Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/2/2019
11:15 AM
50%
50%

Lake City Employee Fired Following Ransom Payment

The Florida city approved its insurer to pay $460,000 in ransom for a cyberattack that shut down servers, email, and phone.

The director of information technology for Lake City, Fla., has been fired in the aftermath of a massive cyberattack that shut down its phones, servers, and email capabilities. Lake City recently agreed to pay 42 Bitcoin ($460,000) through its insurer, the Florida League of Cities.

About three weeks have passed since Lake City systems were hit with ransomware. Following the attack, city networks were taken offline and recovery efforts began with participation from a third-party security vendor, the Florida League of Cities, and Lake City's IT staff. Attempts to bring systems back online yielded no results; last week, the city's insurer received a ransom request for the decryption key.

The Florida League of Cities negotiated with attackers and paid the ransom, a decision approved by Lake City's Emergency Council. The city is responsible for the $10,000 deductible to the insurer. Lake City officials report its IT director and security vendor advised a more cost-approach to retrieve the key.

Lake City mayor Stephen Witt says city manager Joe Helfenberg made the decision to terminate an employee. Helfenberg is revamping its entire IT department to overcome the incident and set up a system to ensure it doesn't happen again. He also reports the decryption key has been working and the city has been consulting security experts to get back online within the coming days.

Read more details here.

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/2/2019 | 12:50:31 PM
Firing the person that has history, not sure if this was a good move
One thing about hacks and attempts, they often come from the inside. This person that they let go now has motive to get back at the organization as long with the Ransomware control/command group. It is going to be interesting how this works out.

One question I have, will they be fined by GDPR and will this be reported. The last few days I have read about Ransomware attacks and organizations being attacked. There was a report submitted by DarkReading that state the report for 2019 took a deep drop in Ransomeware findings. I think the report has not been completed and thus the low number is indicative of lack of information, only time will tell what happens to this endeavor and will the US start pushing those sanctions and penalities like other countries are doing (Facebook, Google and Microsoft).

Other situations where individuals should be fired from the Ransomware attacks are as follows:
  • https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time
  • https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/ (Atlanta Attack)
  • https://baltimore.cbslocal.com/2019/06/12/baltimore-ransomware-attack-inches-closer-to-normal/
  • https://gizmodo.com/florida-city-fires-it-employee-after-paying-460-000-in-1836031022

Only time will tell.

T
<<   <   Page 2 / 2
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21574
PUBLISHED: 2021-06-24
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
CVE-2021-32708
PUBLISHED: 2021-06-24
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the pa...
CVE-2020-18667
PUBLISHED: 2021-06-24
SQL Injection vulnerability in WebPort &lt;=1.19.1 via the new connection, parameter name in type-conn.
CVE-2021-21571
PUBLISHED: 2021-06-24
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and p...
CVE-2021-21572
PUBLISHED: 2021-06-24
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.