Two Florida cities suffered major ransomware attacks in the past month that wiped out their computer and phone systems.
First came the news that Riviera Beach had suffered a major ransomware attack. The attack started on May 29, 2019 and was detected the following day. The ransomware took the city’s phone system, email system, and water payment system out of action. A ransom demand of 65 Bitcoin ($592,000) was issued by the attackers for the keys to unlock the encrypted files. The city faced loss of critical data as files had been encrypted that had not been backed up. Paying the ransom was deemed the best option.
Then, on June 10, 2019, Lake City was attacked with “Triple Threat” ransomware. A spokesperson for the Lake City Police department said the ransomware used three methods to attack the city and take down its network systems. The attack wiped out its email system, landlines, and credit card services.
The city has implemented its cyberattack protocol and has switched to manual systems for day to day operations and is working with pen and paper. With little progress toward recovery having been made, two weeks after the attack the decision was taken to pay the ransom demand of 42 Bitcoin ($460,000) to regain control of its email system and servers. The city was covered by a cyber insurance policy so will only be required to pay the deductible of $10,000.
These two attacks are part of a string of ransomware attacks on cities and government entities in the United States. Baltimore was struck with ransomware for a second time in a little over a year. The attack forced a shutdown of most of its servers. A ransom demand of 3 BTC ($24,000) per system or 13 BTC ($102,000) in total was demanded. The ransom was paid for the keys to recover the encrypted files and restore systems promptly. The attack has been estimated to have cost the city $18 million. Albany in New York was also attacked with ransomware earlier this year. The attack caused some disruption to city services and major disruption at its Police Department.
In May, Recorded Future published figures from ransomware attacks it has tracked in 2019. Between January and May, there had been 22 ransomware attacks on cities and government entities, which is far more than the corresponding period last year.
It is unclear whether it is the same individual behind the two Florida attacks, but the ransomware variant involved appears to be different from the Baltimore attack (RobbinHood).
The FBI advises against paying a ransom unless there is no other choice. Payment of ransoms just encourages further attacks, especially when such high ransom demands are being paid. $1.1 million in ransoms collected from Florida cities in the space of just a few weeks is likely to encourage many more players to conduct attacks on poorly defended small cities and public sector entities.