In a fit of frustration, a city in the US state of Connecticut has paid hackers $2,000 in digital currency to regain access to computer systems infected with ransomware.
Citing research that showed paying was the best course of action, West Haven officials said they paid the anonymous attackers in Bitcoin to unlock 23 servers and restore access to city data.
The attack reportedly disabled servers early Tuesday morning, and was contained by 5:30 p.m. the next day. City officials said employee pay was not affected, and there was no indication any data was compromised. However, it wouldn’t be completely ruled out that the attackers accessed taxpayer data before erasing their tracks.
An investigation led by the US Department of Homeland security has so far uncovered that the attack came from outside the United States.
The US Federal Bureau of Investigation has notoriously warned ransomware victims to not cede to operators’ demands because (1) they might not see their data decrypted despite paying the ransom, and (2) paying encourages attackers to strike again. However, the Bureau itself admits that some circumstances are debatable, and that paying is sometimes the only way to try to recover precious data (i.e. health records containing information that can make the difference between life and death).
News of the West Haven incident comes on the heels of a DHS report announcing an increase in attempts to hack U.S. city systems ahead of the midterm elections.
“We are aware of a growing volume of cyber activity targeting election infrastructure in 2018,” the department’s Cyber Mission Center said in an intelligence assessment obtained by NBC News. “Numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data, and undermine confidence in the election.”
Ransomware, by definition, is a disruptive type of malware, despite being primarily used for financial gain.
Neither the DHS nor West Haven officials have said which type of ransomware was used in the attack. However, the most recent ransomware reports point to a surge in operations leveraging the GandCab ransomware family, as well as Gamma (part of the Crysis ransomware family).
Bitdefender now offers a free decryption tool to unlock data from GandCrab ransomware, v1, 4 and 5.
*** This is a Security Bloggers Network syndicated blog from Bitdefender Labs authored by Filip Truta. Read the original post at: https://labs.bitdefender.com/2018/10/west-haven-connecticut-pays-2000-ransom-to-recover-encrypted-data/