Ransomware, Americas, Content

Ransomware Attack Fallout: IT Director Fired

Lake City, Florida, has fired the municipality's director of information technology following a ransomware attack that disabled servers, phones and email, according to an ABC News affiliate report.

The firing comes after Lake City paid hackers $460,000 in ransom to decrypt the municipality's systems. The resulting decryption key has been working, according to the report. Lake City expects to fully recover its IT systems by about mid-July -- or roughly one month after the ransomware attack occurred, the report estimates.

At least three Florida cities have suffered ransomware attacks in recent weeks. MSPs have also suffered similar hits, and one MSP recently paid hackers $150,000 to recover data after a ransomware attack. And in an ugly twist, some cybersecurity companies that claim to clean up ransomware are secretly paying attackers as part of their recovery services.

Ransomware Attacks: Who's Held Accountable?

The Lake City, Florida, ransomware attack appears to be one of the first cases in which an IT manager was fired over the fallout.

Still, municipalities, businesses and IT service providers worldwide may struggle to define who's ultimately responsible for failing to defend systems against ransomware attacks.

Among the key questions all parties must consider:

  1. Who is responsible for developing a backup, disaster recovery, data protection and cybersecurity plan?
  2. Who is responsible for approving, budgeting and funding such a plan?
  3. Who is responsible for testing and fine-tuning the plan?
  4. Who is accountable when the plan fails?

No doubt, responsibility will vary from case to case -- especially as organizations struggle to balance business, IT and data protection priorities.

Ransomware Attacks Hit Cities, Government Infrastructure

Meanwhile, ransomware and malware attacks continue to target municipal IT operations, government and transportation systems. Here are some examples:

Hackers Target MSPs: FBI Warning

This latest ransomware attack raises fresh cybersecurity concerns across the managed IT services provider ecosystem.

In addition to hitting U.S. cities, hackers have repeatedly targeted RMM, remote access, remote control and cybersecurity software as a springboard into end-customer systems. Many of the attacks have involved compromised credentials (i.e, user names and passwords) rather than product vulnerabilities. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

Amid that reality, technology vendors have called on MSPs to leverage the NIST Cybersecurity Framework to identify and mitigate cyber risk.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.