Officials in Lake City, Florida have agreed to pay a $500,000 ransom in Bitcoin after their computer systems were compromised by hackers, per the BBC. The town is the second American city to publicly disclose a ransomware payment.
Officials said that the Lake City IT staff immediately disconnected computers from their network when they realized that ransomware was spreading through their system. By that point, however, important data had been compromised. Residents of the city couldn’t make their municipal payments online, and city employees lost access to email and other crucial systems. The city determined that the best course of action was to pay hackers to restore access as quickly as possible and minimize losses.
In a typical ransomware attack, a computer user clicks on a link in an email or on a website, which allows the hacker to distribute a payload that quickly spreads through the affected network. The ransomware uses high-level encryption to prevent file access.
Because the malicious software implements encryption across all computers simultaneously, network administrators don’t have time to back up crucial data, and backup systems may also be affected.
At Datarecovery.com, we specialize in ransomware removal and file recovery. The city has not released additional information about the attack, and we weren’t able to verify the ransomware variant that affected their systems. However, we offer the following recommendations for ransomware victims:
- Immediately disconnect affected systems from the network. Try to limit the extent of the infection by unplugging infected computers and devices. Do not go through a safe shutdown process; unplug the computers from the wall as soon as possible.
- Contact an expert as soon as possible. Some ransomware variants are less advanced than others, and you may be able to fix the issue without communicating with hackers. Ransomware specialists can also negotiate on your behalf, reducing the ransom. Do not rely on IT administrators; specialists have more tools for reducing the extent of the infection and planning an effective recovery.
- Do not publicize the details of the attack. Except as required by law, you should not publicize information about the ransomware infiltration, as this gives hackers leverage. They may increase the ransom or refuse to negotiate if they can verify that an important system has been compromised.
In our industry, ransom payouts are considered a negative outcome, and we take every possible step to recover data without rewarding ransomware developers. Even when insurance covers a portion of the payout — as is the case in Lake City, where all but $10,000 of the expense was covered through insurance — paying ransoms creates incentives for future attacks.
While the number of ransomware attacks is down in 2019, the scale of the attacks continue to rise, with hospitals, government offices, and even entire towns suffering the consequences. To discuss your ransomware recovery options, contact our team at 1-800-237-4200 and ask to speak with a ransomware specialist.