Massachusetts to pay $400k USD to hackers due to ransomware attack

New Bedford city, Massachusetts, has become the new victim of a severe ransomware attack. According to web application security specialists, the attackers have demanded a ransom of $5.3 million USD in exchange for restoring access to files infected by encryption malware.

The incident occurred about two months ago, although the infection was publicly disclosed until September 4, when Jon Mitchell, the mayor of New Bedford, announced the incident during a press conference.

According to the mayor’s statements, the malware reached the city’s IT networks sometime between July 4 and 5. Hackers compromised government networks and installed the ransomware variant known as Ryuk, widely used for extortion purposes, web application security experts commented.

The ransomware managed to spread across the government network of the city of New Bedford, encrypting data stored on more than 150 workstations, nearly 5% of the city’s total computers. For now, hundreds of public officials have trouble accessing some of the New Bedford government’s systems, although the attack failed to spread across the network.

The city’s web application security teams claim that, because the attack occurred at night, many of the systems were closed, so the impact of the incident was moderate. The infection was detected at the beginning of the next working day; after concluding that it was a ransomware attack, infected computers were disconnected from the rest of the network to mitigate the extent of the infection.

In addition, the mayor reported that the city’s IT team was contacted by the hackers responsible for the attack, demanding an amount close to $5.3 million USD, which was to be paid through a Bitcoin transfer.

The New Bedford government made a counteroffer of about $400k USD, which the hackers rejected. Unable to negotiate with the threat actors, IT teams decided to restore lost information using their security backups, which will take some time. While the mayor points out that the city could not cover such a high number, he also mentions that his IT teams decided to maintain communications with hackers in order to buy time to implement some measures and prevent possible attacks in the future. The city had to almost completely rebuild its server network, in addition to restoring some web applications and replacing the infected devices.

Multiple ransomware attacks in various US states have been recently reported. A few weeks ago, web application security experts from the International Institute of Cyber Security (IICS) reported some similar incidents in different Florida cities; in most cases, the victims had to pay ransoms of about $500k USD. Moreover, states like New York and Louisiana have also reported severe infections with encryption malware capable of crippled activities in government offices and utilities.