Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So they offered $400,000 for restoring what was most likely a week of lost work for 158 employees. That works out to $2,531.65 per employee for that week. Is the average salary of the compromised employee $131,645.57 ($2,531.65*52)? It sounds like the town was just willing to throw a lump of cash at the attacker based on what other victims had paid with no regard to what the lost work was actually worth. I know the attacker did not accept and it allowed them to strengthen their security and etc., but it bothers me that the attacker could have just gotten a $400,000 payout. It’s almost as if the moral of the story is “even if a town government had backup system in place, you can still pull in a few years of income with a ransomware attack!”


You would lose more than a week of work if your entire team is no longer doing this week's work to make up for last week's.

Let's say they instead of doing this week's work, they do last week's, next week they're still a week behind and you have to start paying 100+ government employees overtime in order to regain the catch up on the remaining week. This could take a while to catch up and be incredibly expensive.

The $400,000 wasn't taxpayer money it was their insurance companies offer to make this go away.


Local government work is mostly cyclical and the "customer" is captive. It's not the end of the world if they bill someone a day late or have to re-add the new librarian to the payroll system. It's not like people can up and switch to a new government because they don't like the quality of service.

Based on having grown up in the region and having, um, "connections" to state and local government I think it is highly likely that their desire to not throw out work was based around reasoning around how their public image would be affected if a batch of fines/taxes/fees/bills had to be waived. Cutting people (collectively, waiving something on a case by case basis is fine) a break because the government screwed up is kind of a non-starter because of the possibility of setting a precedent.


That assumes the work is repeatable.

It also assumes no one but the employees would have to put time into recreating the repeatable work.

For example, people turning in documents in order to get permits. Now they'd have to figure out which ones were lost and regenerate them. It adds up.


I guess accepting it would set the precedent that they are easy to lowball? Also, it might even be a lower sum for the city, if they need to redo the work, the employees will already know more or less what to do and it might be faster.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: