A “Florida man” story, ransomware edition:
The city manager of Lake City, Joe Helfenberg confirmed that the director of information technology, Brian Hawkins, was fired.
The decision comes after a “Triple Threat” cyber attack that disables city servers, phones, and email that resulted in ransom.
A couple of things…
It is the IT manager’s fault in the sense that he’s the person responsible for the IT systems, and the buck has to stop somewhere.
It is also probably the case that, like every municipality I’ve ever dealt with, the IT manager never had the resources (financial, human, or technical) to do things properly. A ransomware infection was an inevitability. Where the buck should stop is the city manager, city council, or mayor, but good luck with that.
Note the consulant (who has never had his business held ransom) and his advice to not pay. As I said in the book, paying is not a guarantee of success, but a “good” data-napper knows that a successful transaction is the key to financial success. Taking a ransom and not giving up keys is bad business. A “good” data-napper will let you decrypt a small sample of your files to demonstrate that you’ll get what you pay for; no digital forensics or incident response company is going to give you a couple of hours of labor for free to determine if they can recover ransomware keys. Just saying.
Also note the comment that bitcoin is untracable. The ability to know exactly who is a part of a transaction is actually a feature of bitcoin (or rather the underlying blockchain technology). This is not to say that the money is recoverable, but depending on how badly the city wants to push this, they could come up with an identity…and then…I guess…indict them and hope for the best.
If you really, really have a problem paying a ransom, and you happen to be hit with one of the variants for which decryption tools have been created, you can go to a site like No More Ransom! and see if you can sort things out yourself (or with the help of your own consultant).
There are no good courses of action when it comes to ransomware. If you don’t have current backups, you’re damned if you do and damned if you don’t. It is important to remember that this is not personal, just business. What is the best business decision for the role your organization plays in the lives of your employees, your customers, and in the case of government: citizens?