Baltimore, Lake City, and Riveria Beach all fell victim to ransomware attacks within the last months, and now Georgia is next. Prevent cyberattacks with this FBI advice.
There’s plenty of advice on how to prepare for a ransomware attack, but the message about the importance of backups segregated from the main network doesn’t seem to be getting through.
Organizations may not be able to prevent their employees from clicking malicious phishing links, but robust backups can help restore order quickly. It appears – at least in the case of Lake City, Fl., there are unpleasant consequences for those at the top, according to Data Breach Today.
The small city in central Florida has fired its IT manager, Brian Hawkins, after ransomware disabled its phone and email systems on June 10, according to Gainesville-based broadcaster, WCJB TV20.
Hawkins could not be immediately reached for comment via his LinkedIn profile, which says he has been the IT manager there for five years.
Lake City opted to pay the attackers about $530,000, or 42 bitcoins, to restore access to systems and data. According to its fiscal 2019 report, the city’s general fund – which pays for administration, police, public work and recreation – is about $16 million.
The ransom cost was mostly covered by insurance. The city has a policy with the Florida League of Cities and will only have to cover $10,000 out of pocket. The ransom was paid on June 25, and the city then received the decryption key.
Despite advice from the FBI that organizations should not pay ransoms, the decision is increasingly being looked at from a cost/benefit perspective.
Insurance policies may cover ransoms, and the option may look appealing if the cost of recovery is more than the ransom. As ProPublica reported last month, some forensics firms that claim to be able to resolve a ransomware infection are actually paying the ransom while passing the cost onto their customers.
Plus, there’s the vexing question over who is profiting from the ransom. ProPublica traced four ransom payments made by Proven Data Recovery, a firm based in New York. The payments – made to get the decryption key for a SamSam infection – ended up in bitcoin wallets linked to Iran.
The city of Baltimore, however, refused to pay a ransom after a recent attack and endured an estimated $18 million in recovery costs. The city was affected by the Robbinhood ransomware, which forced the city to revert to manual processes.
Kirk, Jeremy. (2019, July 2). More US Cities Battered by Ransomware. Data Breach Today.