet]

You could fit a typical student record on a 3x5 card ... suck it up and just tell the crooks to go pound sand.

Re:An *elementary* school?

[Mordaximus]

You could fit a typical student record on a 3x5 card ... suck it up and just tell the crooks to go pound sand.

Assuming that payroll wasn't handled by one of the servers affected...

Re:An *elementary* school?

[cascadingstylesheet]

You could fit a typical student record on a 3x5 card ... suck it up and just tell the crooks to go pound sand.

Assuming that payroll wasn't handled by one of the servers affected...

Housed in the elementary school, instead of at the district level?

In any case, if they can't piece together what they were paying people ... sheesh.

No

[John+Bokma]

Based on the number of phishing emails I see weekly I doubt people are ever going to learn. Stuff like this is done because it works and has been working for decades.

You have no idea how bad it really is...

As someone who has worked in public edu IT for years - I have always maintained that eventually schools will be subject to the same security regs as major corporations - but with nowhere near the pay. I think that practically no one outside public edu has even the faintest idea just how lax public edu security typically is, because public edu cannot and does not pay enough to attract real IT expertise - especially security expertise.

Re:You have no idea how bad it really is...

[AK+Marc]

The schools don't even know what CIPA is or how to meet it. The only one I know that even tried was given official complaint and was about to start the fine phase, before they got outside help to meet the law. Then they paid 10x what they needed to, to bring in an outside firm and put in basic filtering.

ransom lost - student grades still inaccessible

the bitcoin chain lost the ransom! extortion attempt traced back to 16 year old kid who wanted his grades hidden

Evil immoral f-ing asshole

What kind of evil immoral f-ing asshole steals from a U.S public school... well, I mean, other than congress failing to fund education...

Re:Republicans funding malware...

so these criminals can fund more attacks.

Sorry to read about your mental illness. Please seek professional care.

Re:Horry County school district (South Carolina, U

My guess is that everyone did.

Everyone keeps talking about security, but ....

[King_TJ]

... what about good backups?!

Just last week, one of my co-workers attended a Cisco seminar where they were peddling an "all inclusive" system to try to stop malware, and especially ransomware. It involved software you had to load on all of the clients, server-side software and special firewall type gear, all to try to "proactively stop ransomware from phoning home or uploading content anyplace". The price tag, obviously, was pretty steep as well.

Pulling his buddy, who worked at Cisco, aside for a minute, he asked, "If you have good backups, wouldn't all of this be pretty much unnecessary?" His friend smiled and nodded in agreement.

We use CrashPlan ProE where I work, backing up all of the client PC and Mac desktop folder contents in pretty much real-time, to the backup servers we designated for them based on the offices they operate out of. The servers themselves replicate to other servers at our other locations, for off-site backup copies, as well as a big chunk of the content we actively used getting stored on DropBox (where it's also possible to restore backups of deleted files or folders, or to go back to earlier versions if needed, using the backup and restore capabilities they provide business users).

As a general rule, if anyone was infected with ransomwarre that encrypted their data, we'd just wipe it and go to the latest good backup, and be back up and running with very little lost data (if any). Absolutely no reason to pay one of these hackers to unlock the stuff for us.

It seems to me that if you've got $8,500 to pay the ransom, then you had $8,500 to invest in some backup infrastructure instead....

Re:Everyone keeps talking about security, but ....

[Dadoo]

what about good backups?!

Give it time, and they'll figure a way around that, too. Off the top of my head, I'd say ransomware writers could put a delay in their software, before it does anything - say 6 months after it finds a new system. By that time, the ransomware will be all over the backups. Then what?

How do you protect yourself?

Let's say you're a small business with ~30 employees. There are a handful of directories available with write access. Is good backups and blocking executable access the best way to protect yourself?

Anyone heard of

[invictusvoyd]

Once you add in benefits, pensions, overhead, and management, $50k is $100k. Burdened employment costs tend to be higher for governments, and even higher for public schools.

Software As A Service ?

Re:Anyone heard of

[AK+Marc]

Take the salary of a sysadmin and multiply by 10. That's the SaaS cost.

Re:Horry County school district (South Carolina, U

[ls671]

Not me, I first thought it was a misspelling of "Whory".

Re: Republicans funding malware...

Link?

Windows is the problem

Any time an effective virus or scam occurs, the news media never mentions the operating system.

The way to get infected is to let idiots run WINDOWS desktops with WINDOWS servers without backing anything up. Windows domains are standard operating procedure for most school districts.

The cloud is the solution

The solution is to offload your sysadmin tasks to a third-party by moving everything to the cloud. The cost of running the sysadmin department can then be spread among many businesses.

Computers down because of ransomware infection?

[tetraverse]

What was the name of the computer Operating system this ransomware ran on?

i dont know what this people are doing wrong

i fap to trillions of pornography online and never seen one of these ransomware things and im fine

well my penis is a little sore, but im beggining to wonder if ransomware is real or its just as fake as fake bewbs