Los Angeles Valley College pays $28,000 in bitcoin ransom to hackers


#1

Originally published at: http://boingboing.net/2017/01/13/los-angeles-valley-college-pay.html


#2

This is why I don’t go on the internet.


#3

In Eastern Europe, organized crime and the government are the same thing…

Thank goodness it could never happen here!


#4

Me either. I use the world wide web instead (PROTIP: it’s usually abbreviated to WWW). That’s much more secure because it only uses English, therefore hackers from Eastern Europe have no way of accessing it.


#5

You’d think Moneypak would be alarmed about having their name so readily associated with criminal activity.

Did Western Union finally clean up their act? Seems to me it’s been a while since I’ve heard of spam or whatnot advising its usage for transferring funds.


#6

“Cool! We just shut down a hospital in Chicago.”

“Hey, who’s flying that model plane outside?”

Boom


#7

Can’t view the article because the LA Times blocks ad blockers. :slight_smile:


#8

I don’t even slightly doubt that paying up was cheaper than restoring from backups(if they had any; which isn’t something I have enough childish faith to assume anymore); but aside from setting a bad example by making crime pay; I hope they remember that ransomware is actually one of the less scary things that can happen to your data.

Yes, it’s being held hostage by nefarious cyber-criminals almost certainly beyond legal reach; but those very na’er-do-wells want the process of you getting your data back to go smoothly. They want it to cost you money; but any errors, delays, etc. in getting things decrypted once you have paid up do them no favors; and potentially breed suspicion that reduces willingness to pay ransoms in the future.

Operator error, fires, equipment failure, and similar happenings don’t conjure up the same level of outrage; but they are absolutely pitiless; and frequently reduce (at least one copy) of your data to something that cannot be recovered at any price. There’s no human antagonist; so it feels much less personal; but the missing antagonist is the same person you could otherwise appeal to.

Paying ransoms is bad; but if you are doing so because you have to, it’s sheer luck that you haven’t lost data to mere entropy.


#9

I use Netscape when I’m surfing the Web.

Lycos! Fetch me the WWW address for Mapquest. My Thomas Guide is in the car and I need directions to the rad LAN party.


#10

People are saying that Drumpf’s plan to keep us all safe from Teh Cyber is to repeal the disastrous internet (a.k.a. ObamaNet). This is great, and like I said; I’m good since I’m on the WWW instead.


#11

Right. Who needs the internet when you can connect directly to the cyberspace?


#12

You are singing the song of my people. Long have I yearned to return to the lost shores of my young adult life. Heck, I still have a set of Netscape install floppies tucked away in my office, because reasons.


#13

In Eastern Europe, organized crime and the government are the same thing,

That’s a rather broad brush, don’t you think?


#14

You, of all people, are complaining of negative stereotypes?


#15

Well he does seem to be an expert on painting with a broad brush.


#16

Nah It just fits into the “ignorant american” stereotype I’m fond of.


#17

Fukkit! Why don’t we have an extradition treaty with Entropia!?


#18

Paying the ransom is probably good risk management. Likely a hell of a lot faster than restoring from last backup and then losing all transactions and other data since then.


#19

…like paying the mafia because they said it would be a shame if something were to happen to your computer network.

Just because they “unlock” your computers doesn’t mean they won’t be back again (or that their malware ever left), especially since you were nice enough to pay them last time.


#20

Since your posting history is short and doesnt seem to have much in the way of technical content or showing experience with enterprise networks, I’m not sure if you are saying this from a political perspective or one of knowing what you are talking about.

@fuzzyfungus assumed they didnt. That is a possibility.

Another possibility is they do but the backup system isnt unified and some of it requires some proprietary knowledge experience to restore from.

Sometimes the backup media is no good or contains just enough errors to make it not trustworthy.

Sometimes your backups are good and you know how to restore but it involves building OS & apps from scratch and then restoring data. You may or may not be able to rebuild the transactions since the last known good data backup by hand if you have paper records to work from.

Sometimes your backups are good and you know how to restore from them but you know it will take a long time to restore to a known stable condition. Again you may have to rebuild transactions from paper records.

Every single situation above will definitely involve lots of staff time and lots of overtime labor. There are of course lots of variables I didnt describe.

It is in fact cheaper to pay the ransom generally.

The mafia analogy is somewhat true but this isnt the days of a brick through the window or small arson any more. Law enforcement cant deal with the situation for reasons explained already. Taking a moral stand isnt going to change the situation. Even if it did, few places are willing to risk maybe going out of business or facing large regulatory fines because they didnt pay the ransom.

Risk management is about just that, dealing with situations where there is a tangible value at risk. Pay the ransom, try to strengthen defenses has a tangible cost. “They might come back” is just scare mongering.