[BreachExchange] Florida city fires IT employee after paying ransom demand last week

Destry Winant destry at riskbasedsecurity.com
Wed Jul 3 05:43:55 EDT 2019


https://www.zdnet.com/article/florida-city-fires-it-employee-after-paying-ransom-demand-last-week/

Officials from Lake City, Florida, have fired an IT employee last week
after the city was forced to approve a gigantic ransomware payment of
nearly $500,000 last Monday.

The employee, whose name was not released, was fired on Friday,
according to local media reports [1, 2], who cited the Lake City
mayor.

The city's IT manager is also planning to revamp the town's entire IT
department to prevent a similar incident from happening in the future.

AFTERMATH OF THE "TRIPLE THREAT" ATTACK

Lake City's IT network was infected with malware on June 10. The city
described the incident as a "triple threat."

In reality, an employee opened a document they received via email,
which infected the city's network with the Emotet trojan, which later
downloaded the TrickBot trojan, and later, the Ryuk ransomware.

The latter spread to the city's entire IT network and encrypted files.
Hackers eventually demanded a ransom to let the city regain access to
its systems.

The city's leadership approved a ransom payment last Monday, which was
paid the next day, on Tuesday. The city's IT staff started decrypting
files on the same day.

At the time, Lake City was the second Florida city to pay a gigantic
ransom demand to a ransomware gang. The first was Riviera City, who
paid 65 bitcoins ($600,000) the week before Lake City.

THIRD FLORIDA CITY ALSO HIT BY RANSOMWARE

Since then, a third Florida municipality was also hit, namely the
village of Key Biscayne [1, 2]. Officials reported a Ryuk ransomware
infection last week, but they haven't decided yet if they want to pay
the ransom demand.

While there are pros and cons to paying a ransom demand, the public
and media have turned on city officials who fail to secure networks
and then decide to pay hackers.

Paying ransom demands is now viewed as a sign of a city
administration's failure and weakness, rather than a quick fix to get
access back to citizens' data, and most likely a reason why Lake City
officials fired one of their IT staff, as a sign that they are serious
about improving their IT security posture.

OH, GEORGIA! AGAIN?

Currently, attacks from ransomware gangs, and especially the Ryuk
crew, are at an all-time high, and they are bound to continue,
according to an alert from the UK's cyber-security agency.

The latest reported case is from Georgia, where the state's court
system was hit by ransomware today, and Ryuk appears to be the
culprit, according to a source.

This case is worrisome, in particular, because ransomware has also
crippled the city of Atlanta's IT network last year, costing officials
millions in recovery efforts; and has also hit Georgia's Jackson
County, where officials dished out a $400,000 ransom payment earlier
this year.

It appears that despite some pretty high-profile cases, Georgia
officials don't appear to have learned anything from previous
incidents, and are on track for either paying a ransom demand, or
heavily investing in rebuilding IT systems.


More information about the BreachExchange mailing list