Digital criminals demanded $5.3 million in ransom from the City of New Bedford, Massachusetts following a ransomware attack.

Jon Mitchell, Mayor of New Bedford, explained in a press briefing that the ransom demand came shortly after the City’s Management Information Systems (MIS) staff detected a ransomware attack in the early morning hours of 5 July 2019. The MIS staff disrupted the attack by disconnecting the City’s servers and shutting down its computer systems. That was after the ransomware had succeeded in affecting 158 workstations–approximately four percent of the municipality’s computers.

Initially, Mitchell opposed negotiating with those responsible for the attack, but per Providence Journal, he eventually agreed to hear out their demands. The digital attackers said they’d provide New Bedford with the decryption key in exchange for $5.3 million. The City countered with $400,000, which it had acquired from insurance proceeds, but the bad actors rejected that offer and made no counter offer. It’s then that Mitchell and the MIS team decided to recover the municipality’s data on their own by rebuilding its server network, restoring most software apps and replacing all affected computer workstations.

This recovery effort revealed that all emergency dispatch (911) systems, the New Bedford Public Schools, water and wastewater treatment plants as well as trash/recycling services were unaffected by the attack. It did uncover, however, that the attack had temporarily disabled the City’s financial management system along with several computers used by the Fire Department for administrative purposes.

The investigation also determined that Ryuk had been responsible for the attack. This ransomware family was involved in several high-profile infections earlier in 2019. Back in June, for instance, a sample of Ryuk affected the computer systems of Lake City; this Florida municipality ultimately paid $460,000 worth of bitcoin to digital attackers in order (Read more...)