28 Jun 2019
A ransomware attack in Florida on June 10th has resulted in another payout for cybercriminals. Officials in Lake City voted to pay 42 bitcoins to decrypt files and get back on their network. The 42 bit coins come to about $530,000. Lake City’s insurance company will be paying most of that, but the city still needs to pay a $10,000 deductible. The city received a decryption key earlier this week, which the IT department is using to restore all systems and files.
Lake City’s municipality’s network was hit by “Triple Threat”, a malware virus that encrypted files and affected other systems including phones and email. The city stated that local police and fire departments were not affected. Recovery efforts failed. “Based on the advice of the vendors the purchase provided a mechanism to the city to retrieve the city’s files and data, which had been encrypted, and hopefully return the city’s IT system to being fully operational,” City Manager Joe Helfenberger said on Wednesday. “If this process works it would save the city substantially in both time and money.”
An investigation into the incident is continuing, but some security experts have speculated that the “Triple Threat” malware may be referring to an attack reported by security firm Cybereason that uses Emotet and Trickbot Trojans to deliver Ryuk ransomware. Ryuk is the ransomware that infected Tribune Publishing in late 2018 that led to a disruption in printing all of its newspapers and distribution. It is not clear who started Ryuk.
Despite continued urging by law enforcement agencies and the FBI for organizations to not pay a hacker’s ransom, victims continue to make the deal. The City of Baltimore refused to pay a ransom and has spent over $18 million so fat in recovery efforts. Riviera Beach recently paid out over $600,000 in bitcoins which resulted in an additional $900,000 expense to purchase new equipment and gear following the attack.