Officials in Lake City, Florida, have voted to pay hackers $460,000 to recover data from a ransomware attack, BBC reports. This is the third time in recent days that a U.S. city or an MSP has paid hackers a major sum in an attempt to recover data from a ransomware attack.
For MSSPs and MSPs, it's a timely reminder to deploy, test and re-test backup and disaster recovery systems that are closely aligned with risk mitigation and cybersecurity systems. Without such systems in place, municipalities and MSPs themselves are finding themselves falling prey to hacker demands.
Lake City's mayor told CBS 47 Action News Jax on Tuesday that the small city in northern Florida would give the hackers $460,000 to hand back control of email and other servers seized two weeks ago, this report says. "I would've never dreamed this could've happened, especially in a small town like this," Lake City Mayor Stephen Witt told Action News Jax, the report added.
Cyber Insurance - What's Covered? The city's insurance will cover all of the payment except $10,000, the mayor asserted. Still, MSSP Alert is checking to see what percentage of cyber policies cover ransomware damages, and what backup systems are typically required to ensure the cyber insurance policy remains valid.
MSPs, Cities Pay Ransomware
Meanwhile, the ransomware payment is becoming all too familiar across the United States, where municipalities and some MSPs are opening their wallets to pay hackers to free up encrypted data. The other two recent major payments involved:
- An MSP that paid hackers $150,000 to recover data after a ransomware attack.
- Riviera Beach, Florida, paid hackers $600,000 to recover data after a ransomware attack.
And in an ugly twist, some cybersecurity companies that claim to clean up ransomware are secretly paying attackers as part of their recovery services.
Paying the Ransomware Can Backfire: Still, paying the ransom doesn't guarantee that hackers will decrypt hostage data. Even worse, a payment may inspire hackers to return for repeat attacks. Recent SentinelOne research shows us that 45 percent of U.S. companies hit with a ransomware attack paid at least one ransom, but only 26 percent of these companies had their files unlocked. Furthermore, organizations that paid the ransoms were targeted and attacked again 73 percent of the time as attackers treat paying companies like ATMs, according to Chris Bates, VP, security strategy at SentinelOne.
Ransomware Attacks Hit Cities, Government Infrastructure
In recent months, ransomware and malware attacks have targeted municipal IT operations, government and transportation systems. Here are some examples:
- June 20, 2019: Riviera Beach, Florida, discloses ransomware attack and payment.
- May 7, 2019: City of Baltimore hit with ransomware attack.
- April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
- April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
- April 2019: Hackers stole roughly $498,000 from the city of Tallahassee.
- March 2019: Albany, New York, suffered a ransomware attack.
- March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
- March 2018: Atlanta, Georgia suffered a major ransomware attack.
- February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.
Hackers Target MSPs: FBI Warning
This latest ransomware attack raises fresh cybersecurity concerns across the managed IT services provider ecosystem.
In addition to hitting U.S. cities, hackers have repeatedly targeted RMM, remote access, remote control and cybersecurity software as a springboard into end-customer systems. Many of the attacks have involved compromised credentials (i.e, user names and passwords) rather than product vulnerabilities. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Amid that reality, technology vendors have called on MSPs to leverage the NIST Cybersecurity Framework to identify and mitigate cyber risk.