Results 1 to 6 of 6

Thread: As Ransom Deadline Nears, Baltimore City Continues To Struggle For Fix

  1. #1
    Join Date
    Tuesday, October 1st, 2013
    Last Online
    Yesterday @ 10:22 PM
    Posts
    17,544
    Post Thanks / Like

    As Ransom Deadline Nears, Baltimore City Continues To Struggle For Fix

    As Ransom Deadline Nears, Baltimore City Continues To Struggle For Fix
    By Paul Gessler May 16, 2019 at 11:27 pm

    BALTIMORE (WJZ) — The crippling cybersecurity attack on Baltimore City enters its ninth day, as city officials continue to say they can’t say much about the investigation.

    City Council President Brandon Scott has called for a committee to look into the city’s cybersecurity and its response to this attack.

    Hackers are demanding a ransom from Baltimore City, and have warned the City would lose its data after 10 days.

    The deadline is on Friday.

    “I think if they delete data, we’re going to be in a world of hurt,” said Chris Sachse, ThinkStack.

    Sachse is the CEO at ThinkStack, a Baltimore cybersecurity firm.

    He said if the hackers have access to any backup systems, it could mean trouble.

    “It’s still somewhat of an active crime scene, so they’re trying to follow the bread crumbs to see who did this,” Sachse said.

    Wednesday afternoon, officials struggled to answer questions regarding the city’s preparation for a cyber attack like this, any contact with the hackers and who the city has hired to help them recover.

    “Honestly, a lot of the lack of transparency is that they don’t’ know,” Sachse said.

    Experts claim hackers demanded 13 bitcoins within 10 days, which totals up to $100,000.

    But that demand would keep going up every day after four days.

    “It’s a fairly reasonable amount of money in the grand scheme of things to ask from a city,” Sachse said.

    However, paying would not guarantee a solution.

    “You have no idea if that hacker is going to give you what you need. Are they going to give you that decyrption key? If they give you the decyrption key, is it going to work?”

    “How much money are going to spend to try to decrypt these passwords and how much risk are we willing to take that the guy won’t delete those files? To me, for 70 thousand, now 100 thousand, I would pay that.” Sachse said.

    The ransomware struck citywide, but particularly the City Finance Department.

    Online billing remains down as does the ability to close real estate transactions, no title searches, no lien certificates.

    “It will get resolved. It has to be resolved. There’s no way we can avoid that.” said Bob Flynn, In-House Title Co.’s attorney.

    In the only timeline to which officials Wednesday would commit, they said they hope the lien system will be up late next week.

    Sachse said even if the city pays the ransom, which Mayor Jack Young said he won’t do, there is still no way of knowing whether other malware may be in the system- meaning the investigation and recovery would still be slow and intensive.
    CBS
    "Alexa, slaughter the fatted calf."

  2. #2
    Join Date
    Wednesday, June 17th, 2015
    Last Online
    Yesterday @ 10:08 PM
    Posts
    10,055
    Post Thanks / Like
    Baltimore? how much difference can it possibly make...………….

  3. #3
    Join Date
    Tuesday, October 1st, 2013
    Last Online
    Today @ 3:09 AM
    Location
    Nashville, Tennessee
    Posts
    13,170
    Post Thanks / Like
    Well, perhaps the hackers should just be given "room to destroy." That should help solve the problem.



    I have to say that when I heard about this on the news this afternoon, my mind raced to an admittedly tinfoil-hatted place of a form of movie plot where this is the distraction from just getting rid of one single piece of data for some purpose: eliminate someone's property taxes or get someone off for a crime or whatever.

    I'm pretty astounded that an entire city could not manage to have a better backup system than I did in a four-person office with really no truly essential information involved (in the sense that we did not have critical financial information or perhaps stuff like criminal evidence hanging in the balance). About the worst that we could have suffered was the loss of a mailing list, and that was backed up daily (well, nightly) off-site and onto on-site hard media. I think that the backup cost us about $10/year. Howinahell an entire city could not manage to back up their data is just beyond me. I don't even know how their traffic lights are still working at this point, to be perfectly frank.
    Leftists have unquestionably demonstrated their hatred for due process, and Democrats have undeniably obstructed justice for, and thoroughly victim-shamed and smeared, Karen Monahan.

  4. Likes Tom Servo, Gingersnap liked this post
  5. #4
    Join Date
    Tuesday, October 1st, 2013
    Last Online
    Yesterday @ 10:22 PM
    Posts
    17,544
    Post Thanks / Like
    It does seem odd. We spent a lot of thought and effort on firewalls but we spent more on backups.

    The biggest investment, though, was on training people not to be idiots. We had very strict security protocols, constant cyber security education, and various automatic strategies to prevent employees from doing dumb things.

    Everybody hated all this but it did work. We had a lot of proprietary data sets/developing patent stuff/in-house analytic software and operational models that eco-warriors were constantly trying to hack. Once we cracked down on employees and contractors, even the attempts dropped like a rock. We had one major malware incursion after that due to a backdoor in software from a university we were trialing but we only lost a couple of hours.

    However, the university got a lawsuit because of contract specifications. We settled and the settlement was worth many times the value of the final contract.

    One of the problems with government systems is that they almost all built on legacy backbones with decades of overlays and patches designed by people who are long gone. Searching for all the weaknesses and fixing them is literally a full-time job for a large team for years. Add to that the inability to employ really strict security protocols due to resistance from employees, money for diversity but not for security, multiple contractors, etc., and you have the perfect storm.

    Backing up and mirroring their systems in an effective way does cost money.
    "Alexa, slaughter the fatted calf."

  6. #5
    Join Date
    Saturday, October 5th, 2013
    Last Online
    @
    Location
    In the mainstream of American life.
    Posts
    14,112
    Post Thanks / Like
    Quote Originally Posted by Gingersnap View Post

    One of the problems with government systems is that they almost all built on legacy backbones with decades of overlays and patches designed by people who are long gone. Searching for all the weaknesses and fixing them is literally a full-time job for a large team for years. Add to that the inability to employ really strict security protocols due to resistance from employees, money for diversity but not for security, multiple contractors, etc., and you have the perfect storm.

    Backing up and mirroring their systems in an effective way does cost money.
    This. I'm now working for a government entity. Our department (legal) has excellent cyber-security (and still uses paper - lots of it), but our admin counterpart's electronic data (which we need to access routinely) is all stored in a clunky system use by many different departments and to which outside users have limited but relatively easy access as "e-filers."

    As long as nobody hacks the payroll department, I'm good.
    No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws. This offer VALID in 35 34 33 32 31 26 20 17 15 14 13 ALL 50 states.

    The new 13 original states to stand up for freedom: CA, CT, IA, MA, DE, MN, NH, NY, RI, VT, ME, MD, NJ (plus DC).

  7. #6
    Join Date
    Wednesday, June 17th, 2015
    Last Online
    Yesterday @ 10:08 PM
    Posts
    10,055
    Post Thanks / Like
    Quote Originally Posted by Adam View Post
    I'm pretty astounded that an entire city could not manage to have a better backup system than I did in a four-person office with really no truly essential information involved (in the
    it's Baltimore. The point is to hire "diversity" rather than expertise.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •