Georgia courts (mostly) shrug off ransomware attack

Georgia courts (mostly) shrug off ransomware attack

Enlarge / The latest victim of an apparent wave of Ryuk ransomware has managed to fend off paying attackers, but not everyone is getting away unscathed. (credit: Getty Images)

A spokesman for Georgia’s Administrative Office of the Courts has confirmed that the AOC’s information technology team discovered ransomware on the organization’s servers on Saturday. While the spokesman could not provide specific details about the ransomware involved in the attack, its characteristics are consistent with the Ryuk ransomware that has struck multiple companies and government agencies over the past few months—including at least two Florida cities.

Bruce Shaw, communications and outreach specialist for the AOC, told Ars that a file containing contact information for the ransomware operators was left on the affected servers but that no specific ransom was demanded. “After an assessment of our system, it was determined that it would be best to take our network offline,” Shaw

Read the rest
A tale of two cities: Why ransomware will just get worse

A tale of two cities: Why ransomware will just get worse

Enlarge / Baltimore, Maryland; Riviera Beach, Florida. Both got ransomware, and the outcomes were… the worst of times, and the worst of times.

Earlier this week, the city of Riviera Beach, Florida, faced a $600,000 demand from ransomware operators in order to regain access to the city’s data. The ransom was an order of magnitude larger than the ransom demanded by the attackers that struck Baltimore’s city government in May. Against the advice of the Federal Bureau of Investigation, however, the Riviera Beach city council voted to pay the ransom—more than $300,000 of it covered by the city’s insurance policy.

Baltimore had refused to pay $76,000 worth of Bitcoin despite facing an estimated ransomware cost of more than $18 million, of which $8 million was from lost or deferred revenue. Baltimore lacked cyber insurance to cover those costs.

Riviera Beach is much smaller than Baltimore—with an IT department of

Read the rest
Baltimore ransomware nightmare could last weeks more, with big consequences

Baltimore’s bill for ransomware: Over $18 million, so far

Enlarge / Baltimore City Hall, where the ransomware battle continues. (credit: Alex Wroblewski/Getty Images)

BALTIMORE—It has been a month since the City of Baltimore’s networks were brought to a standstill by ransomware. On Tuesday, Mayor Bernard “Jack” Young and his cabinet briefed press on the status of the cleanup, which the city’s director of finance has estimated will cost Baltimore $10 million—not including $8 million lost because of deferred or lost revenue while the city was unable to process payments. The recovery remains in its early stages, with less than a third of city employees issued new log-in credentials thus far and many city business functions restricted to paper-based workarounds.

“All city services remain open, and Baltimore is open for business,” Mayor Young said at the briefing, listing off critical services that had continued to function during the network outage. City Finance Director Henry Raymond called the current state of

Read the rest
Baltimore ransomware nightmare could last weeks more, with big consequences

Baltimore ransomware perp pinky-swears he didn’t use NSA exploit

Enlarge / Oh, Baltimore. (credit: Alex Wroblewski/Getty Images)

Over the past few weeks, a Twitter account that has since been confirmed by researchers to be that of the operator of the ransomware that took down Baltimore City’s networks May 4 has posted taunts of Baltimore City officials and documents demonstrating that at least some data was stolen from a city server. Those documents were posted in response to interactions I had with the ransomware operator in an attempt to confirm that the account was not a prank.

In their last post before the account was suspended by Twitter yesterday, the operator of the Robbinhood account (@robihkjn) answered my question, “Hey, so did you use EternalBlue or not?”:

absolutely not my friend

The account was shut down after its operator posted a profanity and racist-tinged final warning to Baltimore City Mayor Bernard “Jack” Young that he had until June 7 to

Read the rest