Security News

Small Florida city pays ransomware hackers $600,000

Avast Security News Team, 22 June 2019

Riviera Beach officials felt they had no choice but to pay a huge ransom to recover data – many experts disagree

Hackers grab your computer files – should you pay to get them back? A small Florida city did just that by agreeing to pay more than half a million dollars in ransom to regain access to files and data that were locked and encrypted.

The Riviera Beach online system had fallen victim to ransomware – malicious software designed to take your computer files or system hostage – when an employee unknowingly clicked an email that allowed hackers to upload the malware.

Since then, city employees were locked out of email servers, phone systems, online databases, and online payment services. Even 911 calls had to be logged with pen and paper.

Despite the FBI stating that it “doesn’t support” paying cybercriminals, the Riviera Beach City Council believed it had no choice if it wanted to retrieve its encrypted records. The city council unanimously voted to spend almost $1 million on new computers and hardware, and authorized its insurance provider to pay the 65 Bitcoin ransom, which equates to approximately $590,000. The city will pay a $25,000 deductible.

“We have seen cases where cybercriminals asked for more money, even when the victim agrees to pay,” commented Avast Security Evangelist Luis Corrons. “The question remains: would Riviera Beach have made the same decision if the ransom had been paid out of their own pockets rather than using public coffers?”

Organizations are in a tough position when it comes to ransomware. Many experts agree that victims should not pay because it does not guarantee the safe return of data – or anything at all. Yet a new report from ProPublica says that the lack of alternative options has given rise to professional services that claim to handle ransomware threats – but often end up paying the ransom and charging victims even more.

Payments to these companies “underscore the lack of other options for individuals and businesses devastated by ransomware,” ProPublica noted. Law enforcement has struggled to apprehend the criminals involved, yet paying ransom encourages extortion and may finance cybercrime in nations such as Russia and Iran, the report found.

Corrons said there is a way forward, though. “In Riviera Beach’s case, buying new computers won’t help at all since those can be attacked again,” Corrons continued. “A better strategy would be to perform a forensic analysis, make decisions based on those facts, and secure what they already have.”

Riviera Beach’s approach is contrary to Baltimore, which experienced a similar ransomware attack a few weeks ago. Baltimore officials refused to pay the $77,000 Bitcoin ransom, which had ill-effects on the city’s economy. Home sales plunged and residents scrambled to pay bills, permits, property taxes, and parking tickets due to inaccessibility of government computers, essential for completing important transactions. The hack cost Baltimore around $18.2 million in lost or delayed revenue and direct costs to restore city systems.

“Public agencies and governments can only expect to have the attacks against them increased,” said Corrons. “As cybercriminals get more ‘funding’ from cities such as Riviera Beach, their search for new ‘investors’ will only gain momentum.”