How a Single Email Turned Into a $600,000 Ransom

How a Single Email Turned Into a $600,000 Ransom
By vetroff/Shutterstock

How a Single Email Turned Into a $600,000 Ransom

Nicole Fallon
June 21, 2019

While Baltimore continues to recover from its highly publicized ransomware attack, a new one has already struck—and devastated—another U.S. city. The city council of Riviera Beach, Florida, just voted to hand over $600,000 worth of bitcoin to the hackers that took over the city’s computer system nearly a month ago.

The takeover started as many cyberattacks do: through an unassuming email. On May 29, an employee of the Riviera Beach police department opened an email containing a powerful ransomware virus that took the city government completely offline and even impacted its 911 dispatch operations.

The Palm Beach Post reported that since then, the city “has been operating as it did in the pre-internet age,” with paper payroll checks and handwritten traffic tickets and no email communications.

How a $600,00 ransom turned into a $1M+ problem

Before the Riviera Beach city council voted to pay the $600,000 ransom, it had already voted to spend $941,000 for new desktop computers, laptops and hardware to get the city back up and running.

City councilwoman Julie Botel told the Palm Beach Post that much of their existing hardware was old and vulnerable to more attacks, “so it was time to replace it anyway.” But the equipment cost and ransom payment, combined with the lost time, money and productivity during the outage means a much heftier long-term price tag for the city

In a 2018 warning about ransomware attacks, the U.S. Department of Homeland Security cited local-level government attacks as some of “the most costly and destructive.” Potential negative consequences, according to the Department, include temporary or permanent loss of sensitive information, disruption to regular operations and financial losses associated with restoring systems and files.

As with any ransomware attack, there is no guarantee the hackers will restore Riviera Beach’s data and systems access, even though the payment has been made.

Search a person's history and background check

What to do if you suspect you’ve been targeted by a ransomware attack

Cybersecurity experts agree that prevention is the best defense against ransomware attacks. Keeping your operating systems and software up to date, installing antivirus software and being cautious when opening emails from unknown senders can help guard against would-be hackers.

While not all attacks can be stopped, there are steps you can take to recover if you find yourself on the receiving end of a ransomware attack. Jakub Křoustek, a research manager for Avast Threat Labs who is focused on ransomware analysis, explained that you can reinstall your operating system or execute a system restore to take your device back to a time before the ransomware was installed.

If your data has been securely backed up, you will be able to restore any files you saved prior to the attack after you’ve removed the ransomware.

Whatever you do, don’t pay the ransom: A spokesperson for Kaspersky told BeenVerified that doing so may mark you as a target for future attacks, and instead you should report the incident to law enforcement.

Worried that your data might have been exposed during a recent breach? Run an identity theft search to potentially discover if your information is floating around on the dark web.

Disclaimer: The above is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.