Riviera Beach paid bad actors approximately $600,000 in ransom to recover its information after it fell victim to a ransomware attack.
On 17 June, the board of the Palm Beach County municipality voted unanimously to authorize that the city insurer pay 65 bitcoins (worth approximately $602,000 at the time of this writing) to those responsible for the attack. The board also approved an additional payment $25,000 from the city's budget to cover its policy deductible. This decision came after a separate vote in which the board approved to spend nearly $1 million in purchasing 310 new desktop, 90 laptop computers and other hardware. According to AP News, those responsible for the attack infiltrated Riviera Beach's systems after an employee clicked on a phishing link that, in turn, downloaded the ransomware. This infection subsequently disabled the municipality's email system, disrupted the city's direct deposit system for both employees and contractors as well as prevented 911 dispatchers from entering calls into their computer. The attack didn't affect emergency response time, however. The city's email system remained only partially functional two weeks after suffering the infection. Beyond that, Riviera Beach Council Chairwoman KaShamba Miller-Anderson said that some data encrypted by the attack remained out-of-reach by IT, hence the board's decision to pay the ransom. Miller-Anderson didn't provide a guarantee that the city would recover its data after making the payment, however. As she confessed to the Palm Beach Post:
This whole thing is so new to me and so foreign and it’s almost where I can’t even believe that this happens but I’m learning that it’s not as uncommon as we would think it is. Every day I’m learning how this even operates, because it just sounds so far fetched to me.
At this time, the FBI and DHS are still investigating the attack. Riviera Beach isn't the only municipality that's suffered a ransomware infection in recent memory. In May, Robbinhood ransomware struck Baltimore's city government computers. Just a month later, the City of Lake City confirmed that a “Triple Threat” ransomware attack had affected the functionality of several of its computer systems. These attacks highlight the need for organizations to do more to combat ransomware. First, they should use these tips to prevent a ransomware infection in the first place. Second, they should consider investing in a solution that's capable of detecting an advanced malware attack. Learn how Tripwire can help.
