Every year, businesses large and small across the country are targeted by hackers. Unfortunately, 2019 was no different. There were several notable ransomware attacks last year, and they were a painful reminder of why it’s so essential for every business to have strong security measures in place.
By looking at a handful of prominent examples, our goal is to help illustrate how these attacks happen, what’s at stake, and how to respond in case it happens to your business.
City of Lodi, California
Last April, the city of Lodi, California, was hit by a ransomware attack that caused severe issues with critical phone systems throughout several city departments.
The attack started when a city employee opened an email that appeared to be an invoice. The attachment was not an invoice, but a malicious program that quickly spread through the entire network of all city employees.
The program began encrypting (locking) files related to key city phone systems, including:
- Police department non-emergency number
- City Hall
- Finance division
- Public works emergency outage line
All of these phone systems went down and were unavailable for residents to use.
How It Was Resolved
The attackers were demanding payment in the form of 75 Bitcoin (approximately $400,000 at the time) to unlock the city’s files and restore their systems.
Instead of paying the ransom, the city manager opted to rebuild their system based on backup data that they kept. They also brought in an outside team of cybersecurity experts to confirm that no public information was compromised during the attack.
The Heritage Company
Just days before Christmas, telemarketing company The Heritage Company was forced to lay off three hundred employees after failing to recover from a debilitating ransomware attack.
Sometime in October, hackers infiltrated the computer servers of The Heritage Company and locked up all their data. The attackers demanded an undisclosed amount to restore their servers.
How It Was Resolved
Unfortunately, this story did not have a happy ending. The company’s CEO, Sandra Franecke, paid the ransom the hackers demanded. The company’s IT team then spent the next two months trying to get the systems back online but struggled to make things work.
After using her own personal funds to try and keep the company afloat while IT worked on issues caused by the attack, Sandra was forced to close shop and lay off her entire staff of three hundred people right before the holidays.
Pittsburg Unified School District
The Pittsburg Unified School District in California was struck by a ransomware attack just before the end of the year. Several schools in the district were affected.
Several schools were affected by a ransomware attack that shut down the district’s email and web servers. Teachers and students were unable to access school email and course materials that were stored online.
At the time of publication, the school district is still being impacted by the attack. Teachers are currently unable to log documentation and class notes.
How It Was Resolved
The situation is ongoing. The school immediately notified the FBI and has brought in a cybersecurity team to help investigate and repair the system.
The amount of ransom demanded by the attackers has not been disclosed, but so far, school officials have given no indication that they are going to pay.
Six Florida municipalities were hit by ransomware attacks in the first half of 2019. In total, over two million dollars was either diverted to or paid in ransom to the various hackers that attacked each city.
Between April and June last year, six cities were hit with various forms of ransomware and/or phishing attacks:
Tallahassee: Half a million dollars was diverted out Tallahassee’s employee payroll after hackers breached their human resources management application.
Stuart: A computer virus called “Ryuk” infected the city’s computers and forced the city to disconnect from its network entirely. City officials elected to repair the systems manually rather than pay the ransom. The origin of the attack was traced back to an employee who was duped into clicking a phishing email.
Riviera Beach: Once again, an employee who clicked on a link in a phishing email allowed hackers to break into the city’s computer network and hold it hostage. The city paid a ransom of $600,000 in Bitcoin to get their systems and data back.
Naples: A complex phishing attack resulted in the loss of $700,000. In this case, the attacker was posing as a representative from a legitimate construction firm that was doing contracted work for the city.
Lake City: Hacker’s stole files and and demanded a ransom of 42 Bitcoin (about $480,000). The city council voted to pay the ransom, which was covered by an insurance policy the city had.
Key Biscayne: The city was also infected with the Ryuk virus, which officials suspected came through an employee’s email. While a few systems were taken offline, Key Biscayne reported all systems were back up and running a few days later.
2020 Will Be Worse, Not Better
If anything, 2019 only served to embolden cybercriminals. Many victims feel they have no other choice than to pay the ransom the attackers demand, which only encourages further attacks.
This year will see even more attacks launched on businesses of all sizes. Those that don’t have adequate security measures in place are risking everything in the hope that they won’t be targeted.
Now is the time to do a top-to-bottom evaluation of your own business’s cybersecurity measures and decide if you need additional protection. If your business doesn’t have the resources internally to defend against cybersecurity threats, consider working with an outside partner who can help safeguard your business.