U.S. City Rejects Hacker’s $5.3 Million Ransom; Restores from Backup
New Bedford, Massachusetts is making news after the city council defied the demands of a hacker that held its data for ransom, requesting $5.3 million USD for the data to be decrypted and returned to the city.
It has now been revealed that the initial data breach took place in July, with Mayor Jon Mitchell holding a press conference - which you can view here - this week to confirm both the breach, and how they dealt with the hacker’s demands.
According to Mayor Mitchell, a hacker infected the city’s IT systems with ransomware which impacted 4% of the city’s network. The group behind the attack inserted the Ryuk ransomware code, one of the most common ransomware bugs, which spread to 158 PCs in the system.
According to the Mayor, the extent of the breach could have been much worse, had the hackers not initiated the breach in the evening when most of the city’s computers were switched off which stopped the severity of the ransomware spreading.
“While the attack was still underway, the city, through its consultants, reached out to the attacker, which had provided an email address,” Mayor Mitchell said in the press conference. “The attacker responded with a ransom demand specifically that would provide a decryption key to unlock the encrypted files in return for a Bitcoin payment equal to $5.3 million USD.”
The city made a counter-offer of $400,000 to the hacker, as New Bedford didn’t have the money, which was ultimately rejected. Had the Mayor elected to pay, the ransom would have been the largest recorded payment to a hacker in exchange for decryption of files; the record is currently held by a South Korean web hosting company that paid $1 million USD to hackers that compromised its systems.
The decision to make a counter-offer and engage the hacker in conversation was a deliberate one from the city government, who was giving its IT team more time to consolidate their systems in the event the hacker decided to strike again.
“In light of these considerations, I decided to make a counter-offer using insurance proceeds in the amount of $400,000, which I determined to be consistent with the ransoms recently paid by other municipalities,” Mayor Mitchell added.
“The attacker declined to make a counter-offer, rejecting the city’s position outright.”
The city’s IT consultants then suggested they restore the system from backups they’d made previously, which, according to ZDNET was an easy decision to make “due to the low number of infected systems, and the fact that no critical systems had been impacted by the ransomware. This made managing the public’s pressure easier than in other municipalities where ransomware infections effectively cripple almost all city services.”
Caitlin Cimpanu’s article also mentions the fact that a recent report from ProPublica shines light on the way in which “insurance firms are inadvertently fuelling the ransomware economy by advising cities to pay ransom demands, rather than rebuild IT networks -- as ransom payments are always cheaper for the insurance firm to cover.”
This has in turn encouraged would-be attackers to follow through on their attack due to the fact it’s more than likely an insurance company will foot the bill for the ransom. Attacks like the one mentioned here are set to increase, detailed universally by almost every report published that is measuring both the severity and frequency of attacks on private citizens, corporations and government entities. As it stands, the costs of cyber attacks is an estimated $3 trillion globally, and this is set to rise to $5 trillion by 2024.