June 27, 2019

Cybercriminals have successfully blackmailed two towns in Florida (USA) to the tune of £866,000 ($1.1 million USD), following successful ransomware attacks on their IT systems

Municipal officials in Lake City voted to pay their attackers £396,000 in Bitcoin after computer systems has been taken down for two weeks.

The municipality of Riviera Beach paid hackers more than £470,000 last week, following a similar incident that stopped municipal staff from accessing essential files.

According to reports, IT staff in Lake City pulled computers off the network within minutes of the breach starting, but it was too late.

Town employees couldn’t access email accounts and members of the public couldn’t use the town’s portal for online tax and other payments.

The attackers went straight to Lake City’s insurance company with a demand for $500,000, to be paid in hard-to-trace Bitcoin cryptocurrency. After considering their options, town officials deciding that paying the ransom would be the best way to regain computer access.

The blackmailers clearly knew what they were doing, and who held the purse strings. The majority of the ransom payment was covered by the town’s insurance policy, leaving just $10,000 to be incurred by taxpayers.

Hacking us back in time

The attack on Riviera Beach also locked up staff email access, as well as the town’s emergency response systems. It actually forced staff to switch to paper processes for some tasks.

Municipal staff in one Alaskan community were forced to do the same last year, reverting to typewriters after their systems were hit by ransomware.

Not everyone is jumping on the blackmail bandwagon however. The band Radiohead gave blackmailers a virtual two fingers when it pre-emptively opened an archive of unreleased music, recorded during sessions for their seminal ‘OK Computer’ album.

Cybercriminals had gained access to a hard drive containing the tunes and demanded a ransom, saying they would release it to the public otherwise.

Attackers told the band to pay £118,000 or see the songs dumped onto a P2P file sharing network for anyone to download.

Radiohead said no.

And offered the tracks to the public themselves instead. They turned the situation into a positive by asking that any proceeds go to an environmental campaign group.

Aircraft parts manufacturer Asco also said no to blackmail when attackers locked up key files and systems. The company paid a price for defiance however. The ransomware attack shut down operations and put the jobs of up to 1,500 people at risk in four countries.

The company’s four manufacturing plants in Belgium, Germany, the US, and Canada were closed temporarily after its systems were shut down .

The incident reportedly disrupted product deliveries to customers and immediately impacted roughly 1,000 employees, who have been placed on temporary leave.

For most companies, that’s too much risk

If faced with a ransom demand today, many mid-sized companies would pay up, and quickly.

A survey of SME/SMB businesses conducted by AppRiver shows that more than half (55 per cent) would be willing to pay a ransom to get their encrypted data back.

Three quarters said a successful attack would hurt their business.

Only 36% thought they could weather a successful ransomware infection without significant losses.

Cybercriminals have got the message. A study by Malwarebytes shows that ransomware attacks are up by 500 per cent over 2017.

They have a history of spectacular success.

The WannaCry and NotPetya viruses unleashed in 2017/2018 infected computers in 150 countries and caused damages in the billions. The City of Atlanta saw its government systems crippled. The NHS had to cancel 19,000 appointments.

The hackers themselves are estimated to have made about £150,000.

Just say yes?

What does it say about the state of cybersecurity if so many businesses are willing to pay blackmail to make an attack go away?

Financing future attacks by paying blackmail to cybercriminals is not the way forward. Mid-sized organisations might feel particularly vulnerable as they have smaller cybersecurity budgets, but the truth is that organisations of all sizes have the power to stop ransomware attacks:

  1. Conduct regular system backups and keep them on separate systems or physical media disconnected from the network.
  2. Develop a business continuity and recovery plan. This includes having backups ready and testing them to ensure they work.
  3. Update systems when security patches arrive. The number of major attacks enabled by failure to patch a known vulnerability is astonishing.
  4. Train your employees. Most malware infections find their way into systems off the back of a phishing campaign. Showing staff how to spot an attack can be one of the most effective ways to keep ransomware out and data safe.

Strengthening the people side of the cyber equation and building a culture of security awareness adds a human layer to technical defences. By raising the visibility of security risks across the organisation, and ensuring people are clear on company security policies, companies empower employees with the knowledge they need to spot an attack — or stop it from progressing.

Forr some businesses, simply paying the ransom and hoping to restore operations immediately could be a viable option – but it isn’t one we’d recommend. Evaluating the cost of business interruption versus the cost of restoration may well point to saying yes to blackmail. The next question though – will you get your data back?

A 2018 study by the CyberEdge Group says less than 20 per cent of organisations who paid to have their files de-encrypted actually got them back.

Ransomware isn’t going anywhere – so it’s important to help make your organisation ransomware-proof.  Need help educating your end users about ransomware? Let us help educate everyone in a fun, simple and engaging way – sign up for a free demo, today.

Share this: