Remember when the small town of Lake City, Florida paid $460,000 for a ransomware’s decryption key?
As they slowly recover 100 years of encrypted municipal records, the New York Times looks at the lessons learned, arguing that cyberattackers have simply found a juicy target: small governments with weak computer protections — and strong insurance policies.
The city had backup files for all its data, but they were on the same network — and also inaccessible… The city’s insurer, the Florida League of Cities, hired a consultant to handle the negotiations with the hackers via the email addresses that had been posted on the city server. The initial demands were refused outright, and city technicians raced to find a workaround. “We tried a lot of different solutions,” said Joseph Helfenberger, the city manager. None of them worked. “We were at the end of the day faced with either re-creating the data from scratch, or paying the ransom,” he said.
The insurer’s negotiator settled on a payment of 42 Bitcoins, or about $460,000, Helfenberger said, of which the city would pay a $10,000 deductible. After the payment, the hackers provided a decryption key, and recovery efforts began in earnest.
As it turned out, recovery would not be simple. Even with the decryption key, each terabyte has taken about 12 hours to recover. Much of the city’s data, nearly a month after the onset of the attack, has still not been unlocked… In Lake City, the information technology director, blamed for both failing to secure the network and taking too long to recover the data, wound up losing his job.
Mark A. Orlando, the chief technology officer for Raytheon Intelligence Information and Services, tells the Times it’s unrealistic to expect cities to never pay the ransom. “Anyone who said that has never been in charge of a municipality that has half their services down and no choice.”
But does that create an ever-widening problem? The FBI knows of at least 1,500 reported ransomware incidents last year, according to the article, although the Illinois computer programmer offering free decryption help at ID Ransomware says he’s receiving 1,500 requests for assistance every day.