The Riviera Beach City pays $600,000 in ransom

The Riviera Beach City, Florida, agreed to pay $600,000 in ransom to decrypt its data after a ransomware-based attack hit its computer system.

The Riviera Beach City Council voted unanimously to pay $600,000 in ransom to decrypt its records after a ransomware attack hit its systems. The council has previously agreed to spend $941,000 to modernize the entire IT infrastructure after hackers broke into the city’s system three weeks ago, ecrypting data managed by the City.

The internal IT staff has been working with security consultants to restore the operations, but according to them the only way to decrypt the information was to pay the ransom.

“The Riviera Beach City Council voted unanimously this week to pay the hackers’ demands, believing the Palm Beach suburb had no choice if it wanted to retrieve its records, which the hackers encrypted.” reported the Associated Press. “Spokeswoman Rose Anne Brown said Wednesday that the city of 35,000 residents has been working with outside security consultants, who recommended the ransom be paid.”

The attack began on May 29, the infection started when an employee at the Riviera Beach police department opened a malicious email containing a link that once clicked has allowed infecting the PC.

The ransomware rapidly spread inside the Riviera Beach City infrastructure, causing several problems. The email system was disabled, employees and vendors were paid by check rather than direct deposit, the communications went down, 911 dispatchers being unable to accept calls even if the service continues to operate.

Initially, the city council decided to not pay the ransom, but due to the difficulties in restoring the operations, it opted out to pay.

On Monday, city officials participating to a rapid meeting unanimously voted to use the city’s insurance to pay a ransom of 65 bitcoins (~$603,000).

“The payment is being covered by insurance.” continues the AP. “The FBI on its website says it “doesn’t support” paying off hackers, but Riviera Beach isn’t alone: many government agencies and businesses do.”

In July 2018, another Palm Beach suburb, Palm Springs, decided to pay a ransom, but it was not able to completely recover all its data.

In March 2019, computers of Jackson County, Georgia, were infected with ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.

“The FBI had no comment Wednesday on the Riviera Beach attack, but said 1,493 ransomware attacks were reported last year with victims paying $3.6 million to hackers — about $2,400 per attack. Some of those were against individuals.” concludes the AP.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Riviera Beach City, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.