Baltimore won't pay hackers' ransom, sets aside $10M in emergency funding to recover from cyberattac

[Elderberry]

USA Today by Kristin Lam 6/27/2019

While two Florida cities have now paid a ransom to regain control of their hacked computer systems, the city of Baltimore is taking a different approach.

Baltimore officials this week approved $10 million of emergency funding to recover from a similar attack after refusing to pay an $80,000 ransom at the advice of law enforcement authorities.

Cyberattacks immobilized some of the city's systems almost two months ago, WBAL reported, but services such as water billing are still offline. The total cost of responding to the hack may hit $18 million, the city's budget office estimated.

Officials in Lake City, Florida, meanwhile, decided to pay hackers a ransom of 42 bitcoins, or roughly $426,000.

More: https://www.usatoday.com/story/news/nation/2019/06/27/baltimore-cyberattack-relief-funding-florida-cities-pay/1590093001/

[Joe Wooten]

The real solution is to take the networks off the internet, like the nuke plants do. If the city's network is off the internet, then the hackers have a much harder time getting in. In fact, the only way to get into a nuke plant network is by having an insider connect it to the internet. Nuke plants do have networks connected to the outside, but critical plant control functions are completely isolated.

[InHeavenThereIsNoBeer]

The real solution is to take the networks off the internet, like the nuke plants do. If the city's network is off the internet, then the hackers have a much harder time getting in. In fact, the only way to get into a nuke plant network is by having an insider connect it to the internet. Nuke plants do have networks connected to the outside, but critical plant control functions are completely isolated.

As far as "the real solution", I'd put air gap just ever so slightly behind having a well documented and regularly tested recovery procedure.  BOTH are absolutely necessary, but people ARE going to do stupid stuff, so being able to recover from the inevitable rates just above a pretty solid prevention tool, IMO.

[roamer_1]

As far as "the real solution", I'd put air gap just ever so slightly behind having a well documented and regularly tested recovery procedure.  BOTH are absolutely necessary, but people ARE going to do stupid stuff, so being able to recover from the inevitable rates just above a pretty solid prevention tool, IMO.

That's right. That they got caught at all is an IT ID-10T problem.

[Fishrrman]

IF these municipalities had been running their software on Macs, they wouldn't have had any problems.

There's been only one incidence of "Ransomware" with the Mac, and it was discovered and corrected very quickly.

There has NEVER been a SINGLE Mac "virus" discovered "in the wild" since the inception of OS X back around 2002. Not one.

[Sanguine]

IF these municipalities had been running their software on Macs, they wouldn't have had any problems.

There's been only one incidence of "Ransomware" with the Mac, and it was discovered and corrected very quickly.

There has NEVER been a SINGLE Mac "virus" discovered "in the wild" since the inception of OS X back around 2002. Not one.

Probably because Macs are only 12.33% of the market.  Why bother?

[Elderberry]

List of Mac viruses, malware and security flaws

https://www.macworld.co.uk/feature/mac-software/mac-viruses-list-3668354/

CookieMiner

Crossrider, aka OSX/Shlayer

OSX/MaMi

Meltdown & Spectre

OSX/Dok

X-agent

And more at link

[roamer_1]

IF these municipalities had been running their software on Macs, they wouldn't have had any problems.

This is big iron.

OSx is a windowing system built over BSD.

Big Iron IT knows all about BSD.