New York government paid $88k USD due to ransomware attack despite having firewall and antivirus solutions

Even though the complex cybersecurity solutions currently available on the market, a system, network, or computer will never be 100% protected against security threats. Cybersecurity services experts report an incident in New York City that compromised the security of a school district despite having antivirus and firewall solutions.

It is an infection of the dangerous Ryuk ransomware, which has compromised the systems of the Rockville Center School District in New York; due to the infection, the local government had to pay almost $90k USD to hackers to regain access to the files encrypted by the malware.

The incident occurred on June 25, according to a report published by the specialized platform SC Media. Although the administrators implemented the best available security measures, the ransomware operators managed to complete the infection and eventually district security services personnel were forced to close all computers on the network to prevent the spread of ransomware.

“We detected the encryption process at a relatively early stage, so our insurance company was able to arrange payment of less than what was initially intended by the attackers, so it only corresponds to the New York government a $10K USD payment of deductible,” school district officials said. SC Media’s report holds that the initial ransom amount was over $170k USD.

On their decision to pay the ransom, the authorities stated, “We exhausted all our efforts trying to regain access to the information on our own. However, after analyzing the consequences that the permanent loss of this data could generate, we decided to pay the ransom to keep up the district’s operations.”

According to cybersecurity services experts, the Rockville Center School District is not the only one that has been the victim of cyberattacks in recent times. Several reports indicate that a series of malicious campaigns have been deployed for at least the past six months against the entire New York Department of Education, which has sent safety warnings to all school districts in the state, trying to prevent future security incidents.  

While specialists strongly recommend not paying the ransoms demanded by hackers in these cases, it is increasingly common for affected companies to try to negotiate with the attackers; even some cybersecurity insurance policies have been updated, including coverage against ransomware attacks.

International Institute of Cyber Security (IICS) cybersecurity services specialists have reported similar incidents recently. Among the most prominent cases are ransomware infections in multiple cities and counties in the state of Florida and at least two school districts in northern Louisiana. In these cases, the affected organizations have also decided to yield to the demands of the threat actors and pay the ransom to recover their information.  It is necessary to remember that this is not the most advisable, as there is no guarantee that the attackers will comply with their part of the deal and restore the compromised accesses once the required money is given to them.