One employee’s wrong click has turned into a massive headache for Riviera Beach.
A city council in the U.S. state of Florida has voted to pay USD $600,000 (AUD $855,000) to regain control of its computer network after cyber criminals were able to gain control and implement ransomware to essentially hold the council hostage.
According to reports, Riviera Beach’s “city council voted unanimously to pay $600,000 in bitcoin to the hackers who caused the problem.”
The malware was first embedded in the city council’s network after a successful spear-phishing campaign saw an oblivious employee open up an email attachment containing the damaging software.
According to the Palm Beach Post, “the attack began on May 29, when an employee from the police department opened an email attachment that contained malware.” The malware soon spread itself throughout the city’s interconnected computer systems, impacting everything from its email system to emergency service operations.
Business Insider’s Sinéad Baker warns that “it’s a massive alarm bell for the rest of the US… the payout is a sign of how unprepared much of the US is to deal with the wave of cyberattacks,” she writes.
According to reports, the city council first tried to resolve the issue, spending nearly a million dollars in the process, before conceding to the demands of the cyber criminals and paying the ransom. CNET’s Alfred NG writes that the payment “will come from the city’s insurer, though it’s still unclear if the hackers will decrypt files afterward. US law enforcement agencies often recommend that ransomware victims don’t pay hackers, pointing out that there’s no guarantee hackers will comply and that payments encourage cybercriminals to strike again.”
“City governments that don’t pay after ransomware attacks can end up with costs higher than what the hackers initially demanded,” NG continues to explain. “After Atlanta suffered a ransomware attack in March 2018, the hackers demanded USD $51,000 in bitcoin. The city refused to pay, and that cost it an estimated USD $17 million in damages.”
Authorities have noticed a recent trend in cyber attacks holding government infrastructure and city councils hostage for a ransom to be paid in bitcoin which is notoriously difficult to monitor. The US Department of Homeland Security warned back in 2018 that malware attacks on local-level governments were “among the most costly and destructive” attacks they’d identified in recent years.
Analysts at Forrester Research quoted by CNET say that paying ransomware constitutes a “valid recovery option” for organisations that can’t get their files back through other means. “Malwarebytes, a cyber security company, said in an April report that ransomware attempts on businesses jumped by 500%” in the past twelve-months, establishing the clear trend that cyber criminals are increasingly moving toward ransomware attacks as a means of income.
A 2019 from Mimecast shows that in recent history, 73% of public agencies in the United States have experienced issues relating to ransomware attacks. However, it’s not just low-level cyber criminals in the mix, as CNET explains: “In November, the Justice Department announced charges against Iranian hackers for an incident that hit more than 200 city governments and hospitals with ransomware, causing more than $30-million in damages.”