I don't understand what I'm reading here. Why did they offer to pay $400K to recover ~100 PCs if they had backups? Was it so expensive to restore those PCs?
I guess the good news is that we can now sell backups as "anti-ransomware" cybersecurity.
>Why did they offer to pay $400K to recover ~100 PCs if they had backups?
"Backup is lets says weekly and someone high up the chain really wants the power point he put together on Tuesday." is probably what happened in my experience.
Which sounds ridiculous to me - on Macs you have, available to all users with a reasonable GUI, TimeMachine which is basically hourly backup (though i don’t know if you can make old ones effectively immutable).
But if you know how to run a script (and hopefully anyone administering a 100 computer network does), at least on Linux / Mac, you could use bup or borg or a few others to have effective immutable hourly backups that take almost no space - we do that where I work. I’m sure there’s something similar for Windows.
In this case you can still lose hour worth of data. Multiply this with whole city/company scale. Paying a ransom for preventing this much effort going waste would still worth something.
Then these are incompetent people who forget to multiply the cost of the ransom by the amount of times it will likely repeat if they don't refuse to discuss with abductors.
It's like saying "why would we put this guy is jail? He's committed a crime but it's done now". Yeah, sure. Except without a deterrent he'll do it again tomorrow. This is the same except it gets rid if the motive instead.
There are such products for Windows, it's even built in. It requires the sysadmin to set it up though, and therefore is non functional in 99% of deployments.
Snapshots (not incremental nor differential) that take space proportional to change (1 byte change in a 5GB file takes 10K or so in backup, even insertion/deletion), built in to windows? How is it called?
TimeMachine in macs has a similar feature set notably lacking proportional space (insert 1 byte anywhere in a 5GB file and the snapshot takes an additional 5GB)
That’s a low level mechanism that is used to implement consistent backups, (comparable to e.g. LVM snapshots for any file system or ZFS/Btrfs snapshots) but it does not offer anything directly to end users. The venerable built in NTBackup (afaik the only built in user backup system included in Windows) is better than nothing but is a far cry from Borg/Bup - it is practically infeasible to snapshot e.g. every hour.
> "I decided to make a counter-offer using insurance proceeds in the amount of $400,000, which I determined to be consistent with ransoms recently paid by other municipalities," Mayor Mitchell said during a press conference (image above). "The attacker declined to make a counter-offer, rejecting the city's position outright."
Because that's what they had an insurance policy for.
Right? I saw the line above about giving away taxpayer money. Um...no, only in that while the money originated from taxes, it actually paid to hedge against risk (and the cost of insuring up to 400k is probably significantly less than that amount - what are we talking, several thousand dollars a year MAX of taxpayer money? Worth it!)
My thoughts exactly.
I bet they did not have any backups for the Forth of July weekend so anyone doing city business that weekend may have to redo any paperwork or payments.
Small price to pay to laugh at these clowns.
What exactly are the FBI doing about this.
Perhaps if they got off their asses and quit investigating Presidential piss parties they could find this email recipient. How hard is it for the FBI/NSA to trace an email.
They just want to cry about going dark instead.
If foreign put a CIA hit on the computer terrorist.
Except now there is a more visible dollar sign attached to it. Before, it was hand-wavy what-if scenarios, now you can actually point at real world examples.
I would put a delay in ransomware so it sneaks in weekly and monthly backups, and only then trigger it. If stuff gets restored, sneaked warez will activate again. I bet backups are overwritten after several months.
Such a thing is likely to happen but it is much more target specific (e.g. my office backs up data, not code, so you would have to find something scripted that’s in use for that to work on my office) so it will likely happen only if the Low hanging fruits (generic attacks that need much less customization) aren’t lucrative anymore.
everything is backed up for reference, but only data is ever restored.
Macro execution is supposed to be disabled on Word/Excel, though I trust that less (and there’s always the issue of some unpatched/zeroday); however, to go through here is more expensive for attackera because much more individual targeting and customization is required.
Indeed, they are not heavy excel users. Which is sort of the point: the need for targeted attacks greatly reduces and segments the addressable “market” for the bad guys.
I think the next paradigm shift is going to be state-synchronization algorithms that make it easy to be eventually-consistent across many peers, all while keeping data encrypted end-to-end. The threat of a data ransom disappears when centralized server role is de-emphasized, and participants all have copies of their data/work (and potentially others' data/work, encrypted).
I guess the good news is that we can now sell backups as "anti-ransomware" cybersecurity.