[BreachExchange] Knoxville pays $236, 718 to clean up ransomware attack, less than attacker demanded

[Destry Winant]

https://www.wbir.com/article/news/crime/knoxville-pays-236718-to-clean-up-ransomware-attack-less-than-attacker-demanded/51-ab9fe4ae-faae-4ec0-a931-75df7c9a3c96

KNOXVILLE, Tenn. — The City of Knoxville said it's paid $236,718 so
far to clean up a ransomware attack that held much of the city's
technology hostage this summer.

Attackers broke into the city's networks on June 11 in a ransomware
attack, holding computer systems hostage in exchange for money. They
demanded around $393,137 in Bitcoin, a kind of virtual currency with a
rapidly fluctuating value.

Officials initially said that it appeared employee files had not been
compromised in the attack, but hackers later posted internal city
records on darknet forums.

After the attack, the city hired cyber specialists and management
support services. Officials hired Mullen Coughlin, a law firm, as well
as specialists from CrowdStrike Services Inc. Coughlin's hourly rates
included $380 for a partner, $320 for an associate and $140 for a
paralegal's services.

Invoices provided to 10News show the city paid those lawyers and
specialists $239,718 so far to recover from the attack, about $100,000
less than the ransom the attackers demanded.

Officials sent a notification letter to people impacted by the attack,
officials said. The attacker appeared to be from a group using the
name, "DoppelPaymer," according to a threat analyst for an online
security firm, Brent Callow.

Knoxville was at least the fourth U.S. city to have its data stolen by
the group, Callow also said during an earlier interview. Other cities
that were affected by cyberattacks include Pensacola, Fla., Torrance,
Calif. and Florence, Ala.