Florida city will pay over $600,000 to ransomware attackers

The small city of Riviera Beach, Florida, has agreed to pay attackers over $600,000 three weeks after its systems were crippled by ransomware.

The city council has authorised its insurance company to pay 65 bitcoins to the cybercriminals who infected their system on 29 May 2019.

The Palm Beach Post reported that an employee in the City Police Department infected machines across its network by opening an email.

The attack on the city, a suburb of West Palm Beach with a population of 35,000, took all its operations offline. Email went down and officials had to resort to hand-printed cheques to pay employees. 911 dispatchers were also unable to enter calls into computer systems, said reports.

On 5 June 2019 the City posted a terse online notice reporting a ‘data security event’. No further updates appeared on its website or Twitter account.

Councillors had already authorized $941,000 to pay for 310 new desktop computers and 90 laptops after the attack, expediting an already overdue refresh of old equipment.

In paying the ransom, the council is relying on advice from external security consultants, said spokesperson Rose Anne Brown, adding that there was no guarantee the files would be restored.

Waiting to make the payment has cost Riviera Beach even more money. On 30 May 2019, the day after the infection, the ransom equated to $540,765 at Bitcoin’s closing price (via CoinMarketCap). As of yesterday, 20 June 2019, it amounted to $619,265. Bitcoin’s volatility can make an already tense situation even more problematic for victims.

Coveware, which advises companies on ransomware recovery, said in its Q1 2019 report that 96% of companies paying a ransom received a working decryption tool, but the recovery success rate varied according to the type of ransomware used. GandCrab’s attackers issued the decryption tool reliably (their system was automated), while Dharma was much riskier. On average, decryption tools recovered 93% of the decrypted data, again varying by ransomware type.

Email phishing – the technique that nobbled Riviera Beach – accounted for 30.4% of ransomware infections during Q1, Coveware added.

This attack follows a ransomware attack on the City of Baltimore, which refused to pay its attackers 13 bitcoins (worth about US $100,000 at the time). The attack will ultimately cost over $18m, including lost or deferred revenue due to slowed payments.

Successful attacks on local governments in the US demonstrate a need for better cybersecurity. In 2016, the International City/County Management Association (ICMA) surveyed 2,423 local US governments and got 411 responses. It found that only 34% had a formal, written breach recovery plan and only 48% had a formal, written cybersecurity plan. The biggest barrier to effective cybersecurity was a lack of funds.

This isn’t the only cyberattack this month on a Florida community. The State’s Lake City suffered a malware infection on 10 June 2019, which used three attack methods in concert. The attack, which was not followed by a ransom demand, took down city email systems, landline phones and credit card services according to a statement from the City. Two days later, it was recovering from the attack and had emails back online.

Sophos products can help

Sophos Intercept X Advanced protects against ransomware. Learn how it detects and blocks attacks over on Sophos News.