Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Florida City Pays $600,000 Ransom to Save Computer Records

A Florida city agreed to pay $600,000 in ransom to hackers who took over its computer system, the latest in thousands of attacks worldwide aimed at extorting money from governments and businesses.

A Florida city agreed to pay $600,000 in ransom to hackers who took over its computer system, the latest in thousands of attacks worldwide aimed at extorting money from governments and businesses.

The Riviera Beach City Council voted unanimously this week to pay the hackers’ demands, believing the Palm Beach suburb had no choice if it wanted to retrieve its records, which the hackers encrypted. The council already voted to spend almost $1 million on new computers and hardware after hackers captured the city’s system three weeks ago.

The hackers apparently got into the city’s system when an employee clicked on an email link that allowed them to upload malware. Along with the encrypted records, the city had numerous problems including a disabled email system, employees and vendors being paid by check rather than direct deposit and 911 dispatchers being unable to enter calls into the computer. The city says there was no delay in response time.

Spokeswoman Rose Anne Brown said Wednesday that the city of 35,000 residents has been working with outside security consultants, who recommended the ransom be paid. She conceded there are no guarantees that once the hackers received the money they will release the records. The payment is being covered by insurance. The FBI on its website says it “doesn’t support” paying off hackers, but Riviera Beach isn’t alone: many government agencies and businesses do.

“We are relying on their (the consultants’) advice,” she said. The hackers demanded payment in the cryptocurrency bitcoin. While it is possible to trace bitcoins as they are spent, the owners of the accounts aren’t necessarily known, making it a favored payment method in ransomware attacks.

Numerous governments and businesses have been hit in the United States and worldwide in recent years. Baltimore refused to pay hackers $76,000 after an attack last month. The U.S. government indicted two Iranians last year for allegedly unleashing more than 200 ransomware attacks, including against the cities of Atlanta and Newark, New Jersey. The men, who have not been arrested, received more than $6 million in payments and caused $30 million in damage to computer systems, federal prosecutors have said.

The federal government last year also accused a North Korean programmer of committing the “WannaCry” attack that infected government, bank, factory and hospital computers in 150 countries. He is also believed to have stolen $81 million from a Bangladesh bank. He also remains in his home country.

The FBI had no comment Wednesday on the Riviera Beach attack, but said 1,493 ransomware attacks were reported last year with victims paying $3.6 million to hackers — about $2,400 per attack. Some of those were against individuals.

Advertisement. Scroll to continue reading.

Tom Holt, a Michigan State University criminal justice professor, said hackers often attack common and known vulnerabilities in computer systems. He said organizations’ technology managers need to examine their systems for such flaws and teach their employees not to open suspicious email or click suspect links. The FBI says businesses also need to back up their data regularly on secure computers.

Holt said most attacks originate outside the U.S., making them difficult to police. He said many victims wind up like Riviera Beach: They pay their attacker because it is likely the only way to retrieve lost data.

“They might not pay the initial ransom that was suggested, but they may work with a third-party provider to negotiate the ransom down,” Holt said.

He said in almost all cases, the attackers decrypt the computers after payment, allowing the victims to retrieve their data. He said the WannaCry attacks were an exception — the hackers took the money but often didn’t release the data.

Some private WannaCry decryption attempts were successful.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...