US City In Oregon Pays Ransomware Criminals – Report

The scourge of ransomware continues with the news that a city in the United States has allegedly paid the attackers, after its computer system was compromised.

According to Infosecurity, the computer system of the city of Keizer (in Oregon) was successfully targeted by attackers using ransomware in the early hours of June 10. The attack left officials unable to access either files or their email accounts for seven days.

And rather than heed the advice of security experts, the US city reportedly paid a ransom of $48,000 to regain control of its computer system.

Keizer ransomware

Infosecurity cited a statement viewed by Oregon Live shortly after the attack was carried out.

“We are taking this seriously, and are working to resolve the situation as quickly as possible,” city officials reportedly said.

But it seems the officials were unable to recover the encrypted files themselves (i.e. no backups), and despite engaging the help of the “appropriate authorities,” officials eventually acquiesced to the ransom demand.

This allowed staff to regain access to their files on 17 June.

“We were presented with a request for a ransom payment needed to obtain the needed decryption keys,” a city spokesperson was quoted as saying by Infosecurity.

But in an effort to create a positive spin on the capitulation, Keizer officials said they felt this attack will help them in the event of further cyber attacks.

“We believe that the forensic investigation could provide critical information to defend against attacks in the future,” a city spokesperson reportedly said.

The city said that no sensitive data appears to have been accessed or misused as a result of the ransomware attack.

Never pay

Paying attackers when they cripple organisations with ransomware is not a good idea, the security industry generally advises.

“The payment of this ransom is troubling and demonstrates how organisations, and in this case a major US city, will do anything to avoid disruption to their daily operations,” said Dr Francis Gaffney, Director of Threat Intelligence at Mimecast.

“In fact, our State of Email Security report shows that the average downtime from a ransomware attack is 3 days, and for many this time gap is unacceptable and drives organisations to pay the ransom,” said Dr Gaffney.

“However, those targeted should never succumb to the pressure to pay the ransom to regain access to their data and applications, as it cannot always be guaranteed that encryption keys will be provided, but more so because it also fuels the motivation of attackers to carry out further ransomware campaigns,” Dr Gaffney said.

“Our research found that 50 percent of UK organisations have been impacted by ransomware attacks in the last year, and as long as organisations continue to pay, attackers will view this attack approach as being financially viable,” said Dr Gaffney.

“All organisations need to ensure they have adequate resiliency measures in place prior to an attack to preserve business-as-usual should the worst happen, and to thereby mitigate any potential loss,” said Dr Gaffney. “Non-networked backups and a fallback email and archiving process need to become standard security measures if organisations are to significantly mitigate ransomware threats.”

“Individual users can also assist greatly by being aware of the potential for unsafe attachments but should also be wary of clicking any email links received in any communication, as criminals are increasingly utilising URL links rather than file-based attachments to infect networks,” concluded Dr Gaffney.

Other payers

It should be noted though that Keizer unfortunately is not alone in paying ransomware criminals.

In January of this year, a ransom of $300,000 was paid by Tillamook County (in Oregon) to recover systems following a ransomware attack.

And there have been other cities that opted to pay as well.

Last year Lake City (in Florida) opted to pay hackers after a ransomware attack. They paid a staggering $500,000 (£394,000), most of which covered by an insurance policy.

That payout came after the council of another city – Riviera Beach City (also in Florida) – voted unanimously to pay hackers $600,000 who took over their computer systems via a ransomware attack earlier this year.

San Francisco’s public transportation network and the city government of Atlanta have also been hit by ransomware attacks.

In December 2019 the City of New Orleans declared a state of emergency after all governmental computers were forced to shut down due to a ransomware attack.

In July 2019 Louisiana also declared a state of emergency after school systems in Sabine, Morehouse, and Ouachita parishes in North Louisiana were hit by ransomware attacks.

Ransomware attacks are also ongoing on this side of the pond.

Council staff at Redcar and Cleveland Council this year had to revert to pen and paper after a “cyberattack on the council’s IT servers”.

Do you know all about security? Try our quiz!