Because after ALL of this time, they haven't gotten security controls in place. Pennsylvania county pays 500K ransom to DoppelPaymer ransomware.
"The County of Delaware recently discovered a disruption to portions of its computer network. We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems," the Delaware County alert stated.
And the attack was somewhat insane.
BleepingComputer was also told that the ransomware gang advised Delaware County to change all of their passwords and modify their Windows domain configuration to include safeguards from the Mimikatz program.
Mimikatz has been around for a couple of years, and instructions on how to defend against it can be found around the net. There is a link at the bottom of the article linked above.
So, if you aren't defending against KNOWN attacks, that are available for download from Github, exactly WHAT are you defending against?
There is no mention of insurance, and I would not underwrite this mess, but then I'm not in the insurance industry. Surely they can't underwrite every bad practice everywhere. That would be like making payments to people who purposefully destroy their own homes or cars.
So do you think that the county in question will be asking for a tax increase?
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.