Lake City fires employee after paying ransom in malware attack

June 28, 2019

LAKE CITY, Fla. (WCJB) -- The Lake City mayor confirmed to TV20 an employee has been fired, after a malware attack on city networks resulted in a ransom.

Earlier this week we told you how Lake City paid $460,000 in ransom for a cyber attack through bitcoin.

Now the city manager has fired one employee and is planning to revamp the entire IT department to recover from the attack and to prevent the incident from happening again.

For more on this story,

.

June 27, 2019

LAKE CITY, Fla. (CBS) -- For the second time in a week a Florida city has decided to pay a ransom to hackers to regain control over municipal computer systems. It is the latest in thousands of attacks worldwide aimed at extorting money from governments and businesses.

The mayor of Lake City told CBS 47 Action News Jax on Tuesday that the small city in northern Florida would give the hackers $460,000 to hand back control of email and other servers seized two weeks ago.

"I would've never dreamed this could've happened, especially in a small town like this," Lake City Mayor Stephen Witt told Action News Jax.

The CBS News affiliate said the ransomware attack froze city workers out of their email accounts and made it impossible for members of the community to pay city bills online.

Witt told Action News Jax that it was a difficult decision to accept the hackers' demands, but noted the city's "insurance will cover all of it except $10,000," which he said taxpayers would have to stump up in the form of higher insurance rates down the road.

The Lake City decision came a week after the city council in Riviera Beach voted unanimously to pay hackers $600,000, believing the Palm Beach suburb had no choice if it wanted to retrieve its records, which the hackers had encrypted. The council already voted to spend almost $1 million in spending on new computers and hardware after hackers captured the city's system in May.

As in Lake City, the hackers apparently got into the city's system when an employee clicked on an email link that allowed them to upload malware. Riviera Beach had numerous problems, including losing its email system and 911 dispatchers not being able to enter calls into the computer.

According to the U.S. Department of Homeland Security, ransomware is the fastest growing malware threat, targeting both individuals and organizations. In 2018, the massive "SamSam" virus disrupted the flight information system, baggage displays and email at Cleveland Hopkins International Airport, while another attack crippled computers at the Port of San Diego.

City governments in Atlanta, Newark, N.J., and Sarasota, Fla., also have been hit by ransomware schemes. And hackers have taken the information systems of dozens of U.S. hospitals hostage.

"Ransomware is commonly delivered through phishing emails or via 'drive-by downloads,'" according to Homeland Security. "Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment."