Things are hot in Florida, and it’s not just the weather.
Three municipalities in the state are reeling after being hit by ransomware attacks, with the IT manager of one city being sacked after it was victimized.
Florida TV station WCJB reported Monday that the director of information technology for Lake City was dismissed after the city of 13,000 was hit last month, impacting many systems including emails and telephones.
City council approved paying $460,000 USD in bitcoin to get decryption keys to unlock municipal systems. Most of that was covered by insurance. The TV station quoted the city manager as saying it will take the municipality another two weeks to recover. It also quoted the mayor as saying the decryption keys are working.
Also recently victimized were the Florida municipalities of Key Biscayne and Riveria City. Riveria City paid the equivalent of US$600,000 in bitcoin ransom.
Experts say that there is no reason to pay ransoms if an organization has a data recovery plan that ensures backup data is held independently of main systems and can’t be corrupted.
According to ZDNet, Lake City was victimized after a municipal employee opened an email attachment which infected the city’s network with the Emotet trojan, which later downloaded the TrickBot trojan and then the Ryuk ransomware.
Security vendor Tripwire offers 22 ways organizations can reduce the odds of being hit by ransomware. In addition to ensuring safe backups and regular employee awareness training, it recommends configuring the webmail server to block attachments with extensions like .exe, .vbs, or .scr, and consider disabling vssaexe, which administers the Volume Shadow Copy Service. While this can be used to restore previous versions of arbitrary files, malware can also use it to wipe out shadow volume snapshots. If the admin service is disabled IT managers can still use VSS to restore the encrypted files after an attack.