Ransomware kidnappers have successfully extracted some $600,000 from the city of Riviera Beach, Florida to unlock its computer systems and restore essential data.
The Palm Beach suburb joins a growing number of governments, municipalities and businesses victimized by a wave of ransomware (see below). Here’s what’s known about the Riviera Beach cyber attack: (via the Palm Beach Post)
- The hack began on May 29 when someone in the local police department opened an infected email. The city first noticed something was amiss when its email system and phone service went down and 911 dispatch didn’t work.
- In a Monday, June 17 meeting, Riviera Beach’s city council voted unanimously to authorize its insurer to pay 65 bitcoins to the crooks to restore its network. It reportedly took the board all of two minutes to decide the issue.
- The city will have to pony up an additional $25,000 to cover the insurance deductible. The insurance company has negotiated with the hackers.
- At this point, sensitive data encrypted by the hackers is still not accessible. The city hasn’t said if it holds a guarantee the information will be unlocked once it pays the ransom.
- The city’s email and computer systems at City Hall, the city’s Port Center offices and elsewhere, including those that control city finances and water utility pump stations and testing systems are still only partially back online.
It's not clear if Riviera Beach officials consulted with outside security experts such as managed security service providers before concluding to pay the ransom.
Paying the Ransomware Bounty: Is It Worth It?
Recent SentinelOne research shows us that 45 percent of U.S. companies hit with a ransomware attack paid at least one ransom, but only 26 percent of these companies had their files unlocked. Furthermore, organizations that paid the ransoms were targeted and attacked again 73 percent of the time as attackers treat paying companies like ATMs, according to Chris Bates, VP, security strategy at SentinelOne.
"The real answer is taking a proactive approach and updating legacy defense systems susceptible to sophisticated attacks, in addition to allocating additional resources to security team staffing, training and support," Bates asserts.
Still, it's clear that municipalities and their representatives are struggling to understand and mitigate cyberthreats. “This whole thing is so new to me and so foreign and it’s almost where I can’t even believe that this happens but I’m learning that it’s not as uncommon as we would think it is,” Riviera Beach Council Chairwoman KaShamba Miller-Anderson told the Post. “Every day I’m learning how this even operates, because it just sounds so far fetched to me.”
The city council had earlier voted to spend roughly $1 million on new computer equipment following the May 29 hack, the Post reported. More than 300 new desktop and laptop computers are on the work order. Insurance will cover more than one-third of that requisition. Much of the existing hardware was at least six years old and vulnerable to another malware attack, Councilwoman Julie Botel told the Post.
Making deals with cyber crooks is anything but on the level. Last year, nearby Palm Springs was hit by a ransomware hack and, despite paying an undisclosed sum to unlock its records, still lost two years of data, a source told the Post.
The FBI, Homeland Security and U.S. Secret Service are investigating the Florida attack.
Ransomware Attacks Hit Cities, Government Infrastructure
In recent months, ransomware and malware attacks have targeted municipal IT operations, government and transportation systems in recent months. Here are some examples:
- May 7: City of Baltimore hit with ransomware attack.
- April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
- April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
- April 2019: Hackers stole roughly $498,000 from the city of Tallahassee.
- March 2019: Albany, New York, suffered a ransomware attack.
- March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
- March 2018: Atlanta, Georgia suffered a major ransomware attack.
- February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.