Application security, Malware, Phishing

Second Florida city burned by ransomware and pays attackers

Just two weeks after Lake City, Fla., government officials said their municipality was in the process recovering from a June 10 ransomware attack, the city opted to pay a $460,000 ransom.

Lake City Mayor Stephen Witt told CBS47 the decision to pay the ransom was made after speaking with the FBI and its insurance company. On June 24 the city council held an emergency meeting to discuss “possible action regarding payment not to exceed the coverage limit of the City’s insurance policy to aid in the recovery of the City’s computer systems and data.”

Witt said the city’s insurance will cover all but $10,000 the ransom paid, CBS47 reported.

Lake City’s move mirrors one made by Riviera Beach, Fla., last week when it opted to pay $600,000 to its attackers. The decision to pay the ransom represents a quick turnaround for Lake City. As of two weeks ago, the city said it was well along in the process of recovering from the attack.

Lake City was hit with TripleThreat ransomware, City Manager Joe Helfenberger said in a statement posted to Facebook on June 10 and two days later in an update the city’s recovery efforts were making progress with its it department scanning computer equipment and working with a third-party vendor to make sure the system was clean.

“City-wide emails are expected to be restored within a day. Data recovery efforts have so far been successful,” the city said in a second release posted to Facebook on June 12.

Shlomie Liberow, HackerOne’s technical program manager, told SC Media that while he understands the desire and need to pay the ransom doing so only encourages more attacks.

“Unfortunately, paying the ransom often seems like the only way to fix the problem as operations can be halted or slowed for months while security teams work to recover the systems. However, paying the ransom only encourages cybercriminals, proving their tactics work and leading to further attacks,” he said.

Instead Liberow believes being properly prepared is the best course of action, a line of thought backed by Cesar Cerrudo, CTO of IOActive and founder of Securing Smart Cities, who believes there is a lack of knowledge and understanding around the importance of cybersecurity.

“As a result, when a city suffers a cyberattack, there is minimal coordination and thus a loss of time in determining the best way to respond. In the same way that some cities prepare for earthquakes or other natural disasters, they should prepare for cybersecurity attacks. If we are not prepared, then the consequences will be worse,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.