Published on July 3rd, 2019 📆 | 3565 Views ⚑0
Florida city fires IT employee after paying ransom demand last week
This file-locking malware family has evolved a new tactic which abuses trust to create new ransomware victims.
Officials from Lake City, Florida, have fired an IT employee last week after the city was forced to approve a gigantic ransomware payment of nearly $500,000 last Monday.
The employee, whose name was not released, was fired on Friday, according to local media reports [1, 2], who cited the Lake City mayor.
The city's IT manager is also planning to revamp the town's entire IT department to prevent a similar incident from happening in the future.
Aftermath of the "triple threat" attack
Lake City's IT network was infected with malware on June 10. The city described the incident as a "triple threat."
In reality, an employee opened a document they received via email, which infected the city's network with the Emotet trojan, which later downloaded the TrickBot trojan, and later, the Ryuk ransomware.
The latter spread to the city's entire IT network and encrypted files. Hackers eventually demanded a ransom to let the city regain access to its systems.
The city's leadership approved a ransom payment last Monday, which was paid the next day, on Tuesday. The city's IT staff started decrypting files on the same day.
At the time, Lake City was the second Florida city to pay a gigantic ransom demand to a ransomware gang. The first was Riviera City, who paid 65 bitcoins ($600,000) the week before Lake City.
Third Florida city also hit by ransomware
Since then, a third Florida municipality was also hit, namely the village of Key Biscayne [1, 2]. Officials reported a Ryuk ransomware infection last week, but they haven't decided yet if they want to pay the ransom demand.
While there are pros and cons to paying a ransom demand, the public and media have turned on city officials who fail to secure networks and then decide to pay hackers.
Paying ransom demands is now viewed as a sign of a city administration's failure and weakness, rather than a quick fix to get access back to citizens' data, and most likely a reason why Lake City officials fired one of their IT staff, as a sign that they are serious about improving their IT security posture.
Oh, Georgia! Again?
Currently, attacks from ransomware gangs, and especially the Ryuk crew, are at an all-time high, and they are bound to continue, according to an alert from the UK's cyber-security agency.
The latest reported case is from Georgia, where the state's court system was hit by ransomware today, and Ryuk appears to be the culprit, according to a source.
This case is worrisome, in particular, because ransomware has also crippled the city of Atlanta's IT network last year, costing officials millions in recovery efforts; and has also hit Georgia's Jackson County, where officials dished out a $400,000 ransom payment earlier this year.
It appears that despite some pretty high-profile cases, Georgia officials don't appear to have learned anything from previous incidents, and are on track for either paying a ransom demand, or heavily investing in rebuilding IT systems.