Digital criminals demanded $5.3 million in ransom from the City of New Bedford, Massachusetts following a ransomware attack.
Jon Mitchell, Mayor of New Bedford, explained in a press briefing that the ransom demand came shortly after the City’s Management Information Systems (MIS) staff detected a ransomware attack in the early morning hours of 5 July 2019. The MIS staff disrupted the attack by disconnecting the City’s servers and shutting down its computer systems. That was after the ransomware had succeeded in affecting 158 workstations–approximately four percent of the municipality’s computers.
Initially, Mitchell opposed negotiating with those responsible for the attack, but per Providence Journal, he eventually agreed to hear out their demands. The digital attackers said they’d provide New Bedford with the decryption key in exchange for $5.3 million. The City countered with $400,000, which it had acquired from insurance proceeds, but the bad actors rejected that offer and made no counter offer. It’s then that Mitchell and the MIS team decided to recover the municipality’s data on their own by rebuilding its server network, restoring most software apps and replacing all affected computer workstations.
This recovery effort revealed that all emergency dispatch (911) systems, the New Bedford Public Schools, water and wastewater treatment plants as well as trash/recycling services were unaffected by the attack. It did uncover, however, that the attack had temporarily disabled the City’s financial management system along with several computers used by the Fire Department for administrative purposes.
The investigation also determined that Ryuk had been responsible for the attack. This ransomware family was involved in several high-profile infections earlier in 2019. Back in June, for instance, a sample of Ryuk affected the computer systems of Lake City; this Florida municipality ultimately paid $460,000 worth of bitcoin to digital attackers in order to regain access to their data. Not long thereafter, a Ryuk attack disrupted some services at all library locations across Onondaga County in New York State.
Mitchell explained that the City of New Bedford continues to rebuild its network and implement security measures designed to prevent similar attacks in the future. As quoted in a press release:
We live in a world now that is so interconnected that simply pulling up the proverbial drawbridge is unrealistic. We will rely on the advice of our experts to guide us, but we must remain constantly vigilant and willing to devote the resources necessary to protect our system from a much more debilitating attack than the one we just experienced. I am committed to making sure our City does just that.
This attack highlights the importance of small and local governments taking steps to protect themselves against a ransomware attack. One of the ways they can do this is by preventing an infection in the first place. This resource is a great place to start.