Ransomware, Content

Ransomware Attack: 2nd Florida City Pays Hackers $460,000 to Unlock Data

Officials in Lake City, Florida, have voted to pay hackers $460,000 to recover data from a ransomware attack, BBC reports. This is the third time in recent days that a U.S. city or an MSP has paid hackers a major sum in an attempt to recover data from a ransomware attack.

For MSSPs and MSPs, it's a timely reminder to deploy, test and re-test backup and disaster recovery systems that are closely aligned with risk mitigation and cybersecurity systems. Without such systems in place, municipalities and MSPs themselves are finding themselves falling prey to hacker demands.

Related: Judgment Day arrives for MSPs as ransomware threatens entire industry's credibility.

Lake City's mayor told CBS 47 Action News Jax on Tuesday that the small city in northern Florida would give the hackers $460,000 to hand back control of email and other servers seized two weeks ago, this report says. "I would've never dreamed this could've happened, especially in a small town like this," Lake City Mayor Stephen Witt told Action News Jax, the report added.

Cyber Insurance - What's Covered? The city's insurance will cover all of the payment except $10,000, the mayor asserted. Still, MSSP Alert is checking to see what percentage of cyber policies cover ransomware damages, and what backup systems are typically required to ensure the cyber insurance policy remains valid.

MSPs, Cities Pay Ransomware

Meanwhile, the ransomware payment is becoming all too familiar across the United States, where municipalities and some MSPs are opening their wallets to pay hackers to free up encrypted data. The other two recent major payments involved:

And in an ugly twist, some cybersecurity companies that claim to clean up ransomware are secretly paying attackers as part of their recovery services.

Paying the Ransomware Can Backfire:  Still, paying the ransom doesn't guarantee that hackers will decrypt hostage data. Even worse, a payment may inspire hackers to return for repeat attacks. Recent SentinelOne research shows us that 45 percent of U.S. companies hit with a ransomware attack paid at least one ransom, but only 26 percent of these companies had their files unlocked. Furthermore, organizations that paid the ransoms were targeted and attacked again 73 percent of the time as attackers treat paying companies like ATMs, according to Chris Bates, VP, security strategy at SentinelOne.

Ransomware Attacks Hit Cities, Government Infrastructure

In recent months, ransomware and malware attacks have targeted municipal IT operations, government and transportation systems. Here are some examples:

Hackers Target MSPs: FBI Warning

This latest ransomware attack raises fresh cybersecurity concerns across the managed IT services provider ecosystem.

In addition to hitting U.S. cities, hackers have repeatedly targeted RMM, remote access, remote control and cybersecurity software as a springboard into end-customer systems. Many of the attacks have involved compromised credentials (i.e, user names and passwords) rather than product vulnerabilities. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

Amid that reality, technology vendors have called on MSPs to leverage the NIST Cybersecurity Framework to identify and mitigate cyber risk.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.