Paying the ransom and hoping for the best isn’t a great plan. Unlike major cities, Riviera Beach City, Florida, has decided to pay the hackers holding its computers hostage.
It’s the latest in a line of cities and corporations that have found themselves victims of ransomware attacks. Unlike recent attacks, however, Riviera Beach City agreed to the hackers’ demands.
Whether a city decides for or against paying the ransom, there are inherent risks. Learn how such decisions are playing out in two cities and what you can do to keep your personal devices from being held hostage.
The latest updates on Florida ransomware attacks
July 2: Key Biscayne third Florida city hit by ransomware
Key Biscayne is the latest Florida town to be taken hostage by ransomware. City officials have yet to say whether they will pay the ransom as fellow Florida towns Lake City and Riviera Beach City have.
Key Biscayne’s city manager told a Miami television station that it was working with outside cybersecurity efforts.
Meanwhile in Georgia, the state’s judicial system fell victim to a ransomware attack last weekend. The attack has disabled some of its digital services.
The infection was discovered during a routine scan of the Administrative Office of the Courts’ servers. The investigation into the attack now involves the Georgia Technology Authority, Georgia Emergency Management, U.S. Homeland Security, the Georgia Bureau of Investigation, the FBI and the Multi-State Information Sharing and Analysis Center.
The attack is said to be limited to the Administrative Office of the Courts, while individual courts’ networks remain functional.
June 26: Northern Florida town pays hackers
Lake City has become the second city in Florida to pay thousands of dollars to hackers over ransomware. CNet reports that the northern Florida city said it would be paying hackers up to $460,000 in Bitcoin to recover its computer systems.
Lake City’s computer systems have been down for at least two weeks, with all city emails locked down, as well as landline phones.
Residents haven’t able to pay their water and electric bills online or get building permits. Fortunately, police and fire services were not affected.
June 24: Small Florida town agrees to hackers’ demands
Recently, the city council for Riviera Beach City voted to pay the 65 Bitcoins, about $592,000 at the time, hackers were demanding to release the city’s computers and servers.
The ransomware attack on the small city north of West Palm Beach wiped out the government’s entire computer system, leaving city council without email and phone service, disrupting direct-deposit paychecks and forcing police officers to write tickets by hand.
The most frightening aspect of this attack is that it hobbled the city’s 911 system, forcing police and fire departments to write down all emergency calls. According to the South Florida Sun-Sentinel, about 280 emergency calls come in per day.
The FBI advises cities and corporations hit by ransomware attacks to not pay the hackers. In theory, once paid, hackers will provide their victims with a decryption key.
Since hackers are hardly model citizens, there is no guarantee they will hold up their end of the bargain. So not only could a city be out the ransom money, it still could end up without access to its systems.
Before the city council agreed to pay the hackers, the Riviera Beach City’s interim information technology manager told the council the city’s website and email were back up, as well as the finance department system and water pump stations.
He added that it will cost more than $1 million to completely fix and ensure the affected systems.
So why did Riviera Beach City agree to pay the ransom?
“It’s a risk,” Council Chairwoman KaShamba Miller-Anderson told the Palm Beach Post. “Those were the two options: Either do it or don’t.”
City officials are crossing their fingers that the risk will pay off.
Baltimore refuses to pay ransom despite widespread effects
Ransomware attacks have been on the rise in recent years, mostly because they have become more sophisticated — and costly. Experts predict ransomware attacks will cost businesses alone nearly $11 billion this year. That’s way up from the $325 million reported in 2015.
Last year, Atlanta refused to pay about $50,000 in Bitcoin to its attackers. Instead, the city wound up spending $17 million to fix its computer systems.
Then there is the ongoing saga in Baltimore. The city has almost completely gotten out from under the hackers but at a cost of more than $10 million. City officials estimate that Baltimore lost an additional $8 million during the time the city could not process payments. This figure is expected to rise as the city pays cybersecurity experts to help it avoid future attacks.
After the hackers took control of Baltimore’s city government servers with ransomware in May, online business was at a standstill. The public couldn’t make online payments to various city departments and government workers could not access emails.
Hackers demanded 13 Bitcoins, roughly $100,000 at the time, to free about 10,000 digitally seized computers. Heeding the FBI’s advice, Baltimore Mayor Jack Young said the city wouldn’t pay the ransom. On June 6, Young declared Baltimore’s government “open for business” — sort of.
Some of Baltimore’s systems are operating through inefficient manual workarounds. Meanwhile, the city’s water billing systems remain offline.
Individuals impacted by ransomware attacks
For the most part, individuals become collateral damage when a ransomware attack hits a city or company. Paychecks may not be issued, bills go unpaid and even buying or selling a house becomes an almost insurmountable task.
While there’s not much you can do if your city or company is being held hostage, you can take steps to defend your private information from ransomware attacks.
Here are some ways to stay protected:
Do not follow web links in unsolicited email messages because it could be a phishing attack. If you need to contact a business or website, make sure to type the web address directly into your browser to avoid a spoofed website.
Set up two-factor authentication when available. That means in order to log in to your account, you need two ways to prove you are who you say you are.
Use unique passwords instead of the same one over multiple websites. If your credentials are stolen from one site, it’s easy for the cybercriminal to get into other accounts.
Backup your critical files. With our sponsor, IDrive, you can backup all your PCs, Macs and mobile devices into ONE account for one low cost!
Go to IDrive.com and use promo code, Kim, to save 50% on 2 TB of cloud backup now! That’s less than $35 for the first year!