# City of Riviera Beach Florida pays ransom



## Solaris17 (Jun 20, 2019)

Just another (of several) cities that have been hit with ransomware.









						Florida city to pay $600K ransom to hacker who seized computer systems weeks ago
					

A Florida city is paying $600,000 in Bitcoins to a hacker who took over local government computers after an employee clicked on a malicious email link three weeks ago.




					www.cnn.com
				




This time an employee clicked on a malicious email link. Which is actually one of if not the most common method of infection regardless of payload type.









						Ransomware: Common Attack Methods
					

The most common attack methods for ransomware attacks are: silent infections from exploit kits, malicious email attachments, and malicious email links




					www.paloaltonetworks.com
				




Personally, think this comes down to employee training and of course mitigation. Since it spread so quickly I'm going to go on a limb and assume the machines were not properly protected. But informing staff not to do stuff like this is important.

Remember folks business are not the only ones targeted. If something seems to good to be true, like fedex is holding a package etc. Ask yourself if you bought something, or give them a call.


----------



## Bill_Bright (Jun 20, 2019)

Solaris17 said:


> Personally, think this comes down to employee training and of course mitigation.


I agree 100%. However, some of these bad guys are extremely clever and their emails and links often do look very authentic. I think training is essential, but user discipline is even more so. Ever seen Doctor Who when he comes across a bunch of buttons and levers? He (now she) just can't resist pushing them. But of course, that's TV.





Solaris17 said:


> Remember folks business are the only ones targeted.


Well, that's not true. Regular home computers are regularly too. I frequently get official looking notices from banks and credit cards (some I don't even have) notifying me of "suspicious behavior" or my account is locked, click here and enter my information, etc. etc.

Generally, with a little education (and good self-discipline) these "socially engineered" methods of malware distribution are easy to spot.
​If the salutation is "Dear Customer" or "Dear Member" and not your real name, it's likely a scam.​If the email is addressed to "Undisclosed recipients" and not your real, registered email address, it's likely a scam.​If there are missing periods, extra commas, extra spaces, misspelled words, incorrect verb conjugations or other grammatical errors, it is likely a scam.​


> Ask yourself if you bought something, or give them a call.


Or use your regular methods of accessing the site. For example, if you get an official looking notice from Well Fargo bank, for example, about something wrong with your account or credit card, don't click any links in that email. Delete the email then visit www.wellsfargo.com and log in there. If a problem, you can find out there - assuming you have an account there.

Generally, my advice is to give these emails all the attention they deserve - that is, none! Don't open it, just delete it.


----------



## Solaris17 (Jun 20, 2019)

Sorry that was a quote to something I mis typed. I meant they were "not" the only ones targeted.


----------



## kid41212003 (Jun 20, 2019)

Happened to my company 2 months ago. We didn't pay the ransom of course. Took us more than a month to completely recovered. Absolutely a nightmare. Luckily, we'd transited to a cloud-based ERP system last year. Otherwise, it would have been even worse...


----------



## lexluthermiester (Jun 20, 2019)

Solaris17 said:


> Personally, think this comes down to employee training and of course mitigation.


Exactly this. People are not being taught secure computing ethics and methodologies. Though realistically, the simple "When in doubt don't and doubt everything." is a school of thought that would go a long ways.


----------



## the54thvoid (Jun 20, 2019)

Mobile scam emails are getting more advanced as well. On desktop/laptop you can hover over the URL's to see the real link destination. On email, it's not so easy. 

But yeah, if it doesn't say your name in the intro, 99.9% scam.


----------



## R-T-B (Jun 20, 2019)

the54thvoid said:


> But yeah, if it doesn't say your name in the intro, 99.9% scam.



Dear Sir/Madam,

Help free me from this prison, they have trapped me in a cage and make me send spam emails for food.  Please, write my family, tell them I love them.  Even if escape is impossible I must let them know I have never forgotten them.

Sincerely,

-The Long Lost Nigerian Prince

[FILTERED TO SPAM]

Sorry, I is feeling goofy this morn.


----------



## jaggerwild (Jun 20, 2019)

Did you see where the NSA has a hack(they never released its name), but some how someone in Russia got a hold of it LOLZ!. Oh and there using it now on US based companies, of course the NSA won't say if it's there's............


