Slashdot Mirror
US School Agrees To Pay $8,500 To Get Rid Of Ransomware (softpedia.com)
An anonymous reader writes: Earlier this week, the media was abuzz with the case of the Hollywood hospital that almost shut down its operations because of a ransomware infection, which it eventually paid. Something similar happened around the same time in a South Carolina school district when ransomware shut down an elementary school's servers. The school had to pay $8,500.
Horry County school district (South Carolina, US). Got it! Thanks for the tip ;-)
At least banks and other victim institutions keep the whole thing secret. Great idea to render it public.
Another funny part in TFA:
Coincidentally, when the ransomware incident happened, the school's administration was looking into hiring an outside security provider.
What if it wasn't coincidental?
Everything I write is lies, read between the lines.
Apt-get upgrade doesn't require any new funding, not even new hardware, this isn't hardware failing, this is incompetence succeeding.
Custom electronics and digital signage for your business: www.evcircuits.com
Do we really want to be teaching children to negotiate with terrorists?
The obvious way around that is to stop calling everyone who breathes a "terrorist".
$8500 is cheaper than paying a decent SysAdmin. These criminals know at what point to price their services so that these institutions can continue putting their clients at risk.
Custom electronics and digital signage for your business: www.evcircuits.com
It would be better if it became the habit to spend money on security. That $8500 would have gone a long way towards decent security measures.
One wonders, though, what an elementary school district needs with 25 servers (or more; tfa says 25 were affected). What was so mission critical that it was worth paying cash to get back? Why not just format the affected machines, reinstall, and be done with it? The database that says litte Timmy got a B last year just aren't mission critical.
One wonders, though, what an elementary school district needs with 25 servers
There are a lot of federal dollars available for things like "computers in the classroom" and "cops in schools" that don't really make much sense, but, hey, it's free money, and can't be used for anything else. The elementary school that my kid attends has a $250,000 Cisco enterprise system that handles less traffic than the $39 Netgear router that I have at home. A federal grant paid for it, and on top of that, Cisco made a nice donation to the enrichment program, so it was a no-brainer.
It should be illegal to pay ransomware criminals.
Especially if, as in this case, they are being paid with tax dollars. I can understand an unprincipled individual or private company paying ransomware, but for a government entity to pay off criminals with public funds is vile. If this was legal, we need to change the law. If it was illegal, the decision maker should be prosecuted.
You start paying, they find more targets, make their scam more professional, etc.
That isn't all bad. In the past, insecure systems were hijacked and used as spam-bots, so the cost of the insecurity was borne by others. At least with ransomware the cost is borne directly by the bozos running MS-Windows on their servers.