A Massachusetts city has revealed that cyber-criminals tried to hold its data ransom to the tune of more than $5m over the summer, in a sign of the growing risk to organizations from online extortionists.
The city of New Bedford was hit with the popular Ryuk strain of ransomware in early July, encrypting data on over 150 workstations, according to mayor Jon Mitchell.
Fortunately, the attack came during the July 4 holiday when systems were powered off, preventing the malware from spreading further. The city’s Management Information Systems (MIS) staff disconnected servers and shut down systems when they came in the next day.
In the end only around 4% of the city’s PCs were affected.
Mitchell revealed in a press conference on Wednesday that the hackers wanted $5.3m in Bitcoin, a figure he countered with a much lower sum of $400,000 as this apparently would have been covered by cyber insurance.
The attackers rejected that sum outright, highlighting just how high the bar is now for victims of ransomware attacks. In New Bedford’s case the relatively small number of machines affected meant restoring from back-up was pretty straightforward and no critical systems were impacted.
Only the city’s financial management system and several workstations used by the Fire Department for admin purposes were temporarily affected.
“We live in a world now that is so interconnected that simply pulling up the proverbial drawbridge is unrealistic,” Mitchell said. “We will rely on the advice of our experts to guide us, but we must remain constantly vigilant and willing to devote the resources necessary to protect our system from a much more debilitating attack than the one we just experienced.”
New Bedford is just the latest in a long line of US cities targeted by ransomware. Two cities in Florida paid hundreds of thousands of dollars for decryption keys after being hit, while others including Baltimore, Albany and 23 government entities in Texas have also suffered major infections.
In July, the United States Conference of Mayors passed a resolution not to cooperate with ransomware attackers. However, when critical services like emergency responders are impacted, it can be difficult for city leaders not to cave, even if it’s not guaranteed that the decryption key will work.