----------



## trparky (Jun 21, 2019)

Does anybody know exactly what kind of ransomware was used to target them? Something custom or one of the more common ones you generally find floating around the seedier sides of the Internet?


----------



## R-T-B (Jun 21, 2019)

trparky said:


> Does anybody know exactly what kind of ransomware was used to target them? Something custom or one of the more common ones you generally find floating around the seedier sides of the Internet?



My guess is if they "opened an email" it could be any generic cryptolocker malware.


----------



## trparky (Jun 21, 2019)

What? Has no one heard of https://www.nomoreransom.org?

That web site I mentioned above has free decryption tools that can be used to decrypt most of the more common ransomware. Oh, and did I mention it's *FREE*? So unless it's a custom ransomware attack that targetted you specifically, you can probably find a decryption tool on that web site, recover your data, and not pay a dime.


----------



## Solaris17 (Jun 21, 2019)

trparky said:


> What? Has no one heard of https://www.nomoreransom.org?
> 
> That web site I mentioned above has free decryption tools that can be used to decrypt most of the more common ransomware. Oh, and did I mention it's *FREE*? So unless it's a custom ransomware attack that targetted you specifically, you can probably find a decryption tool on that web site, recover your data, and not pay a dime.



That’s not entirely true unfortunately while many older variants can be decrypted the modification of ransomware is easy and the variants mutate a lot. While the will certainly prove useful to the variants it covers, their are unfortunately many variants coming out often.


----------



## trparky (Jun 21, 2019)

But considering that many of the tools presented on that site are written by the antivirus vendors and they themselves are encountering new variants of the ransomware as part of their malware research you'd think that they'd be updating their tools to decrypt more variants of that garbage. Well, at least I hope that would be the case.


----------



## Solaris17 (Jun 21, 2019)

trparky said:


> But considering that many of the tools presented on that site are written by the antivirus vendors and they themselves are encountering new variants of the ransomware as part of their malware research you'd think that they'd be updating their tools to decrypt more variants of that garbage. Well, at least I hope that would be the case.



Your certainly right of course! But it can't be done for all variants, and others aren't so easily dencrypted.


----------



## trparky (Jun 21, 2019)

Good point, I didn't think about that. You just have to hope and pray that you got hit by something that can be easily decrypted. But then again, if you were doing things right you'd not have been hit in the first place. But... yeah.


----------



## moproblems99 (Jun 21, 2019)

trparky said:


> But considering that many of the tools presented on that site are written by the antivirus vendors and they themselves are encountering new variants of the ransomware as part of their malware research you'd think that they'd be updating their tools to decrypt more variants of that garbage. Well, at least I hope that would be the case.



The best chance you have in most cases is a flaw in the implementation of the encryption scheme they are using.  Or they were stupid and embedded the key in the binary.


----------



## lexluthermiester (Jun 21, 2019)

trparky said:


> What? Has no one heard of https://www.nomoreransom.org?
> 
> That web site I mentioned above has free decryption tools that can be used to decrypt most of the more common ransomware. Oh, and did I mention it's *FREE*? So unless it's a custom ransomware attack that targetted you specifically, you can probably find a decryption tool on that web site, recover your data, and not pay a dime.





Solaris17 said:


> That’s not entirely true unfortunately while many older variants can be decrypted the modification of ransomware is easy and the variants mutate a lot. While the will certainly prove useful to the variants it covers, their are unfortunately many variants coming out often.


More to that, many of the new variants of ransomware have anti-tamper routines built in, so if you attempt to defeat them they become unrecoverable.


----------



## delshay (Jun 21, 2019)

Bill_Bright said:


> I agree 100%. However, some of these bad guys are extremely clever and their emails and links often do look very authentic. I think training is essential, but user discipline is even more so. Ever seen Doctor Who when he comes across a bunch of buttons and levers? He (now she) just can't resist pushing them. But of course, that's TV.Well, that's not true. Regular home computers are regularly too. I frequently get official looking notices from banks and credit cards (some I don't even have) notifying me of "suspicious behavior" or my account is locked, click here and enter my information, etc. etc.
> 
> Generally, with a little education (and good self-discipline) these "socially engineered" methods of malware distribution are easy to spot.
> ​If the salutation is "Dear Customer" or "Dear Member" and not your real name, it's likely a scam.​If the email is addressed to "Undisclosed recipients" and not your real, registered email address, it's likely a scam.​If there are missing periods, extra commas, extra spaces, misspelled words, incorrect verb conjugations or other grammatical errors, it is likely a scam.​
> ...



