Florida City Pays $600K Ransomware
A Florida city, hit by a ransomware attack three weeks ago voted this week to pay the hackers the requested ransom of $600,000. Riviera Beach, a city in Florida populated by 35,000, was hit by the ransomware attack May 29 after a city employee clicked on a malicious link in an email, according to local reports. Hackers behind the malware, which spread throughout the city's network and shut down its computer systems, asked for a ransom of 65 Bitcoin, worth around $600,000, in exchange for unlocking the computers.
The stakes of a ransomware attack are high. In the case of Riviera Beach, systems controlling the water utility were offline, government email and phones systems wouldn’t work, and 911 calls couldn’t enter into computer records. According to local reports, the computer systems controlling city finances and water utility pump stations are only partially online. These factors and more can be important when a ransomware victim is determining the timeline and damage stemming from paying a ransom versus not paying. The Riviera Beach City Council took a big gamble by paying the ransom as there are no guarantees the hackers will return any of the data, which could leave the city in an even worse situation. By paying the ransom, the council encourages more of these types of attacks as it makes it more profitable for hackers.
Riviera Beach is only the latest in a string of costly ransomware attacks targeting city governments. In 2018, several Atlanta city systems were crippled after a ransomware attack extorted the municipality for $51,000. And The city of Baltimore is another recent victim of ransomware, which hit in May and halted some city services like water bills, permits and more, demanding a $76,000 ransom. Many other cities who were it with ransomware chose not to pay off the ransom but were still left with crippling costs. Atlanta ended up spending $2.6 million in recovery costs, including incident response and digital forensics, additional staffing and Microsoft Cloud infrastructure expertise; while Baltimore dished out $18.2 million in restoration costs and lost revenue.
There’s never a guarantee that files will be restored after payment especially if the malware is programmed to delete files. To prevent against further damage, system administrators should considering restricting normal users access, so when ransomware is accidentally started, it cannot do as much damage from a limited account. Given that ransomware is typically known to target and delete backups, having a backup of critical data, ideally in a different location, can keep your data away from hackers.
The best practice doesn’t come down to paying a ransom versus not, it comes down preventing the cyberattack from happening altogether. Preventing attacks starts with understanding what the hackers are doing and how. Organizations need to look at the hackers' behaviors and the malware that’s in use. They also need to do the security basics well, patching, backups, and testing. Application whitelisting is also great prevention against ransomware.