Riviera Beach, Florida, pays hackers $600,000 after ransomware attack
Somewhere, a consortium of hackers is probably celebrating.
Early this week, the city council in Riviera Beach assembled to vote on a disturbing matter: whether or not to pay nearly $600,000 to free the city’s information technology from the grips of a ransomware attack.
The city council decided to pay the ransom — officially the largest reported ransom a government has paid hackers in 2019 — as demanded in the form of 65 bitcoins (equal to about $594,000 at the time). The hackers held up their end of the deal, sending the city a decryption key to restore its networks and devices.
According to the Palm Beach Post, the attack initiated in late May when an employee at the Riviera Beach police department opened an email containing malware. The intrusion spread throughout the municipal government, disabling the city’s official website, municipal employees’ emails, VoIP phones, and interfering with 911 dispatchers’ ability to process emergency calls.
Cybersecurity researchers have stated that the Riviera Beach’s attack looks similar to an attack in March on Jackson County, although the FBI, U.S. Secret Service, and Department of Homeland Security have not yet identified the type of malware used in this attack.
Allan Liska of the cybersecurity research firm Recorded Future says: “This attack has all of the hallmarks of recent ransomware attacks against state and local governments. It appears to be an advanced cybercriminal team, that took the time to study the network and determine how to inflict maximum damage on the city, increasing the chances that the ransom will get paid.”
A similar malware was also used in recent attacks against Imperial County, California, who refused to pay a $1.2 million demand, but has spent more than $1.6 million to rebuild its systems.
Much like Imperial County, Riviera Beach’s full cost of recovery will exceed the $600,000 ransom payment. A week after the attack was detected, the city council approved nearly $1 million to replace devices affected by the attack and upgrade its network architecture.
This terrible incident illustrates once more the importance of being proactive in IT security rather than reactive. In many cases, these types of attacks could have been prevented with the proper cybersecurity solutions in place — such as endpoint monitoring and email filters — which can be had for pennies on the dollar in comparison to even the lowest reported ransom demands.
Concerned about your risk profile? Contact the Texas cybersecurity experts at NCC to learn how we help organizations stay safe and out of the news.