Residents of three Florida cities were unable to access many vital government services while officials scrambled to spend hundreds of thousands of dollars to bring downed IT systems back online. It may sound like the aftermath of another brutal hurricane season for the Sunshine State, but these outages were not the result of any severe weather events. Within the past month, cyber attackers have penetrated the cities’ IT systems, collected ransoms totalling over $1.1 million, and cost at least one employee their job.
PCMag.com reports the city of Riviera Beach will pay $600,000 to the hackers behind a ransomware attack to recover its encrypted files. The attack occurred on May 29th after a police department employee opened an email containing malicious code. In addition to paying the ransom, the city will also spend close to one million dollars to upgrade its IT systems, which includes purchasing more than 400 desktops and laptops.
In a separate attack on June 10th, attackers were able to encrypt Lake City’s IT systems after tricking an IT employee into opening a document attached to an email, infecting the city’s network with the Emotet trojan, which later downloaded the TrickBot trojan, and then the Ryuk ransomware.
Kacy Zurkus at Infosecurity on June 26th reported the mayor confirmed the city will pay the ransom, and on July 1 ZDNet’s Catalin Cimpanu learned the employee who opened that malware-laden email was fired “after the city was forced to approve a gigantic ransomware payment of nearly $500,000.”
The latest attack hit Key Biscayne on June 23, although Dark Reading reports city officials have not disclosed the attackers’ motivations. All government systems are now back online, and village council members have authorized funding to bring in outside consultants to better understand how the attack happened.
None of the news reports I’ve read provide any evidence that these attacks are related or were coordinated by one attacker or group. It could just be a coincidence that three smaller Florida cities were targeted – Key Biscayne’s population is 13,000, Riviera Beach has 35,000 residents, and just over 12,000 people live in Lake City.
That doesn’t mean officials with Florida’s larger cities like Miami, Orlando, Jacksonville and Tallahassee should think their IT systems are too big, complex and well-protected for cyber thieves to target. The devastating cyber attacks against Philadelphia, Baltimore and Atlanta, and the more recent ransomware attack that hit Georgia’s court system, serve to debunk that myth.
Georgia’s court system has been taken offline following a ransomware attack. https://t.co/03NAiLTAFv Meanwhile, Philadelphia is still restoring systems more than a month after a similar attack on its court system https://t.co/TCLfU8nCC3
— briankrebs (@briankrebs) July 1, 2019
In fact, the threat to the public sector is on the rise. Verizon’s 2019 Data Breach Investigations Report (DBIR) warns that every federal, state and local government agency is a target. Verizon’s researchers discovered the number of espionage-driven breaches for government entities jumping 168 percent year over year.
Whether you work in the public or private sector, there are steps you can take to be more proactive in detecting and thwarting both known and unknown cyber threats, even those designed to slip past the dozens of security solutions you’ve likely deployed.
Read Nyotron’s “Cybersecurity Insiders’ 2019 Endpoint Security Report” to learn more about the latest threats, and how they are forcing organizations across all industries to rethink their approaches to endpoint security.