Learning from Baltimore's disaster, Florida city will pay criminals $600,000 to get free of ransomware attack

The city council of Riviera Beach, Florida has voted unanimously to pay $600,000 to criminals who seized control of the city's computers through a ransomware attack, after three weeks of being locked out of the city systems (the city has also voted to spend $1m replacing its computers).

Despite the fact that paying the ransom will enrich gangsters at public expense, the city is arguably getting a bargain. On May 8, the city of Baltimore was taken hostage by ransomware, and the city opted not to pay the ransom. City services have been paralyzed ever since, and they remain down, more than a month later, with millions in losses to the city.

Though ransomware has been around for years, it gained a new lease on life when an NSA superweapon leaked online. The NSA stockpiles vulnerabilites in widely used system as a means of attacking its adversaries, and subscribes to an official doctrine called NOBUS ("No One But Us") whose premise is that no one in the world is smart enough to rediscover these defects or steal them from the NSA. The NSA is obviously very wrong about this.

I mean, obviously.

In the meantime, the NSA's recklessness has put us all to risk. If your data is locked up and you don't have a backup, your only option is probably to pay the ransom (you most certainly should not hire a "consultant" to recover your data or negotiate on your behalf, as these businesses are nearly as crooked as the ransomware criminals themselves). Read the rest