The Florida City of Riviera Beach paid a $600,000 to hackers who took over its computer system in a ransomware extortion operation, paralyzing the city’s operations, according to the Palm Beach Post.
Everyone from the city council on down was been left without email and phone service. Paychecks that were supposed to be direct-deposited to employee bank accounts instead had to be hand-printed by finance department staffers working overtime. Police searched their closets to find paper tickets for issuing traffic citations.
In a meeting Monday night announced only days before, the board voted 5-0 to authorize the city insurer to pay 65 bitcoins, a hard-to-track cryptocurrency valued at approximately $592,000. An additional $25,000 would come out of the city budget, to cover its policy deductible. Without discussion on the merits, the board tackled the agenda item in two minutes, voted and moved on. –Palm Beach Post
The Riviera Beach City Council unanimously voted last week to meet the hackers’ demands, after the Palm Beach suburb’s records were encrypted. The counsel had previously voted to spend $1 million on computer upgrades three weeks ago.
According to the Post, the FBI and DHS are investigating the attack, which began after someone in the police department opened an infected email on May 29.
“This whole thing is so new to me and so foreign and it’s almost where I can’t even believe that this happens but I’m learning that it’s not as uncommon as we would think it is,” said Council Chairwoman KaShamba Miller-Anderson in a Wednesday statement. “Every day I’m learning how this even operates, because it just sounds so far fetched to me.”
According to the U.S. Department of Homeland Security, ransomware is the fastest growing malware threat, targeting both individuals and organizations. In 2018, the massive “SamSam” virus disrupted the flight information system, baggage displays and email at Cleveland Hopkins International Airport, while another attack crippled computers at the Port of San Diego.
The Atlanta attack cost the city an estimated $17 million, according to VICE, while the Palm Beach County village of Palm Springs paid an undisclosed amount to hackers after being hit in 2018 – yet still lost two years of data according to the Post.
“Ransomware is commonly delivered through phishing emails or via ‘drive-by downloads,” according to Homeland Security, adding “Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment.”