It seems that Florida has become one of the favorite targets of cybercriminals. Cybersecurity services specialists report a new ransomware attack on a small-town computer systems.
A few weeks ago Riviera Beach and Lake City
reported severe ransomware infections on their systems; this time, the new
victim of the encryption malware is the small town of Key Biscayne, whose
officials reported on a data security incident detected last week. As in
previous cases, the malware was injected into city systems after an employee
fell into a phishing
email.
“We are working in collaboration with
external cybersecurity services firms to ensure the security of our systems and
determine the full consequences of the incident”, said Andrea Agha, Key
Biscayne officer.
The Riviera Beach government agreed to pay a
ransom of nearly $600k USD to regain access to its systems encrypted by
hackers. Just a few days later, Lake City officials reported that the city
would pay a $500k USD ransom; although most of the payment was covered by the Lake
City insurer, it was necessary to use taxpayers’ money to meet the costs of
recovering the incident.
In the first two cases, cybersecurity services
specialists determined that the systems were infected with the Ryuk ransomware
variant, which is one of the pieces of the attack known as “triple
threat”, along with Emotet and Trickbot. In the specific case of Riviera
Beach, experts believe the attack could be linked to the North Korean hacking
group known as Lazarus.
Specialists from the International Cyber Security
Institute (IICS) say paying the ransom demanded by hackers is not a good idea,
as there is no guarantee that the threat actors will honor their part of the
deal and restore the compromised files or systems. However, officials in
Riviera Beach and Lake City decided to accept the demands of criminals to be
able to restore their systems as soon as possible.
Key Byscaine has already reportedly invested
about $60k USD to restore its systems; the small-town government does not rule
out the idea of paying the ransom (the amount demanded by hackers is unknown)
in case of doing no progress.
