Ransomware gang wanted $5.3 million from US city, but they only offered $400,000

Ransomware infection.
New Bedford officials decide to restore from backups after negotiations fail.

A ransomware gang tried to pay a restitution in the city of New Bedford, Massachusetts for an unprecedented sum of $5.3 million. The town chose to restore the reserves after hackers rejected a smaller counter offer of just $400,000.

The incident took place at the beginning of July, but details were retained in the pipeline until today, when New Bedford Mayor Jon Mitchell held a press conference detailing the city’s attempts to deal with the ransomware infection.

Only 4% of the city’s IT network impacted

According to Mayor Mitchell, only four percent of the city’s IT network affected the city’s IT network during the night from 4 July to 5 July.

In this evening a group of hackers broke the IT network of the city and installed Ryuk, a type of ransomware which was used in targeted assaults and the most common ransomware strain of today, as released by Fidelis Security last week.

Mayor Mitchell said the Ransomware spread through the city network and encrypted files on 158 workstations, making up 4 percent of the entire city’s PC fleet.

The official said things could have been worse but attackers struck during the night when most town systems were switched off, which prevented the ransomware spreading across its entire network.

Hackers asked for an absurd ransom demand

The IT employees of the town found the ransomware the next day when they were working, and they rapidly moved to disconnect the infected pcs from the town’s network and contain the virus before it was able to cause even greater damage.

“During the assault, the town reached an attacker, who had given an email address through its advisors,” Mayor Mitchell said today at a press conference.

“The assailant specifically replied with a ransom request that it provide a decryption key to unlock encrypted files in exchange for a $5.3 million Bitcoin payment,” he added.

The city didn’t pay, mainly because the money wasn’t there. If it had, this would have been the biggest ransomware payment ever made by a South Korean internet hosting company, dwarfing a prior record in $1 million.

But even when Mayor Mitchell knew that they wouldn’t pay, he said that the city would engage in a dialog with hackers so IT personnel would have more time to strengthen the defenses of the city and protect the city’s network if they took other actions, in addition to running ransomware.

“Taking these factors into account, I decided to create a counter-offer with insurance proceeds of $400,000 which I found consistent with ransoms paid lately by other communities,” said Mayor Mitchell.

“The assailant refused to create a counter-offer, completely dismissing the city’s stance.” The New Bedford Mayor said, realizing that the hackers would not be negotiating, they chose to restore backups.

The choice of the city to restore backups was simple owing to the small amount of infected systems and the fact that the ransomware did not affect critical systems. This made it simpler to manage public pressure than in other communities where ransomware infections efficiently paralyzed almost every urban service.

The complete press conference of Mayor Mitchell is accessible below, courtesy of The Standard-Times whose journalists today also broke the tale.

US towns have been a prime target for Ransomware gangs in the last few months. Below are just some of the most important examples that have affected US municipalities:

  • Over 20 Texas local governments hit in ‘coordinated ransomware attack’
  • Louisiana governor declares state emergency after local ransomware outbreak
  • Florida city pays $600,000 to ransomware gang to have its data back
  • Second Florida city pays giant ransom to ransomware gang in a week
  • Georgia county pays a whopping $400,000 to get rid of a ransomware infection

A latest ProPublica inquiry discovered that insurance companies accidentally boost the economy by advising towns to pay ransom requirements, rather than reconstruct IT networks–since the insurance company is always less expensive to cover ransom payments.

This increase in successful ranch payments, in turn, has drawn more ransomware gangs, breathing fresh life into the ransomware landscape that seemed to have been killed and slowed down last year.

Credit: ZDNet

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.