Over the last two weeks, Florida municipalities have paid $1.1m to ransomware hackers.
Lake City officials voted to pay hackers in Bitcoin after two weeks of downed computer systems brought daily operations to a standstill.
IT staff is said to have disconnected the computers within minutes of the attack, but it wasn’t fast enough to prevent the hack. Workers were locked out of their email and all online municipal payments were denied.
The town’s insurer was contacted directly by the hackers, who negotiated a ransom of 42 bitcoins, or $500,000. Officials decided that paying the ransom was the most efficient way to regain control of their computers. While a majority of the ransom is covered by insurance, $10,000 will be footed by taxpayers.
“I would have never dreamed this could have happened, especially in a small town like this,” said mayor Stephen Witt.
Just last week, the municipality of Palm Beach, Florida paid $600,000 in Bitcoin following a similar ransomware attack. This attack targeted municipal email, water pump stations and emergency response systems in Riviera Beach, rendering them inaccessible to legitimate users. The attack was triggered when an employee clicked on an infected attachment in an email.
Last year, a borough in Alaska called Matanuska-Susitna was brought to a standstill by a ransomware attack that has cost over $2m to date. The community of just 100,000 people is said to be the 210th victim of this version of malware.
Officials believe the malware was sent to a borough employee via email from an organization they were working closely with at the time. They believe that the organization was targeted by a phishing attack that allowed hackers to send the malicious email from a trusted source, improving the odds that the borough employee would download the malware to their computer.
In each of these cases, officials and community members are left wondering why they were chosen as the target. As large corporations improve their cyber security, smaller targets become more appealing to hackers.
They know that smaller businesses are less likely to have robust backups and disaster recovery protocols in place, meaning their ransomware can do the most damage with the least amount of effort. Additionally, small businesses are less likely to employ IT staff that will combat the attack or prevent a payout.
“Organizations are financing their attackers to be better than them – and sooner or later that situation may snowball for everybody else trying to defend their networks,” said cyber-security expert Kevin Beaumont while warning that organizations need to improve their IT security.
Is your business vulnerable to phishing attacks and ransomware? Call us at 914-934-9775 or email firstname.lastname@example.org and ask to schedule a free cyber security consultation for your business. We’ll send a knowledgeable IT engineer to review your computer network and uncover any vulnerabilities that might be hidden in your system. From there, we’ll make recommendations for how you can resolve these issues and better secure your sensitive data.
PCI is an IT Managed Service Provider for small and mid-sized businesses in Westchester County, NY, Fairfield County, CT and New York City. We offer comprehensive managed services that keep your network safe and running smoothly.