Massachusetts City hit with $5 Million Ransom
Massachusetts city, New Bedford was hit with one of the largest known ransom of more than $5 million. After a ransomware attack slapped a hefty payout demand of $5.3 million on New Bedford, Mass., the city chose not to pay the ransom and restore what it can from backups. The city was first infected on July 5, which it previously blamed on an unspecified virus. According to New Bedford Mayor Jon Mitchell, the attack was the Ryuk ransomware. He said that the hackers demanded a $5.3 million ransom in Bitcoin.
On Friday, July 5, 2019, the City of New Bedford's Management Information Systems staff identified and disrupted a ransomware attack in the early morning hours before city employees began the work day. The city's MIS department has now completely rebuilt the city's server network, restored most of the software applications, and replaced all of the computer workstations that were found to be affected. The attack did not disrupt the city's services to residents. The city's MIS staff is now addressing the internal impact on city government.
Due to a combination of luck, skill and the architecture of the system, only about 5% of its computers were affected. That's because the city was able to quickly disconnect its computer servers and shut down systems. Also, the attack hit after the July 4 holiday and most computers were turned off at the same time that the ransomware was attempting to spread.
Impacted computers include those used by the fire department for administrative purposes. However, the emergency dispatch system and municipal services such as schools and water were not affected. The city's financial management system was temporarily placed out of service but was quickly brought back online.
Hackers demanded a Bitcoin payment of $5.3 million, making it one of the largest known ransoms. Before this, a South Korean web host paid the equivalent of $1 million after a ransomware attack that hit 153 Linux servers and locked up more than 3,000 websites. The city first made a counter offer of $400,000, which was rejected by the hacker. Mitchell said that this cost would have been covered by the city's insurance provider. Even though law enforcement officials advises against paying ransom, Mitchell thought it would be irresponsible to reject the possibility of getting all the files back if insurance would cover it. It isn't known how much the city data has been recovered and restored at this time. The mayor did not respond to a request for comment regarding how much was backed up and how the initial ransomware infection first occurred.
Ransomware attacks against city and local governments continue to make headlines. In June, two Florida cities, Lake City and Riviera Beach, were both hit by ransomware and decided to pay the ransom. Louisiana’s governor declared a statewide state of emergency after a bunch of public schools were hit with ransomware. The city of Baltimore was hit in May and halted some city services like water bills, permits and more. In 2018, several Atlanta city systems were infamously crippled after a ransomware attack. In August, 22 local Texas governments were hit by a ransomware attack that Texas officials say is part of a targeted attack launched by a single hacker.
The best defense against ransomware is to keep up to date with all the data backups. Snapshots of servers and workstations should be backed up whenever there is a change in the configuration. Some other measures include being careful not to open any email attachments from suspicious sources.