In what is becoming a frequent occurrence, Lake City in Florida has become the second city within a week to submit to the demands of ransom from hackers. A hefty sum in terms of bitcoin was paid as ransom to help the city government start functioning normally again. The chain of events started when an employee opened an infected attachment that was sent via an email.
The massive attack was what the experts are calling a triple-threat Ryuk attack. The initial stage involved the release of Emotet trojan which then downloaded and activated the TrickBot trojan and the Ryuk ransomware. From the 100 year old municipal records to gas and water service systems and phone connections, everything went down as Ryuk spread through the city’s communication systems. Even the backup files were rendered inaccessible. Fortunately, the police and the fire department remained functional as they were operating through a different server.
The IT staff disconnected the systems as fast as they could within few minutes of detecting the attack but was unable to contain the attack. The ransom demand was made a few days later and since the matter is under investigation, the officials could not disclose exact value of the amount other than the fact that it was shockingly high. The insurer of the city, Florida League of Cities, hired a security consultant and also co-ordinated with the FBI to negotiate with the hackers and resolve the issue. After several days of negotiations, the city officials decided that submitting to the ransom demand is the best way to settle the issue.
The insurer is reported to have paid 42 bitcoins as ransom, which can be valued around $500,000. The IT staff received a decryption key through which they are in the process of recovering the data. This is a cumbersome task as it takes almost 12 long hours to retrieve each terabyte of data. Though the insurance will cover the major chunk of the ransom, an amount of around $10000 will have to be incurred by the taxpayers. As par the latest reports, the city has fired its director of information technology for failing to keep the city’s network secure.
Even though the official position of the FBI does not support surrendering to the ransom demands, for the small cities the choice is difficult. The attacks prevent the smallest of the daily municipal tasks and affects the emergency services resulting in a chaotic situation. The city often finds the cost of recovering the lost data much higher than the ransom. Mark A. Orlando, the chief technology officer for Raytheon Intelligence Information and Services adds, “These groups are always trying to find that sweet spot: What is enough someone will consider paying but not so much that they’ll say, ‘Forget that. It’s easier to rebuild.'”
A week back, Riviera City in Florida also paid a ransom of 65 bitcoins to a group of hackers. In March this year, Jackson County, Georgia also submitted to the demands of hackers to regain access to their data. The highest amount of ransom paid to hackers through bitcoin was by the Korean firm Internet Nayana in June 2017 and amounted to $1.14 million. Experts believe that the wave of ransomware attacks on small cities and institutes will be on the rise in the coming days.