Florida city votes to pay hackers after failing to recover from ransomware attack

Florida city votes to pay hackers after failing to recover from ransomware attack
featured image

This article originally appeared in SiliconANGLE on June 20, 2019.

A Florida city has voted to pay nearly $600,000 in bitcoin to hackers who have held their computer network for ransom.

Riviera Beach, 50 miles north of Fort Lauderdale, voted unanimously to pay the ransom on Monday after failing to recover data on their network since the ransomware attack began on May 29. The form of ransomware was not disclosed, but the attack started when an employee opened an infected file in an email attachment.

In this case, the attack has crippled the city’s emails system as well as 911 dispatch operations. City council members had previously voted to spend $1 million on new computers for the city, but that alone wasn’t enough to address the ransomware crisis.

The payment is notable because of its size. “To the best of our knowledge, this is the highest-paid ransom by a state and local government,” Allan Liska, intelligence analyst at threat intelligence firm Recorded Future Inc., told SiliconANGLE.

But he noted it wasn’t the highest demanded ransom, citing an unknown ransomware attacker who demanded $33 million in 2016 from Sarasota, Florida, which it refused to pay. More recent examples include a $320,000 ransom demand against Winder, Georgia, also not paid, and a $400,000 ransom that was paid by Jackson County in Georgia.

Sneha Kokil, software security consultant at Synopsys Inc., noted that ransomware attacks are alive and well.

“As ransomware attacks continue to evolve, we’re noticing that the most recent attacks have become more targeted, more sophisticated, and follow a broader definition of ransom,” Kokil said. “In fact, ransom can take various forms that commonly include traditional money demands or cryptocurrency demands such as bitcoin.”

Security experts suggest not paying ransoms because it may encourage expanded or copycat attacks, he added. “Additionally, in many cases there is no guarantee that the paid ransom will release the decryption key for you to access the data being held for ransom,” he said.

Usman Rahim, digital security and operations manager at the advertising verification firm The Media Trust, said the takeaway from this and similar attacks is clear: “All businesses should back up their data and train their employees on how to avoid such cyberattacks,” he said. “It will save them from having to negotiate with bad actors or pay any ransom.”