Hacker News Re-Imagined

Brooks County TX pays off hacker with tax dollars after ransomware attack

  • 66 points
  • 13 days ago

  • @fortran77
  • Created a post

Brooks County TX pays off hacker with tax dollars after ransomware attack


@pevey 13 days

Replying to @fortran77 🎙

Should add to headline... "with bitcoin"

And that is 90% of the actual demand for bitcoin. The rest was speculation, and that is going away as prices fall. So imagine how bitcoin would crash if people stopped paying these ransoms.

Reply


@boomboomsubban 13 days

Replying to @fortran77 🎙

>There are several different platforms out there that can shut a machine off if it becomes infected, and then keep all the other machines safe from the machine that is infected... Ramos said this is the type of software the county purchased after the attack, to protect the county’s server

So I'm not an expert by any means, but I can't picture how that is an effective protection. Either the detection can catch it before infection, in which case why shut down? Or it catches it after infection when it could have already spread.

Setting up that last backup sounds like a better use of money.

Reply


@thehappypm 13 days

Replying to @fortran77 🎙

A few bucks per taxpayer is no big deal IMO

Reply


@rudyfink 13 days

Replying to @fortran77 🎙

This may be a very dumb crypto / ransomware question, but if someone knows the answer, I'd appreciate it.

Why don't businesses (or systems) seed their drives with files with known text / content and then use those files to reverse the method used to encrypt? It seems like having an adversary encrypt a set of known "canary" files should provide information to reverse the encryption?

Again, there may be a good reason (or many many good reasons) why this would not be a good solution, especially since I'd expect most OS installations have enough standard files to do this if it worked, but I am curious if someone knows.

Edit: From the helpful comments, this is a known class of attack on a cryptosystem called a plaintext attack. Using that information, I looked into how ransomware systems address this attack, and several, apparently, use per-file keys as, in part, a defense against this type of attack.

Reply


@bpodgursky 13 days

Replying to @fortran77 🎙

Every time a hospital system pays off hackers (which happens all the time)... I assure you the ransom payment is also mostly coming out of your tax dollars.

Reply


@ab_testing 13 days

Replying to @fortran77 🎙

If it takes you 6 months to get your software back up and running, is it really a good backup solution ?

Reply


@WalterBright 13 days

Replying to @fortran77 🎙

“The only data that we had that wasn’t backed up was in our auditor's office, where we have our financial software,”

Seems to me that in modern times failing to back things up is incompetence and dereliction of duty. The auditor should be billed for at least part of the payment.

Reply


@908B64B197 13 days

Replying to @fortran77 🎙

Why didn't they just restore from back-up?

Reply


@swatcoder 13 days

Replying to @fortran77 🎙

For all of us shocked shocked about the county’s preparation and response, it’s worth noting that this is a county of population ~7000 and only about 5000 adults.

The number of people involved in government, and the resources available for professional support staff (and solution products) are probably modest to say the least.

A lot of you probably went to high schools that were bigger and more funded.

Reply


@toma_caliente 13 days

Replying to @fortran77 🎙

Headline seems unnecessarily inflammatory. Putting aside the decision of whether or not they should've paid, what else were they going to pay with?

Reply


@ntoskrnl 13 days

Replying to @fortran77 🎙

> A recent ransomware attack on Brooks County’s Justice of the Peace and district courts, and finance department, cost it more than $37,000.

> “We had determined if we didn’t, then it would take us anywhere from six months to a year to reconstruct our software program,” Ramos said.

How much would it have cost for 6-12 months of engineer time plus the court system slowing to a crawl in the meantime? Thank god these hackers don't know how to negotiate.

Reply


@roody15 13 days

Replying to @fortran77 🎙

37,000$ really is not a huge amount.. surprised how low this amount is. Securing the systems and hiring more IT support services .. would have cost way more money honestly .

Perhaps ransomware is evolving to fine just right price point niche?

Reply


@fortran77 13 days

Replying to @fortran77 🎙

It doesn't seem right that the incompetent people who didn't have backups and got themselves infected don't have to pay the consequences.

Reply


@1970-01-01 13 days

Replying to @fortran77 🎙

Slow Wednesday? There is nothing newsworthy here. Here is a neat interactive map showing this trend. Make this newsworthy instead?

https://statescoop.com/ransomware-map/

Reply


About Us

site design / logo © 2022 Box Piper