Hit by ransomware attack, Florida city agrees to pay hackers $800k

Ransomware attacks against governments and companies have become unnervingly common worldwide.
Ransomware attacks against governments and companies have become unnervingly common worldwide.PHOTO: ST FILE

MIAMI (NYTIMES) - The leaders of Riviera Beach, Florida, looking weary, met quietly this week for an extraordinary vote to pay nearly US$600,000 (S$815,900) in ransom to hackers who paralysed the city's computer systems.

Riviera Beach, a small city of about 35,000 people just north of West Palm Beach, became the latest government to be crippled by ransomware attacks that have successfully extorted municipalities and forced them to dig into public coffers to restore their networks. A similar breach recently cost Baltimore US$18 million to repair damages.

Even large cities, however, have had to pay smaller ransoms than Riviera Beach.

On Monday (June 17), the City Council unanimously agreed to have its insurance carrier pay the hackers 65 Bitcoin, a hard-to-trace digital currency, amounting to about US$592,000.

By making the payment, the council hopes to regain access to data encrypted in the cyber attack three weeks ago, although there is no guarantee the hackers will release the data once payment is received.

Ms Rose Anne Brown, a city spokesman, said on Wednesday that Riviera Beach was working with law enforcement, which does not typically endorse making ransom payments, and with security consultants, who sometimes do as a way for their clients to recoup years of valuable information.

"We are well on our way to restoring the city system," Ms Brown said.

The relatively large ransom demanded from Riviera Beach suggests hackers have become emboldened by their increasingly sophisticated ability to target government agencies, said Mr Jason Rebholz, who tracks ransomware payments and has helped victims of similar attacks.

"The complexity and severity of these ransomware attacks just continues to increase," said Mr Rebholz, a principal for Moxfive, a technology advisory firm. "The sophistication of these threat actors is increasing faster than many organisations and cities are able to keep pace with."

Ransomware attacks against governments and companies have become unnervingly common worldwide as hackers learnt that holding data hostage is an effective way to quickly extort money from public and private entities.


Some of the cyber criminals have used a tool, Eternal Blue, developed by the National Security Agency (NSA). The NSA lost control of the program, which is now being used as a cyber weapon.

Even when they pay, victims find they cannot always recover all of their data, Mr Rebholz said. And the costs to rebuild the system are usually far higher than the ransom itself. Atlanta estimated that recovering from a sustained attack that debilitated the city last year could cost US$17 million.

Chief information officers for local governments across the country said in a 2016 survey that more than a third of them were using outdated technology, making them more vulnerable to cyber attacks. Fewer than half had purchased cyber security insurance.

The Riviera Beach attack began on May 29 after a police department employee opened an infected e-mail attachment, The Palm Beach Post reported. Down went all of the city's online systems, including e-mail and some phones, as well as water utility pump stations. Utility payments could not be accepted other than in person or by snail mail - and even then, only by cheque or cash.

"Anything that was done online, we did not have access to," Ms Brown said. "We were able to make payroll and make vendor payments."

On June 4, the city authorised spending more than US$900,000 to buy new computer hardware. The purchases had been planned for next year, but were moved up as a result of the attack, Ms Brown said. About a third of the cost will be covered by insurance.

By the time the City Council met in a little-noticed special meeting on Monday night, its information technology staff had managed to restore the Riviera Beach website and create new e-mail addresses for all employees.

A three-line online notice dated June 5 informed the public that the city had "experienced a data security event".

On Monday, Councilwoman KaShamba Miller-Anderson, chairwoman of the board, asked Mr Justin Williams, the interim information technology manager, for something seemingly simple. Could the elected officials' new e-mail addresses be posted online for the public to get in touch with them?

Underscoring the enormity of the city's troubles, Mr Williams explained that the webmaster hoped to get to that soon.

"He's been working very feverishly to get that done," Mr Williams said.