Fort Lauderdale, Florida: The Riviera Beach City Council authorized the city’s insurer to pay nearly $600,000 worth of ransom to regain access to data walled off through an attack on the city’s computer systems.
In a meeting Monday night announced only days before, the board voted 5-0 to authorize the city insurer to pay 65 bitcoins, a hard-to-track cryptocurrency valued at approximately $592,000. An additional $25,000 would come out of the city budget, to cover its policy deductible. Without discussion on the merits, the board tackled the agenda item in two minutes, voted and moved on.
The dollar amount was not mentioned before or after the vote, only that the insurer would pay through bitcoins, “whose value changes daily.”
The city’s email and computer systems, at City Hall, the city’s Port Center offices and elsewhere, including those that control city finances and water utility pump stations and testing systems, are still only partially back online, two weeks after the ransomware attack was disclosed. But crucial data encrypted by the attackers remains beyond reach and there was no explanation of whether the city has any guarantee that the ransomers will release it if paid.
The FBI, Secret Service and Department of Homeland Security are investigating the attack, which officials said began after someone in the police department opened an infected email May 29.
More than 50 cities across the United States, large and small, have been hit by ransomware attacks during the past two years. Among them: Atlanta; Baltimore; Albany, N.Y.; Greenville, N.C.; Imperial County, Calif.; Cleveland, Ohio; Augusta, Maine; Lynn, Mass.; Cartersville, Ga.; and in April, nearby Stuart.
The Atlanta attack alone cost that city an estimated $17 million.
The Palm Beach County village of Palm Springs was hit in 2018, paid an undisclosed amount to ransom but nonetheless lost two years of data, according to one source who asked not to be identified.
“This whole thing is so new to me and so foreign and it’s almost where I can’t even believe that this happens but I’m learning that it’s not as uncommon as we would think it is,” Riviera Beach Council Chairwoman KaShamba Miller-Anderson said Wednesday. “Every day I’m learning how this even operates, because it just sounds so far fetched to me.”
The ransomware attack paralyzed the computer system, sending all operations offline. Everyone from the city council on down was been left without email and phone service. Paychecks that were supposed to be direct-deposited to employee bank accounts instead had to be hand-printed by finance department staffers working overtime. Police searched their closets to find paper tickets for issuing traffic citations.
Interim Information Technology Manager Justin Williams told the council Monday the city website and email is back up, as are finance department and water utility pump stations.
Miller-Anderson said city officials have been briefed by investigating agencies and asked not to discuss details. The agencies advised the city but it was up to the council to decide whether the information lost was so valuable that the city should comply with the ransom demand and hope the ransomers provide a decryption key, she said.
“It’s a risk,” she said. “Those were the two options: Either do it or don’t.”
The insurance company negotiated on the city’s behalf, she said.
She said she did not know if police department records were compromised. Water quality never was in jeopardy but water quality sampling had to be done manually, she said.
The attack has prompted the city to replace much of its computer system sooner than expected.
The council on June 4 authorized $941,000 for 310 new desktop and 90 laptop computers and other hardware. Insurance will cover more than $300,000 of that total.
The city already planned to spend $300,000 for equipment replacements in the next budget and will accelerate that expense, Councilwoman Julie Botel said. Much of the existing hardware was a half-dozen years old and vulnerable to another malware attack, so it was time to replace it anyway, she said.
According to the U.S. Department of Homeland Security, ransomware is the fastest growing malware threat, targeting both individuals and organizations. In 2018, the massive “SamSam” virus disrupted the flight information system, baggage displays and email at Cleveland Hopkins International Airport, while another attack crippled computers at the Port of San Diego.
City governments in Atlanta, Newark, N.J., and Sarasota, Fla., also have been hit by ransomware schemes. And hackers have taken the information systems of dozens of U.S. hospitals hostage.
“Ransomware is commonly delivered through phishing emails or via ‘drive-by downloads,'” according to Homeland Security. “Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment.”