An American municipality who paid a ransom of ¥ 54 million for ransomware damage fired a city IT manager


by

TheDigitalArtist

Lake City , Florida, in the United States of America, will pay a ransom of $ 500,000 for a ransomware attacker who completely took over the entire system of the city on June 24, 2019 Decision. Then, on June 28, authorities announced that they had fired one city IT representative.

A City Paid a Hefty Ransom to Hackers. But Its Pains Are Far From Over.-The New York Times
https://www.nytimes.com/2019/07/07/us/florida-ransom-hack.html

UPDATE: Lake City fires employee after paying ransom in malware attack
https://www.wcjb.com/content/news/City-of-Lake-City-moves-Forward-after-Cyber-Attack-511802711.html

Florida city fires IT employee after paying ransom demand last week | ZDNet
https://www.zdnet.com/article/florida-city-fires-it-employee-after-paying-ransom-demand-last-week/

Lake City is a small town with a population of 12,000 people in northern Florida. The cause of the massive hacking damage was that the city's administrative system was suspended and restarted on June 6, 2019, but no major damage was confirmed at this time.

It was at 7:30 am on June 10 that the city authorities noticed a serious attack. Even when the city's information engineer tried to open the file on the server, the message 'Please choose the way to open this file' was just displayed and the file could not be opened. Then, the window where the mysterious message 'balance of shadow universe' was displayed following this is expanded. The engineer who realized that this was a ransomware attack instructed all staff who use the PC to unplug all the network cables and power cables, but by this time the ransomware ' Ryuk ' has already taken care of all administrative systems. The file was encrypted.

The image attached to the tweet below is a screen shot of a PC screen that is actually infected with Ryuk. If you look at the screen shots, you can see the window of Ryuk where the e-mail address like contact is described along with the mysterious message, and the file that has been encrypted and replaced with the file with the extension of “.RYK”. .




The administrative system was hacked by the attack method 'Triple threat'. When the city official opened the link of the mail sent to the city, Trojan horse malware ' Emotet ' downloaded from the link infected the city network. This Emote installs the ransomware 'Ryuk' on a PC connected to the system, and all files in the PC are encrypted.

The attack locked up a total of 16 TB of data in Lake City's administrative system, causing nearly all servers, phone calls and emails to go down. Because the system was not usable, all business communication by mail and phone was performed by the city staff's personal mobile phone and smartphone, and all documents were printed on paper and then the city staff carried it by car. Of course the citizens were also affected and all water and gas charges had to be paid by cash or check. It was only the police and fire department systems that were operated by servers separate from the administrative system that escaped the hacking damage.

A week after the damage occurred, the criminal demanded a ransom, but the city's authorities initially refused to pay because the amount was outrageous. However, even with all your much hands of technicians city not stand the prospect of system recovery, the city decided to forced respond to the payment of ransom. On June 24, the city council, who was called up by the emergency, passed the ransom payment, and the next day, about $ 500,000 worth of 42-bit coins were paid to the criminal for ransom. Soon after payment, the criminal sent the encrypted file recovery key to the city.


by duallogic

The actual payment is covered by the insurance of 'Florida League of Cities', which Lake City was a member of, so Lake City's burden is $ 10,000 (about 1,080,000 yen). Even so, administrative procedures have been delayed for about three weeks to be described as “in the 1950s,” and damage to municipal administration and citizens has become enormous. What's more, some of the systems have not been completely recovered as of the time of article creation.

Also, Joseph Helfenberger, a city administration representative for Lake City, announced in July that 'one of the city officials was fired on June 28.' According to the media, it was Brian Hawkins, who was in charge of IT at Lake City, that he was fired, but it is unclear how he was involved in the process of the damage and how to deal with it. .

In the United States, similar damage has recently increased sharply, and in May, Baltimore City, Maryland, was hit by approximately $ 18 million (approximately 1.95 billion yen) from a ransomware attack called 'Robin Hood'. On June 21, the city of Riviera Beach in Florida, which is the same as Lake City, paid 65 bitcoins worth approximately $ 740,000 (approximately 80 million yen) for the ransomware perpetrator.

The details of Ransomware damage in Baltimore can be found in the following articles.

Ransomware 'RobbinHood' Downs Most City Hall Servers-GIGAZINE



Also, it has been revealed that the system has been downed until the 26th due to the third cyber-attack, which is the third city in Florida, following Lake City in Florida, on June 23.

'The ransomware victim should not pay a ransom,' said Adam Lawson, director of the FBI's cyber section and director of special agents, in an interview with the New York Times. It says. On the other hand, Mark Orlando, chief technology officer in Raytheon 's intelligence, information and services sector, said, “It is unrealistic that a municipality affected by ransomware has a policy of not paying a ransom. 'I once again pointed out the difficulty of measures against ransomware that once infected, there is no choice but to pay a ransom.

Related Posts:

in Security, Posted by log1l_ks