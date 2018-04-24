Atlanta Projected To Spend At Least $2.6 Million on Ransomware Recovery (zdnet.com) 32
Atlanta is setting aside more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city's online services. ZDNet reports: The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price. But the ransom was never paid, said Atlanta city spokesperson Michael Smith in an email. Between the ransomware attack and the deadline to pay, the payment portal was pulled offline by the ransomware attacker. According to newly published emergency procurement figures, the city is projected to spend as much as 50 times that amount in response to the cyberattack. Between March 22 and April 2, the city budgeted $2,667,328 in incident response, recovery, and crisis management.
If you think that backup is the same as a copy of the data, you are doing it wrong.
For 26 millions I'd assume all this and a few things more, yes.
It also covers the security "consultants" brought in to review things which is probably half the bill.
A company can have a 100% backup solution and it may still be worth their while to pay the ransom. The decryption process can be applied to all machines simultaneously, bringing them back online in perhaps a few hours. Alternatively, a thorough restore from tapes fetched from Iron Mountain could take a week or two.
Restoring from backup is a great solution for individuals, but large networks are unlikely to have a backup solution that can scale as well as a ransomware worm can. For large organizations, their
Contract out most of the work done by the city. Then if one of the contractors gets hit with ransomware, it's their problem. If that contractor can't meet obligations, switch contractors.
...said the lawyer.
The problem is that you can sue someone into oblivion (usually a ltd company that goes *poof* the moment you try to squeeze money from it) means jack shit when your whole administration grinds to a halt and you can't get anything done sensibly anymore, constituents get REALLY pissed at you and vote the other guy in next time.
Who then gets your job AND whatever they can squeeze from the husk. Well done. Really. *golfclap*
Contract out most of the work done by the city. Then if one of the contractors gets hit with ransomware, it's their problem. If that contractor can't meet obligations, switch contractors.
Here in the real world it's not that simple. You need to think it through. Just because you outsource something doesn't make the problems magically go away. In many cases it actually is harder and more expensive to oversee the contractors than it is to do the job in house. There are real world consequences to suppliers not delivering and fixing problems is very often not as simple as switching suppliers. Good luck replacing the water treatment plant administration or the public transportation authorit
Now hackers know how much they can reasonably demand from Atlanta.
Now hackers know how much they can reasonably demand from Atlanta.
I can't help thinking that announcing such a budget has put a large bulls-eye right on the center of Atlanta's servers.
Not really. What the hackers know is that Atlanta will spend at least 5x the ransom demand rather then pay it. And I wonder how much of this $2.6 mill is a bounty on the hackers. The guys that bragged about taking the city for $55K has got to be wondering who their friends really are.
Well, they may need to pull in some analysts. Because $2,667,328 is being spent over weeks. Perhaps a cool $3M now up front is a bargain.
Or they could invest in real storage/backup/BC/DR solutions for much, much less.
Now hackers know how much they can reasonably demand from Atlanta.
They can demand all they want. The question is will Atlanta ever pay?
The core of the issue boils down to something like blackmail. As soon as you pay once you'll end up paying over and over again. At which point do you say no? Is the no point at the second time they ask for $55,000, the 10th, maybe after you've spent $5 million?
While I get "A sensible business decision dictate that you pay the original $55,000 rather than the estimated $2.6 million" I've also got to question if the original sum would have
Always good to hear that it works. Remember people: backups are not about the fact if you take backups, but how fast you restore WHEN you need to.
The same goes for contingency. You do not check if the procedures are in place. You test it so you are ready WHEN it is needed.
One should always assume that something happens to all your data.
Also know that a copy of your data is not the same as a backup. One does not exclude the other.
I personally have a copy of my large data (movies, music and images) as those a
This reminds me of a similar saying in the motorcycle world:
It is not a matter of IF you will wipe but WHEN you will wipe.
As a result we have the acronym: ATGATT: All the gear, all the time.
i.e. You don't wear gear for the 99.99%, but for that 0.01% of the time.
Bringing this back on top: It doesn't matter how fast you can do backups if your restore procedure is completely botched! You DID test it, right?
Could I maybe take a look at it? I might be able to offer you a solution for 25 millions a year...
