Third Florida city falls victim to ransomware attack

[midian182]

In brief: It’s starting to look as if Florida cities have become the favorite target for ransomware attacks after a third local government was struck by the malware within the last few weeks.

Key Biscayne joins Riviera Beach and Lake City in having its systems infected by a form of ransomware after it identified a data security “event” early last week. In all three cases, the malware made its way onto local government computers when an employee clicked on an email link that allowed it to be uploaded.

“Key Biscayne is working with outside counsel and third-party forensic experts to ensure that its systems are secure, and to determine the scope of the event,” said city manager Andrea Agha, in an email to CBS Miami.

Last month, it was reported that Riveria Beach had agreed to pay hackers $600,000 to restore its encrypted systems. A week later, Lake City’s insurance provider negotiated a payment of 42 bitcoins, or around $500,000 at the time, to unlock its computers. In the latter case, $10,000 of the money came from taxpayers.

Both Key Biscayne and Lake City were hit with Ryuk, the final piece of what is known as the “Triple threat attack,” the other two being Emotet and Trickbot malware. It’s uncertain whether the Riviera Beach attack was also based on Ryuk, which was originally linked to the notorious North Korean “Lazarus” hacking group.

While paying hackers to unlock ransomware usually isn’t advised as there’s no guarantee they’ll hand over the decryption key, city officials agreed this was the best, easiest, and cheapest—as the bulk is paid by insurers—way to address the situation.

The wealthy island town of Key Biscayne has just 3,000 residents, making it much smaller than Lake City (12,000) and Riviera Beach (35,000). A special council meeting to discuss the issue was held on Thursday, where it was decided to spend $30,000 on hiring a data recover firm, though it appears the city isn’t ruling out paying the hackers.

“The Village Manager may (in her judgement) incur additional expenses necessary to expeditiously and fully resolve the current data security event,” states the council resolution.

Main image credit: Felix Mizioznikov via Shutterstock

Permalink to story.

https://www.techspot.com/news/80744-third-florida-city-falls-victim-ransomware-attack.html

 

[Uncle Al]

Sounds like they need to seriously tighten up their email system or better yet, turn it off completely!

 

[Capaill]

I presume the first thing they do is contact the FBI / NSA and let them treat it like a hostage situation: pay nothing and negotiate while the attack team zeroes in.

 

[Ben Foster]

Time to install Malwarebytes!

 

[Lew Zealand]

Florida gets a bad rap because apparently all governmental records are public unlike most places, hence r/floridaman and this story.

Elsewhere, cities in the same situation can pay all the ransomware BTC they want and keep it a secret.

 

[DelJo63]

Time to install Malwarebytes!

MBAM v3.0 is still an adjunct and does not replace a fully installed Anti Virus application that performs "On Access and "On Demand" scanning on a wide variety of file types.

Depending on the vendor of the anti virus application, it will be MAPI and/or VIM compliant or it will provide an IMAP/POP Proxy service. Then the anti virus application will decode the MIME based message in one's email client and scan the email body and email attachments when it arrives in the InBox. Or the Proxy intercepts the email before the email client gets the email message. Using its extended signature base it can then look at the email and apply its broad range of signatures on a variety of file types without the user actually opening what may be a malicious email.

With MBAM v2.x and v3.x, you have to extract the attachments and then if it is a PE Binary MBAM it can apply its signatures to see if the attachment is executable or you have to click on a link which may or may not be in the web block database. Since MBAM does not target scripted malware, documents and media files, it won't scan them. Therefore MBAM will not give the user a warning of there is a malicious MS Word file or if the email contains phishing content.

Not having a fully installed Anti Virus application means that a layer of protection via an early warning indicator and or malicious object removal is not there that an Anti Virus application provides.

 

[DelJo63]

Does Avast detect ransomware?

Avast Free Antivirus uses AI and machine learning to detect and block all malware, including ransomware, adware, spyware, and more. Upgrading to our premium tier, Avast Premier Antivirus, gives you additional dedicated anti-ransomware software called Ransomware Shield.Jan 22, 2018

{btw: I am not associated with this product whatsoever -- just Jo user like you.}

This product is effective for 3Rd party email readers like Thunderbird. If you use your browser to read email, then another solution is necessary.

 

[Rq3EWAq]

100% of these problems could have been avoided if they only used Linux on their computers. What they need Windows 10 for? Reading mail and write documents? There is free and secure solutions for that, you don't need buggy Windows system.

 

[Mike E]

For city employees, Linux is the way to go with this. Plus, nightly backups offsite.

 

[OortCloud]

If they keep paying ransoms the attacks will keep coming and get more and more sophisticated.

 

[OortCloud]

100% of these problems could have been avoided if they only used Linux on their computers. What they need Windows 10 for? Reading mail and write documents? There is free and secure solutions for that, you don't need buggy Windows system.

Linux fanboy nonsense.

 

[Rq3EWAq]

Linux fanboy nonsense.

I am being realistic. I don't use Linux on my main machine, far from being a fan boy. If you not seeing benefits of using Linux as more secure typewriting machine for office workers, you are very short sighted indeed. Office workers don't need buggy Windows, period.

 

[FLAtech]

I presume the first thing they do is contact the FBI / NSA and let them treat it like a hostage situation: pay nothing and negotiate while the attack team zeroes in.

That's not how it works.