gespenstern wrote: » Yawn. Can't even come up with anything meaningful as everything was said many, many times. I'm not even going to ask where their backups were and stuff like that.
dhay13 wrote: » I am a little surprised that they announced the attack in that manner. A simple email stating they had experienced a technical issue would have been sufficient and not been as damaging to the schools reputation. Unless there was a breach involving PII and legal disclosure then I would think it best to not let that info out?
Hunter91 wrote: » In consultation with district and college leadership, outside cybersecurity experts and law enforcement, a $28,000 payment was made by the District.
TechGromit wrote: » Maybe the cyber security experts can educate them that backup server are considerately cheaper than 28k and have an even higher provability to recovering lost information. But that's the way thing usually go in IT, it's not a consideration until it's an emergency. With a proper backup policy, it sould have been wipe the servers, reinstall op system, restore backups. Also restricting access to only the people that absolutely need it would minimize damage. I'm in cyber security, but have no access to any of the onsite servers, cause I don't need it.
TheFORCE wrote: » Yep that was my first thought too. Bad move to pay the money, now the attacker knows that you will pay in the future, so what is stopping them from doing it again 5- months or 1 year down the road? And really they consulted "cyber security experts" and the law enforcement and they agreed to pay? seriously? All literature out there and white papers and articles and everything from leading cyber security experts say to not pay the money. Who were these people that agreed?
Rumblr33 wrote: » Even if they did negotiate, Hollywood Presbyterian settled for less of a requested ransom, why couldn't the community college. $28,000 seems steep to me, but I don't know how valuable their data is.
TechGromit wrote: » Who knows maybe 28k is the negotiated rate. Also depends on how they got hit by ransomware, it was by spam email or a website download, it could be as simple as the average ransom of $300 per computer times the number of computers / servers affected.
Moldygr33nb3an wrote: » It's becoming a steady trend a lot of these groups aren't delivering the key after payment has been made.
Rumblr33 wrote: » https://services.laccd.edu/districtsite/docs/LAVC_Cybersecurity_Event_FAQ_from_President_Endrijonas.pdf
Rumblr33 wrote: » This still seems high to me. I also found out they paid the ransom via their cybersecurity insurance and this leads me to believe there was no negotiation.https://services.laccd.edu/districtsite/docs/LAVC_Cybersecurity_Event_FAQ_from_President_Endrijonas.pdf
Node Man wrote: » $28k == poetic justice? Sounds like the amount for a years tuition.
TechGromit wrote: » So the district is advanced enough to have a cybersecurity protocol in place, but no backup strategy? The good news is they do not offer an associates degree in computer science because I don't think they are qualified to teach A+ certification night courses. My guess is there backup strategy consisted on disk to disk online backups. Convenient, but not wisest of solutions.
