Florida Lake City fires IT employee after paying $460k ransom in malware attack

Lake Metropolis, Florida on Monday voted to pay 42 Bitcoins (or about $460,000) to hackers after a ransomware attack that crippled the city’s computer systems, according to a report by ZDNet.

The city described the incident as a “triple threat” that affected everything except for Lake City’s police and fire departments, as they were on a separate server.

“As a result, all Emergency services remain intact,” the city said when it revealed about the attack.

The incident took place on June 10 when an employee clicked on a malicious email that infected the city’s computer system with the Emotet trojan, which subsequently downloaded the TrickBot trojan, and then, the Ryuk ransomware.

Although IT staff in Lake City managed to disconnect their computers within minutes of the attack starting, however, it was too late. As a result of the attack, employees lost access to their email accounts and the public was left unable to make municipal payments online.

When the Ryuk ransomware spread to the city’s entire IT network and encrypted files, the hackers demanded a ransom of 42 Bitcoins for letting the city regain access to its systems.

Officials of Lake City, Florida along with the F.B.I. and an outside security consultant worked several days to get the phone lines, email and online utility payments restored.

In order to recover data and computer operations, the city officials unwillingly decided to approve paying the hackers the ransom they demanded as it was easier and more cost-effective to pay them rather than continuing recovery efforts. Soon after paying the ransom, the city’s IT staff started decrypting the files.

Joseph Helfenberg, City Manager of Lake City, said paying the ransom was the cheapest option available since the insurance company was bearing the brunt of the ransomware attack and only $10,000 would have to be incurred by taxpayers.

“We had a lot of attempts to recover the data that were unsuccessful,” Helfenberg said last Wednesday. “Based on the advice of the vendors the purchase provided a mechanism to the city to retrieve the city’s files and data, which had been encrypted, and hopefully return the city’s IT system to being fully operational. If this process works it would save the city substantially in both time and money.”

While speaking to the media, Mayor Stephen Witt said, “With your heart, you really don’t want to pay these guys. But, dollars and cents, representing the citizens, that was the right thing to do.”

An investigation into the incident is continuing, and the municipality is working with the Florida Department of Law Enforcement and a third-party security company, city officials say.

Lake City became the second Florida city to pay a huge ransom demand to a ransomware gang. The first was Riviera Beach in South Florida who paid 65 Bitcoins ($600,000) to the hackers last week to retrieve its data after a police department employee opened an infected email.

Also read- How Do Hackers Hack Your Passwords?

In a separate case, the Village of Key Biscayne, just off the coast of Miami, reported a data breach earlier last week. However, city officials said it had managed to restore most of its computer systems.