Hackers who shut down the municipal computers of Riviera Beach (a suburb of Palm Beach) in a ransomware attack have just earned themselves $600,000 (£475,000) when the local council decided they had no choice but to pay them.

What Happened?

An email containing a virus was opened by an employee.  The result was that the ransomware (malware) shut down Riviera Beach’s computer systems and encrypted the files.  This meant that the email system, the system that allowed 911 dispatchers to be able to enter calls into the computer, water pump stations, and staff pay systems were all seriously disrupted.  Staff were forced to revert to a manual, paper-based admin system.

Vote

The local Council, which has since voted to spend $1 million on new computers and hardware to prevent further hacks, voted to pay the hackers their $600,000 (£475,000) ransom demand to unlock the computer systems and prevent file deletions.  The money was paid in the bitcoin crypto-currency and the payment has been covered by the town’s insurance policy.

No Guarantees

One of the problems of paying hackers who have acted dishonestly in the first place is that there is no guarantee that they will honour their agreement and turn systems back on, which is why many online security experts advocate never paying hacker demands.  Also, if, as in this case, a large ransom is reported to have been paid, this may embolden other hackers to keep using this method of attack e.g. on other council systems.

Fastest Growing Malware Threat

In the US, the Department of Homeland Security has reported that ransomware is the fastest growing malware threat, with City governments in Atlanta, Newark, N.J. and Sarasota all being hit by ransomware schemes. Ransomware attacks have caused major problems with baggage displays and email at Cleveland Hopkins International Airport, computers at the Port of San Diego, (back in 2018) the 100-bed Hancock Regional Hospital in the suburbs of Indianapolis, and threats have even been made to entire towns and cities e.g. city of Leeds, Alabama was attacked and a $55,000 ransom was demanded.

Other Examples of Ransomware Attacks

Back in 2017, guests at the Brandstaetter hotel at the Romantik Seehotel Jaegerwirt resort in Austria were locked out of their rooms and other areas of the hotel including the bar after the hotel was targeted by a ransomware attack.  The hotel paid the €1,500 demand.

This month in the UK’s biggest private forensic company, Eurofins Forensic Services, which carries out DNA testing, toxicology, firearms testing and computer forensics for UK police forces was hit with a ransomware attack which has caused disruption to its IT systems in several countries.

What Does This Mean For Your Business?

Ransomware is a popular attack tool because it is often relatively cheap to create and use, it can spread easily (like WannaCry), the attackers can remain anonymous, and it yields the main motivation for many attacks – financial gain. In the case of Riviera Beach, the attackers focused on local government networks as they were most likely to be easy to penetrate and attack, in this case using a phishing email and relying on human error of staff to open it.

UK businesses and other organisations should, therefore, be warned that all staff should be made aware of the threat of suspicious emails and updates, how to spot them, and what to do (and not do) if they identify one.  Keeping security software up to date and regularly backing up critical data is important, as is assessing the possible danger and false economy of staying with old operating systems as long as possible.

In order to provide maximum protection against prevalent and varied threats businesses should adopt multi-layered security solutions and accept that there is a real likelihood that they will be targeted, thereby helping them to make better preparations.  Businesses should implement the most up to date security solutions, keep up to date with virtual patching, and education of employees in order to mitigate risks from as many angles (‘vectors’) as possible.

Having workable and well-communicated Disaster Recovery and Business Continuity Plans in place is also an important requirement.