Ransomware wreaks havoc in the South, generates $1 million for hackers

[harlan4096]

Cities across the Southern states have been crippled by ransomware in recent weeks. In many cases, city leaders have had no choice but to give in to the attackers’ demands.

In this article, we’re going to take a look at how these attacks work and the damage they’ve caused local municipalities.

Riviera Beach ransomware attack

In May 2019, the computer systems of Riviera Beach, Florida, ground to a halt after a police department employee opened an infected email attachment. The ransomware knocked the city’s email and phone systems offline and disabled utility payment services.

Eventually, the city gave in to the hackers’ demands and voted to pay the criminals nearly $600,000 to regain access to their data. While we can’t say for certain which ransomware was to blame for this attack, experts believe that it is likely to have been Ryuk, a ransomware strain that was first seen in August 2018.

Lake City ransomware attack

A couple of weeks later, another Florida city found itself in a similar predicament. On June 10, a Lake City government employee unwittingly opened a malicious email, resulting in widespread disruption across government communications and online payment services. Again, city leaders agreed to pay the hackers the ransom – this time, a cool $460,000.

Key Biscayne ransomware attack

Shortly after the Lake City incident, yet another Florida town, Key Biscayne, was hit by a cyberattack. Officials said their systems were back up and operational within a few days but declined to comment on whether a ransom payment was involved.

Collierville ransomware attack

On July 18, the town of Collierville, Tennessee, was hit by Ryuk. The ransomware primarily affected town employees, with many town services being forced to resort to offline systems for several days. Following the FBI’s recommendations, the town did not communicate or negotiate with the hackers. A spokesperson said that it may take weeks to get the systems back to normal.

Louisiana ransomware attack

Toward the end of July, ransomware brought down the IT networks at three Louisiana school districts – Sabine, Morehouse, and Ouachita. In response, Louisiana Governor John Bel Edwards declared a state of emergency, which means state resources will be made available to help resolve the crisis and reduce the risk of further data loss.

Georgia Department of Public Safety ransomware attack

On July 26, a ransomware infection at the Georgia Department of Public Safety (DPS) affected multiple police departments, including state patrol, capitol police and the Georgia Motor Carrier Compliance Division. The infection caused police car laptops to lose connectivity to DPS servers, leaving police officers unable to access crucial information. Officers have resorted to using older channels of communication while the systems are being restored.

According to David Allen, chief information security officer at DPS, payment is not an option.

“It’s not part of our policy to pay ransom,” says Allen, as quoted by GovTech. “In all honesty, I don’t even typically look at the files they leave behind on how to contact them. I don’t agree that it’s more cost effective to pay [ransom] because even if you pay it and get some of your system decrypted, it doesn’t always happen in a clean fashion.”

Continue Reading