This is why I don't have on-line banking. My banks have pushed me many times year after year to go on-line & say I am protected, but I have refused to sign up. To tell you the truth, I just don't have the time to fill out forms if something go's wrong.

I have received emails in the past many times related to my bank account, but I already know it is false/fake emails because I don't have on-line banking.

I use telephone banking 24/7 fully automated with rolling security pin numbers. & if I need help will contact the helpdesk.


----------



## Vayra86 (Jun 21, 2019)

delshay said:


> This is why I don't have on-line banking. My banks have pushed me many times year after year to go on-line & say I am protected, but I have refused to sign up. To tell you the truth, I just don't have the time to fill out forms if something go's wrong.
> 
> I have received emails in the past many times related to my bank account, but I already know it is false/fake emails because I don't have on-line banking.
> 
> I use telephone banking 24/7 fully automated with rolling security pin numbers. & if I need help will contact the helpdesk.



Online banking uses the same rolling security pin numbers, or has even better methods like 2FA. I can easily place more trust in my online banking security than I could ever get over the phone.

Those emails.. it is and has always been simple. Banks NEVER email you about anything account security related. They send letters.

I mean, you say you don't have time to fill out forms but I can guarantee you online banking will save more time than calling up for every little thing.

Some thoughts to consider, in the end its entirely up to you and I agree its a good thing that there are multiple ways to get service/things done!


----------



## delshay (Jun 21, 2019)

Vayra86 said:


> Online banking uses the same rolling security pin numbers, or has even better methods like 2FA. I can easily place more trust in my online banking security than I could ever get over the phone.
> 
> Those emails.. it is and has always been simple. Banks NEVER email you about anything account security related. They send letters.
> 
> ...



This is all about access. If you have something on your computer & you don't known it is there ie spyware then you have a problem. Your not going to get spyware on a normal phone, unless you are redirected.


----------



## Grog6 (Jun 21, 2019)

I was a system admin during the "I love you" virus attack; this was in the Win95 days...  

I had several users that I made ghost images of their systems only because they couldn't stop themselves from opening the emails that said "I love you" in the freaking title.

In one case, I had just finished repairing one users system, and was walking down the hall, and heard her say "OOH! someone else loves me!"

I moved all her files to a server without write privileges, and deleted her IP address for a week.
I had to answer all her email, but it was mostly garbage anyway.


----------



## Vayra86 (Jun 21, 2019)

delshay said:


> This is all about access. If you have something on your computer & you don't known it is there ie spyware then you have a problem. Your not going to get spyware on a normal phone, unless you are redirected.



The computer and the login aren't relevant anymore with 2FA. Its a temporary token login no matter what you do. Any bank that relies on a regular login detail set is doing it wrong. Its just a first line of defense.

And prior to 2FA, my bank used TAN codes - or as you use them over the phone: a temporary access number, supplied from a paper list with ID numbers. You get an ID number, you find the TAN code on your physical list, and use that for one specific transaction confirmation. Basically an early form of 2FA.


----------



## trparky (Jun 21, 2019)

I remember the "I love you" worm. Honestly, if someone sent me that my first response would be... "Who the hell is this and why is he/she saying that they love me?" followed up quickly by the pressing of the delete key.

When that worm was going around the Internet I much younger than I am now and back then I had an inferiority complex if you catch my drift. I still sort of do still have one today in regard to significant others.


----------



## Bill_Bright (Jun 21, 2019)

Trusting on-line banking is totally different from getting infected with ransomware. On-line banking can be trusted. There are even on-line only banks. The main reason I don't do on-line banking with my smart phone is I don't trust my smart phone. They can too easily grow feet and disappear and perhaps fall into bad guy's hands. For example, I discovered my last smart phone could not stay put on my back bumper for a short 10 mile ride!       

But I use my PC to pay bills, transfer funds, and everything else. I use PayPal to send money to the kids. I have no reservations doing that.

The problem is scams from socially engineered emails and compromised websites. For example, I received the following the other day.





Looks pretty good but clearly has some telltale clues indicating it is fake (I count 7).

