Florida City Fires IT Director after $460K Ransomware Fiasco

Tsing

The FPS Review
Staff member
Joined
May 6, 2019
Messages
11,202
Points
83
Multiple Florida municipalities have fallen victim to ransomware in recent weeks. The first was Riviera City, which agreed to pay hackers 65 bitcoins ($600,000) after officials determined there was no other way to get their data unlocked and decrypted.

This was followed by a similar incident in Lake City that culminated in a ransomware payment of not only $460,000 in bitcoin, but the firing of its director of information technology, Brian Hawkins. While he wasn't the one directly responsible (an employee had opened an infected document received via email), city officials saw fit to terminate the man at the top to prove they are serious in revamping IT security.

Experts say paying the ransom is a terrible idea. It tells hackers they can "get away with it and make money."

"Our city manager did make a decision to terminate one employee and he is revamping out whole it department to comply with what we need to be able to overcome what happened this last week or so and that's so it doesn't happen again," said Lake City Mayor Stephen Witt.

While Lake City officials told TV20 that their investigation is ongoing, Wiggins doesn't believe they'll be successful in tracking down the attacker.
 
Other than filtering all email links and attachments out of incoming emails (which would piss off many employees) how can an IT manager really protect against stupid employees clicking links and opening attachments?

Just maintain a good backup policy and hope for the best?

Frequent automated ZFS snapshots seem like a good idea.
 
Other than filtering all email links and attachments out of incoming emails (which would piss off many employees) how can an IT manager really protect against stupid employees clicking links and opening attachments?

There's a number of things that can be done to both prevent the clicking and mitigating the damage once things are clicked - just to name a few.

1. Train the employees (simulated phishing tests and security awareness training - include it in job performance metrics to not get phished by the simulated testing).
2. Backup stuff and test that those backups are recoverable.
3. Lock down those file shares to a minimal level of access. A single employee shouldn't be able to rip through all the files.
 
Having good backups not attached to servers is key.

Also employees are almost impossible to train not to click on everything and anything.
 
Even if steps are taken to prevent this current attack, someone will figure out a new way. Keep critical info offline. Keep critical infrastructure offline. Will that create other problems? Sure, but at least then your enemy has to have the balls to see you face to face rather than hide behind a keyboard.
 
I kinda feel for the guy. He's just being made a martyr, and it will trash his career.

Sure, in hind site, there were a lot of things that could have/should have been done. I wouldn't be surprised if his budget was pretty constrained and lacked a lot of resources to implement those ... at least until something bad happened.
 
Idk, if my livelihood depended on working in a job in which I could be held responsible for some pretty bad **** and I wasn't given the tools for the job? I would walk, period. I had a family member who worked as head of IT for a mid-sized architecture firm who left because they wanted him to pirate their legit copy of windows instead of paying for all the licenses they would need. He told them to pack salt. But in this current case, I'm sure they're will be calls from some to privatize the whole thing, ya know, for cost savings.
 
Become a Patron!
Back
Top