Business Continuity

Riviera Beach Florida City Council Agrees to Pay Cybercriminals Nearly $600K Malware Ransom

June 20, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
June 20, 2019

Riviera Beach Florida just became the newest member of a club no city or local government hopes to join. Taking only a few minutes and by a unanimous vote of 5-0 on Monday night the board authorized Riviera Beach’s insurer to pay 65 bitcoins valued at approximately $592K USD. Paying off a malware ransom that has crippled all of the city’s information technology infrastructure since May 29th after someone in the police department clicked on a malicious email.

But unlike the 2000 action flick Proof of Life, there’s no guarantee paying the ransom will unlock the affected computer network and all the encrypted files, and while its 2019, Its not likely Cyber-Insurance companies have former 22nd SAS and 75th Ranger Battalion types running around the world with machine guns blazing for a successful hostage rescue of a malware-infected network.

The council held a special meeting earlier in June to authorize $941,000 for 310 new desktop and 90 laptop computers and other hardware. Much of the existing hardware was a half-dozen-years old and vulnerable to another malware attack, so it was time to replace it anyway, Riviera Beach Councilwoman Julie Botel said.

In a 2016 survey, CIO’s for local governments across the country said more than a third of them were using outdated technology, making them more vulnerable to attacks. Riviera Beach will also spend an additional $25,000 coming out of their budget, to cover its insurance policy deductible.

With rising deficits and pension obligations, its understandable how a city like Riviera Beach or Baltimore Maryland can be compromised so easily when there isn’t the budget to hire a full-time information security professional and institute security awareness training for topics like not clicking on shit or scanning random QR codes.

Chad Loder, Founder & CEO of security awareness training firm Habitu8 posted on Twitter recently.

I’m astounded that some companies still purchase the cheapest security awareness training content “to save money”, but will put 2,000 employees each through an hour of terrible training.

You’re not saving money – you’re wasting it.

Chad Loder (@chadloder) – 19 Jun 2019

Cities across the United States and around the world will now have to decide, what is cheaper? hiring a full-time security professional, a part-time person, a managed service provider, or just paying the ransom and hope the files recover completely. However, hope is not a strategy.

With additional reporting from The Palm Beach Post

The Weather Channel compromised by Malware Attack Trevor

April 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
April 19, 2019

The Weather Channel’s normally quiet morning broadcast was suspended for a brief time on Thursday after what it said was a “malicious software attack on the network.”

America’s Morning Headquarters – “AMHQ” the Weather Channel’s morning show, was unable to air at 6 a.m. The Weather Channel showed “Heavy Rescue: 401” until 7:39 a.m. when “AMHQ” was back on the air.

“We experienced issues with this morning’s live broadcast following a malicious software attack on the network,” the Weather Channel said in a statement. “We were able to restore live programming quickly through backup mechanisms. Federal law enforcement is actively investigating the issue. We apologize for any inconvenience to viewers as we work to resolve the matter.”

pic.twitter.com/ovSgrgHxXY

— The Weather Channel (@weatherchannel) April 18, 2019

“The Weather Channel, sadly, has been the victim of a malicious software attack today,” said The Weather Channel anchor Jim Cantore. “Yes, and it has affected our ability to bring you your weather information,” added anchor Stephanie Abrams. “So we just wanted to say thank you again for your patience and we want to get right to today’s severe weather.”

The Weather Channel tweeted “We are experiencing technical difficulties with our live broadcast. We apologize for any inconvenience while we resolve this issue. We appreciate your patience.” — The Weather Channel (@weatherchannel) April 18, 2019

It’s too early to know if this was a targeted attack and what the vector was to upload malware to The Weather Channel. It could have been as simple as phishing the Weather Channel employees with a salacious email like “Reed Timmer and Ginger Zee vacation photos” but it was obvious The Weather Channel had learned inexpensive lessons about making regular backups and keeping copies offline to prevent future compromises like the $300 million ransomware attack on the Maersk Group.

Emory University Windows Network Wiped Out! Blame EMP’s, Cyberwar, Squirrels? Try Accidental Reformat.

July 25, 2018 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
May 18, 2014

On Monday, May 12th, 2014 sometime during the 169th Commencement Exercises of Emory University, what best could be called a career limiting move, a Windows 7 deployment image was accidentally sent to all Windows machines, (approximately 2000+ machines) including laptops, desktops, and even servers. This image started with a repartition / reformat set of tasks.

As soon as the accident was discovered, the SCCM server was powered off – however, by that time, the SCCM server itself had been repartitioned and reformatted.

Restoration of Emory.edu servers began immediately, but the process took far longer than expected, The Emory Information Technology team started using consultants to help validate the health of the SCCM servers and that work only completed only recently.

To put this in perspective, Emory’s IT staff were unable to use the preferred methods for redeploying images to desktops/laptops and relied on older methods – USB + Ghost, LANDesk (Emory still had their old LANDesk server) + PXE. These methods required a lot of manual work plus their success was uneven with them.

InfoSec News reached out to the on-call information technology staff and learned that things are beginning to get back to normal, and they couldn’t imagine how much worse this could have been if this had happened when the college was fully staffed and occupied.

Emory University is a private research university in metropolitan Atlanta, located in the Druid Hills section of unincorporated DeKalb County, Georgia, United States. The university has nearly 3,000 faculty members; awards and honors recognizing Emory faculty include the Nobel Prize, the Pulitzer Prize, National Humanities Medal, Guggenheim Fellowship, Fulbright Fellowship, and membership in the American Academy of Arts & Sciences and the National Academy of Sciences.

The university has nine academic divisions: Emory College of Arts and Sciences, Oxford College, Goizueta Business School, Laney Graduate School, School of Law, School of Medicine, Nell Hodgson Woodruff School of Nursing, Rollins School of Public Health, and the Candler School of Theology

InfoSec News will keep you posted with further details as we learn more.

mendhak via Compfight