The city of Riviera Beach, Florida, agreed this week to pay $600,000 ransom in Bitcoin to a gang of hackers that encrypted its data, having concluded efforts to fight the data theft would be even more expensive and possibly futile.
The Associated Press (AP) reported on Wednesday that the decision to pay the ransom was based on the advice of security consultants. According to the AP:
The hackers apparently got into the city’s system when an employee clicked on an email link that allowed them to upload malware. Along with the encrypted records, the city had numerous problems including a disabled email system, employees and vendors being paid by check rather than direct deposit and 911 dispatchers being unable to enter calls into the computer. The city says there was no delay in response time.
Spokeswoman Rose Anne Brown said Wednesday that the city of 35,000 residents has been working with outside security consultants, who recommended the ransom be paid. She conceded there are no guarantees that once the hackers received the money they will release the records. The payment is being covered by insurance. The FBI on its website says it “doesn’t support” paying off hackers, but Riviera Beach isn’t alone: many government agencies and businesses do.
“We are relying on their (the consultants’) advice,” she said. The hackers demanded payment in the cryptocurrency bitcoin. While it is possible to trace bitcoins as they are spent, the owners of the accounts aren’t necessarily known, making it a favored payment method in ransomware attacks.
The city’s insurance company will reportedly cover the entire $600,000 ransom, save for a $25,000 deductible.
Many reports on the Riviera Beach situation mentioned Baltimore’s travails as a likely factor in the decision to pay the ransom.
Numerous Baltimore city and county computer systems were disabled by a ransomware attack last month, and some of them still are not operational. County officials said this week they cannot verify the accuracy of sewer charges for 14,000 customers on their annual tax bills, due to be sent out in July. The city of Baltimore has been unable to issue water bills since early May because of the cyberattack.
The Baltimore hackers demanded a $75,000 ransom that officials refused to pay. The cost of recovering from the attack has been estimated at over $18 million.
The city of Greenville, North Carolina, was also hit by a massive ransomware attack in April and refused to pay the money demanded by its assailants. The city’s information technology specialists reported substantial progress in restoring websites and email accounts by the end of April.
The Riviera Beach ransom attack is under investigation by the FBI, the U.S. Secret Service, and the Department of Homeland Security. The FBI declined to comment when asked by the Associated Press about the Florida city’s decision to pay its ransom.
The ransomware virus used in the attacks on both Baltimore and North Carolina was a program called “RobbinHood,” which some analysts believe incorporates code stolen from the National Security Agency by a hacking group known as the Shadow Brokers.
Baltimore Mayor Bernard Young has said the federal government should cover some of his city’s costs from the attack because it was conducted with a “virus that they let out.” The NSA told other Maryland officials there is no evidence their cyberespionage tools were used to create RobbinHood.
The Riviera Beach virus is said to have been unleashed when someone in the police department opened a tainted email on May 29. The city’s email system was completely crippled and payroll direct deposits were halted, among other effects.
Ransomware is growing global scourge – “a cancer, not a virus,” in the words of an op-ed at the Maryland Sentinel – because the attacks are fairly easy to pull off, apparently present very little risk of capture, and have a fairly high chance of scoring a payoff. The hackers often operate from foreign countries, making it very difficult for American law enforcement to identify them or take action against them. Cryptocurrencies like Bitcoin provide them with a convenient international method of collecting untraceable payments.
Government computer systems are increasingly targeted because they often use archaic hardware and software that makes them easy to breach, and bringing them down inflicts huge costs upon government agencies and local residents.
At least 50 cities across the United States have been hit with ransomware attacks over the past two years, and some analysts believe only a fraction of the incidents have been reported. Those who refused to pay sometimes lost years of data or incurred recovery costs on par with Baltimore’s. The same cost-consciousness that prompts local governments to use outmoded computer systems may also lead them to conclude paying the ransom is preferable to incurring millions of dollars in costs.
The Riviera Beach city council previously voted to spend about $1 million on new computer systems to improve data security. Maryland Governor Larry Hogan issued an order this week to create a cybersecurity defense initiative, establish a chief information security officer, and develop a coordinated security strategy for the entire state.