Lafayette City pays $45,000 ransom to cyber criminals
Attackers likely entered the network through a phishing scam or brute force attack
Officials in Lafayette City, Colorado, have paid $45,000 to an unidentified group of hackers who were holding the City's data hostage. Lafayette is a home-rule municipality with a population of around 30,000.
In a statement last week, the City administration revealed that a ransomware attack on their computer network in July disabled their computer systems, causing disruption to official emails, phones, reservation systems and online payments.
Staff detected the cyber attack and ransom message on the 27th July, following which they disabled all network connections to prevent the malware from spreading. Help was sought from neighbouring cities, and the staff also contacted a cyber security analyst to provide assistance in investigation and data recovery.
An initial probe into the security incident suggested that the malware entered the network through a phishing scam, or via brute force attack.
Although no personal details or credit card information were compromised in the attack, the hackers were successful in encrypting some computer systems on the network.
After conducting a cost/benefit analysis of rebuilding the City's data versus paying the ransom, the city administration decided to pay $45,000 to retrieve the decryption key to unlock their data. They said that "the ransom option far outweighed attempting to rebuild." The administration also took into consideration the inconvenience that residents would face due to lengthy service outage.
In a video, Mayor Jamie Harkins stated the administration did not share the updates earlier as it would have created a "strategic disadvantage" for the City.
The administration said that it is now "taking steps to install crypto-safe backups, deploy additional cyber security systems, and implement regular vulnerability assessments to prevent future data threats."
IT security teams are currently cleaning and rebuilding the computers and system servers, and once that is done, all data will be restored. Officials said that they are currently unable to share a date by which all systems will be back up and running.
The report of the ransom payment comes soon after Emsisoft researchers revealed that British firms were hit by nearly 5,000 ransomware attacks in 2019, and paid out nearly £210 million in ransoms.
Emsisoft also suggested that organisations are now showing 'more willingness' to pay ransoms to hackers due to fears of public embarrassment, lost data and potential penalties from regulators.
The company estimates that cybercriminals who use ransomware as a tool for making money are now making approximately £19 billion annually from the practice worldwide. Some of them are so successful in the trade that they have started posting job listings on the Dark Web.