Other obvious clues:

It was addressed to "Undisclosed-Recipients:"​It came from "no1warrior@comcast.net"​I don't and never have had a Chase banking account or credit card.​


----------



## trparky (Jun 21, 2019)

I count nine dead giveaways in that picture.

The reason I circled the "Verify Your Account" button is really two reasons, the word "Your" shouldn't be capitalized but the button is also sized weird. There's more space on the right side than there should be or at least the words aren't centered inside the box.


----------



## lexluthermiester (Jul 6, 2019)

R-T-B said:


> Dear Sir/Madam,
> 
> Help free me from this prison, they have trapped me in a cage and make me send spam emails for food. Please, write my family, tell them I love them. Even if escape is impossible I must let them know I have never forgotten them.
> 
> ...


I found this amusing and thought of a different take on that idea;

Dear Taxpayer funded public servants;

Please *stop* acting like complete twats and clicking on everything that comes into your inbox with taxpayer funded government computers. We, the taxpayers, are tired of paying for your nitwited carelessness. Those work computers are for *WORK*, not for you to prat around on willy-nilly. If you can't be professional and responsible than maybe government work is not for you. Kindly find another job and don't let the door hit you in the bum on your way out the door.

Regards,

Your employers, the tax paying public.


----------



## Final_Fighter (Jul 6, 2019)

shit like this is only gonna piss the government off enough to ban bitcoin in the U.S. after that the coin will collapse. probably for the best.


----------



## lexluthermiester (Jul 6, 2019)

Final_Fighter said:


> shit like this is only gonna piss the government off enough to ban bitcoin in the U.S. after that the coin will collapse. probably for the best.


Cryptocoin is not the problem and banning it is not a solution.


----------



## TheoneandonlyMrK (Jul 6, 2019)

Bill_Bright said:


> Trusting on-line banking is totally different from getting infected with ransomware. On-line banking can be trusted. There are even on-line only banks. The main reason I don't do on-line banking with my smart phone is I don't trust my smart phone. They can too easily grow feet and disappear and perhaps fall into bad guy's hands. For example, I discovered my last smart phone could not stay put on my back bumper for a short 10 mile ride!
> 
> But I use my PC to pay bills, transfer funds, and everything else. I use PayPal to send money to the kids. I have no reservations doing that.
> 
> ...


Someone with your eyes for such things should do videos, I do pay attention but wouldn't have definitely noticed those, I would say no anyway ie delete because no one asks for such a thing in banking afaik and I wouldn't trust that kind of contact.

I'm ok with online banking, I don't use the app and put an extensive password in each time, my phone is treated precious too, I don't drop loose or put it in a case, risky but I have been fine 14 years.


----------



## Bill_Bright (Jul 6, 2019)

theoneandonlymrk said:


> Someone with your eyes for such things should do videos, I do pay attention but wouldn't have definitely noticed those


Thanks but it really is not just about noticing the clues. Even if you study it hard, and there are no errors at all, do you click on it then? NO! Absolutely not. If you get any notice from your bank, either call them (using the number on your statement - not in the email) or log into their site through their regular webpage - not through a link in that email. 

Sadly, the badguys often pray on the elderly who tend to be more gullible and trusting.


----------



## TheoneandonlyMrK (Jul 6, 2019)

Bill_Bright said:


> Thanks but it really is not just about noticing the clues. Even if you study it hard, and there are no errors at all, do you click on it then? NO! Absolutely not. If you get any notice from your bank, either call them (using the number on your statement - not in the email) or log into their site through their regular webpage - not through a link in that email.
> 
> Sadly, the badguys often pray on the elderly who tend to be more gullible and trusting.


All true my mum has had a few phone calls to assist with fixing her pc, I have obviously trained her in her already skillful use of the not today response.


----------



## Bill_Bright (Jul 6, 2019)

theoneandonlymrk said:


> All true my mum has had a few phone calls to assist with fixing her pc, I have obviously trained her in her already skillful use of the not today response.


If I don't recognize the caller ID, I don't answer. If important, they will leave a message. If they block their number, they don't deserve my time.


----------



## lexluthermiester (Jul 6, 2019)

Bill_Bright said:


> If I don't recognize the caller ID, I don't answer. If important, they will leave a message. If they block their number, they don't deserve my time.


Couldn't agree more!


----------

