A few weeks ago Riviera Beach and Lake City reported severe ransomware infections on their systems; this time, the new victim of the encryption malware is the small town of Key Biscayne, whose officials reported on a data security incident detected last week. As in previous cases, the malware was injected into city systems after an employee fell into a phishing email.
“We are working in collaboration with external cybersecurity services firms to ensure the security of our systems and determine the full consequences of the incident”, said Andrea Agha, Key Biscayne officer.
The Riviera Beach government agreed to pay a ransom of nearly $600k USD to regain access to its systems encrypted by hackers. Just a few days later, Lake City officials reported that the city would pay a $500k USD ransom; although most of the payment was covered by the Lake City insurer, it was necessary to use taxpayers’ money to meet the costs of recovering the incident.
In the first two cases, cybersecurity services specialists determined that the systems were infected with the Ryuk ransomware variant, which is one of the pieces of the attack known as “triple threat”, along with Emotet and Trickbot. In the specific case of Riviera Beach, experts believe the attack could be linked to the North Korean hacking group known as Lazarus.
Specialists from the International Cyber Security Institute (IICS) say paying the ransom demanded by hackers is not a good idea, as there is no guarantee that the threat actors will honor their part of the deal and restore the compromised files or systems. However, officials in Riviera Beach and Lake City decided to accept the demands of criminals to be able to restore their systems as soon as possible.
Key Byscaine has already reportedly invested about $60k USD to restore its systems; the small-town government does not rule out the idea of paying the ransom (the amount demanded by hackers is unknown) in case of doing no progress.