A Florida city has recently paid $600,000 to the hackers behind a ransomware attack that hit its systems.
That’s how much the data hackers held “hostage” was worth to the city, and how much it was willing to spend to release it.
Ransomware here appears to have worked using a Trojan – when a River Beach City employee clicked on an email with what looked like a legitimate file, that allowed the hackers to upload the ransomware itself onto the system. The malware then used strong encryption to lock the legitimate users out – at least until they pay.
The result of all this threw the city administration into chaos: it was dealing with encrypted, i.e., inaccessible records, emails and direct deposits that didn’t work, and 911 dispatchers unable to use their computers, the AP is reporting.
And while the FBI’s position is “not to recommend” paying hackers to release the data, the City Council was unanimously in favor of dishing out the $600,000 as requested.
The agency said that the decision, although running contrary to the FBI recommendation, is one taken my many others, including government agencies and companies.
In sum total, the FBI says there were 1,493 reported ransomware attacks in 2018, with hackers extracting a total of $3.6 million from their victims.
Michigan State University criminal justice professor Tom Holt is cited by the AP as saying that hackers often attack the easiest targets – suggesting that system maintainers often fail to patch and secure just those.
Holt also thinks that little justice can be expected after such potentially disruptive and costly attacks because most of those using malware to accomplish their illegal goals apparently launch attacks from outside the US.
One of the best-known incidents was nicknamed WannaCry, targeting big government and private business in 150 countries, blamed on a North Korean programmer, who remains out of reach of US justice.
There is much more that can be done before a ransomware attack takes place, than during the incident. Backing up your data to a safe computer is always a good idea; prevention is also good: keeping your systems healthy and common vulnerabilities-free, and educating employees not to “open suspicious emails and click suspicious links.”