NJPhotos / Getty Images / iStockphoto
City officials in Atlanta do not say they were heavily armed to pay the $ 51,000 ransom to hackers who held many of the community's online services hostage, but announced progress on Thursday's network restoration at. The toll booth was able to submit alerts electronically, and some investigative databases spoiled by the ransomware attack remained intact, says the city. The City 311 system, which deals with things like garbage collection and pothole reporting, is also up and running again.
However, as a precaution, the law enforcement agency still uses some of its databases and the water department of the city still can not accept any form of payment. In addition, the District Court continues its cases indefinitely.
Atlanta is just the latest target in a long list of victims whose vulnerable cyber-security has fallen victim to online robbers.
The FBI is announcing ransomware attacks in the last three years, especially toward organizations that serve the public. These include hospitals, school districts, state and local governments and even law enforcement agencies.
Spike in Ransomware Attacks
In 2016, the agency received 2,673 complaints of malware extortion for losses of over $ 2.4 million. Last year, the number of reports rose to around 3,000, with losses remaining roughly at the same level.
The data compiled by BitSight, a cyber security rating company, is even more amazing. A 2016 report analyzing government, health care, finance, retail, education and utilities found that educational institutions are the most likely victims of a ransomware attack. They are three times more affected than the health sector and more than ten times as likely as financial institutions.
According to the study, government agencies, from local to federal, have the second lowest security rating and the second highest rate of ransomware attacks.
If Atlanta has not surrendered to the kidnappers' demands, it follows FBI policy that does not make the extortion blackmail.
"Ransom payments not only encourage cyber criminals to attack more organizations, but also provide an incentive for other criminals to get involved to participate in this type of illegal activities, "wrote James Trainor, deputy director of the FBI cyber division, in a report on rising ransomware attacks from 2016.
In addition, [It] does not guarantee organization to get it back – we've seen cases where organizations did not get a decryption key after they paid the ransom, "Trainor said.
It's also a bad idea about any amount To get over money, he said, because it could "inadvertently finance other illegal activities with criminals."
BitSight's Chief Technology Officer, Stephen Boyer, tells NPR that there is not one way to deal with these types of blackmail efforts.
"It really depends on the intention," he explains.
Some hacks can be veiled to look like a direct ransomware attack, but in reality they are so-called "wipers" meaning they are purely destructive in nature.
"Last year we saw some attacks that looked so disguised that it looked like a ransomware attack, but when the researchers finally understood what the script did, it was never possible to rob the files," he says ,
But if the attacker really wants to blackmail money, "there's actually a certain honor among thieves," he laughs.
The reason: "You have to show a track record and decipher files, otherwise no one will pay me."
According to Boyer's experience, most of these criminal entrepreneurs go so far as to start up customer support to help their victims on time to pay. They provide technical assistance in transferring funds into Bitcoins, and in some cases also when testing decryption keys for sampling.
In the long run, it is in the interest of hackers to build a reputation among the general public. "If it turns out they never decrypt files, nobody will pay and they'll never make money," says Boyer.
Despite the advice of the FBI, there is no consensus in the response of cities, schools and hospitals to the demands of hackers. The results are equally variable.
A school district refuses to pay
Big Fork Schools, a district of Montana with about 900 students, has been besieged twice since 2016.
The first time was hit with a ransomware attack that disabled the administration's computer system. The district was given 48 hours to react or clean the data.
Superintendent Matt Jensen remembers it was a terrible day.
Still, he tells NPR, "We did not even have the idea to negotiate with them."
It was a question of principle, economy and luck.
IT administrators only backed up the system Two weeks before the strike, even in the worst case, it would not lose too much data.
Maybe the hackers just wanted to take into account the size and budget of the school district, or maybe out of sheer ignorance, $ 2,000 to $ 4,000, Jensen recalls. So, if the district decided to ignore the blackmailers and return to the two-week version of the systems, Jensen calculated it would cost about $ 8,000. It was worth it. "
" We just decided that we would pay more to not support a terrorist organization, "he says.
In the end, the primary data of the district remained inaccessible for over a week and it took about two months But on the positive side, the recovery operation came under budget.
The second attack happened last fall, but Jensen was glad to report that none of the district's systems were included in it.
"The Stop of 2016 was a blessing in disguise, "he says, because in the meantime the district has invested a lot of time and money between attacks online security.
The school district was lucky." Unfortunately, many schools do not have the budget to the IT Defense and it makes us pretty vulnerable. "
A hospital gives 19659008] The assault on the Hollywood Presbyterian Medical Center in Los Angeles was another kind of nightmare.
Except for three of the hospital's computer systems, a ransomware attack killed everyone in February 2016.
"It was just awful," Steve Giles, the hospital's chief information officer, told NPR that hospitals are extremely vulnerable to these threats because patient data can have an impact on life and death. As a result, hospitals are much more willing to meet the payment needs of hackers.
At the time of the attack, Giles had never heard of a ransomware attack on a hospital.
"We were not even aware of the kind of cyber attacks we suffered," he says.
Hackers originally required 22 Bitcoin, worth about $ 9,000 at that time. But when the hospital paid, the hostage-takers came back for more. "They said they gave us the wrong software, so we had to pay 18 bitcoins," says Giles.  Then a new problem: After the hackers paid the ransom, they sent the encryption code. In fact, more than 900 separate sets of code "that had to be clearly applied to all servers and PCs."
When asked how they could trust that the hackers would not return a third time, Giles says, "We do not have" I know. "
But," It was a worthwhile bet, and we took a chance because we thought the decryption codes would be a faster way to rebuild the system. "
Despite being fooled into making the payoff, Giles claims it was the right reputation Proud that no patients were affected for the duration of the failure.
It is difficult to contradict Giles in the face of suffering in May 2017 at the Erie County Medical Center in Buffalo, New York, conspiracy authorities decided not to pay.
Hackers wiped out about 6,000 of the hospital's computers, and it took about six weeks for the staff to get back on their feet, and in the meantime, employees kept handwritten notes
Officials said it cost them $ 10 million to recover from the attack. This figure includes hardware and software expenditures for the reconstruction of the hospital's computer system, overtime payments and lost revenue.