New Bedford city, Massachusetts, has become the new victim of a severe ransomware attack. According to web application security specialists, the attackers have demanded a ransom of $5.3 million USD in exchange for restoring access to files infected by encryption malware.
The incident occurred about two months ago,
although the infection was publicly disclosed until September 4, when Jon
Mitchell, the mayor of New Bedford, announced the incident during a press
conference.
According to the mayor’s statements, the
malware reached the city’s IT networks sometime between July 4 and 5. Hackers
compromised government networks and installed the ransomware variant known as
Ryuk, widely used for extortion purposes, web application security experts
commented.
The ransomware managed to spread across the
government network of the city of New Bedford, encrypting data stored on more
than 150 workstations, nearly 5% of the city’s total computers. For now,
hundreds of public officials have trouble accessing some of the New Bedford
government’s systems, although the attack failed to spread across the network.
The city’s web application security teams claim
that, because the attack occurred at night, many of the systems were closed, so
the impact of the incident was moderate. The infection was detected at the
beginning of the next working day; after concluding that it was a ransomware
attack, infected computers were disconnected from the rest of the network to
mitigate the extent of the infection.
In addition, the mayor reported that the city’s
IT team was contacted by the hackers responsible for the attack, demanding an
amount close to $5.3 million USD, which was to be paid through a Bitcoin
transfer.
The New Bedford government made a counteroffer
of about $400k USD, which the hackers rejected. Unable to negotiate with the
threat actors, IT teams decided to restore lost information using their
security backups, which will take some time. While the mayor points out that
the city could not cover such a high number, he also mentions that his IT teams
decided to maintain communications with hackers in order to buy time to
implement some measures and prevent possible attacks in the future. The city
had to almost completely rebuild its server network, in addition to restoring
some web applications and replacing the infected devices.
Multiple ransomware attacks in various US
states have been recently reported. A few weeks ago, web application security
experts from the International Institute of Cyber Security (IICS) reported some
similar incidents in different Florida cities; in most cases, the victims had
to pay ransoms of about $500k USD. Moreover, states like New York and Louisiana
have also reported severe infections with encryption malware capable of
crippled activities in government offices and utilities.
