A saga that began with a municipal employee opening a corrupted email has forced a small Florida city to take the extraordinary step of agreeing to pay nearly $600,000 to the hackers who paralyzed their computer systems.
With Riviera Beach’s records held hostage, its city council voted unanimously to pay 65 bitcoin to the hackers — a tab that will be picked up by the city’s insurance carrier. For the past three weeks, city employees have not been able to access their emails, emergency dispatchers couldn’t log calls into computers, and workers and vendors had to be paid with paper checks. Even cops had to dig through closets at the police headquarters to find paper traffic citations, the Palm Beach Post reported.
Though city spokeswoman Rose Anne Brown told the Associated Press there is no guarantee the city’s records will be returned after the hackers collect, outside security consultants said paying the ransom was the best course of action. The culprits insisted that the ransom be paid in bitcoin, a cryptocurrency that is difficult to trace.
Before the city council approved the ransom payment, it decided to spend nearly $1 million on new computers, hardware and other system upgrades.
“We are relying on [the consultants’] advice,” Brown told the AP. The city did not immediately respond to a request for comment Thursday morning.
Riviera Beach, a waterfront suburb of West Palm Beach, joins a growing list of ransomware victims, which include governments and businesses alike. In May, Baltimore said it would not pay hackers $76,000 after its systems were attacked. The city is still trying to recover, and this week Gov. Larry Hogan (R) appointed Maryland’s first statewide chief information security officer to help guard against cyber threats.
Two Iranians were indicted by the U.S. government last year after allegedly launching more than 200 ransomware attacks, including those that hit the cities of Atlanta and Newark. Those hackers collected more than $6 million in ransom and caused $30 million in damage to computer systems, authorities say.
The FBI did not immediately respond to a request for comment on the Riviera Beach hacking. But the agency told the AP that 1,493 ransomware attacks were reported in 2018. Victims, including individuals, paid $3.6 million to hackers — an average of $2,400 per hit.