For the second time this month a Florida city has paid off cybercriminals to recover from a ransomware attack.
On Monday, officials in Lake City voted to pay 42 bitcoins ($530,000) to attackers to decrypt its files and restore its network, according to local television station WCJB. Although the ransomware is being paid through its insurance company, WCJB reports that Lake City will be responsible for the $10,000 deductible on its policy with the League of Cities.
On June 10, Lake City posted a notice to its website stating that it had been attacked by malware known as “triple threat,” and its files and other systems, including phones and email, had been encrypted.
Following the attack, the city’s IT department tried to recover, but they were unsuccessful. And ultimately, this was what led to the city’s decision to pay its attackers.
Currently, the city is working with the Florida Department of Law Enforcement and a third-party security company, officials say.
To some security experts, the city’s reference to the “triple threat” malware may refer to an attack described by security firm Cybereason earlier this year that involves using the Emotet and TrickBot Trojans to deliver Ryuk ransomware.
As the Cybereason report and other security researchers note, TrickBot is better known as a banking Trojan, but the malware can communicate with a command-and-control server and exfiltrate sensitive data from servers. By combining Emotet and TrickBot, the attackers have many different choices in infecting a network.
Although security researchers have studied Ryuk over the past several months, it’s not clear who is behind the malware or if there is more than one group deploying these attacks, according to an analysis by McAfee and other firms.
As mentioned before, this is the second time this month that a Florida city has paid off attackers. On June 17, officials at Rivera Beach paid $600,000 in bitcoins to end a ransomware attack. This payment was also authorized through the city’s insurance.
Law enforcement, including the FBI, discourage paying ransomware attackers. However, recovering from a ransomware attack is very expensive — the city of Baltimore, which was hit with a ransomware attack earlier this year, has spent about $18 million to recover. So, with this in mind, it’s tempting to see why some businesses and cities cave.