Ransomware Attack Fallout: IT Director Fired
Lake City, Florida, has fired the municipality’s director of information technology following a ransomware attack that disabled servers, phones and email, according to an ABC News affiliate report.
The firing comes after Lake City paid hackers $460,000 in ransom to decrypt the municipality’s systems. The resulting decryption key has been working, according to the report. Lake City expects to fully recover its IT systems by about mid-July — or roughly one month after the ransomware attack occurred, the report estimates.
At least three Florida cities have suffered ransomware attacks in recent weeks. MSPs have also suffered similar hits, and one MSP recently paid hackers $150,000 to recover data after a ransomware attack. And in an ugly twist, some cybersecurity companies that claim to clean up ransomware are secretly paying attackers as part of their recovery services.
Ransomware Attacks: Who’s Held Accountable?
The Lake City, Florida, ransomware attack appears to be one of the first cases in which an IT manager was fired over the fallout.
Still, municipalities, businesses and IT service providers worldwide may struggle to define who’s ultimately responsible for failing to defend systems against ransomware attacks.
Among the key questions all parties must consider:
- Who is responsible for developing a backup, disaster recovery, data protection and cybersecurity plan?
- Who is responsible for approving, budgeting and funding such a plan?
- Who is responsible for testing and fine-tuning the plan?
- Who is accountable when the plan fails?
No doubt, responsibility will vary from case to case — especially as organizations struggle to balance business, IT and data protection priorities.
Ransomware Attacks Hit Cities, Government Infrastructure
Meanwhile, ransomware and malware attacks continue to target municipal IT operations, government and transportation systems. Here are some examples:
- June 20, 2019: Riviera Beach, Florida, discloses ransomware attack and payment.
- May 7, 2019: City of Baltimore hit with ransomware attack.
- April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
- April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
- April 2019: Hackers stole roughly $498,000 from the city of Tallahassee.
- March 2019: Albany, New York, suffered a ransomware attack.
- March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
- March 2018: Atlanta, Georgia suffered a major ransomware attack.
- February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.
Hackers Target MSPs: FBI Warning
This latest ransomware attack raises fresh cybersecurity concerns across the managed IT services provider ecosystem.
In addition to hitting U.S. cities, hackers have repeatedly targeted RMM, remote access, remote control and cybersecurity software as a springboard into end-customer systems. Many of the attacks have involved compromised credentials (i.e, user names and passwords) rather than product vulnerabilities. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Amid that reality, technology vendors have called on MSPs to leverage the NIST Cybersecurity Framework to identify and mitigate cyber risk.