1. Home
  2. News
  3. Cybersecurity News

Hackers infect city with ransomware but walk away with nothing after demanding millions

City officials decided to just rebuild and improve their systems instead of paying the ransom

Photo (c) mikkelwilliam - Getty Images
You know all those hacker ransomware stories ConsumerAffairs writes about? Well, the City of New Bedford, Massachusetts (95,072 population) decided to stand up to a group of hackers and refused to pay the $5.3 million worth of Bitcoin they wanted to unlock the data. 

The result? The ransom-holders threw in the towel and left with not even a single red cent.

The backstory of the attack begins on July 5 in the dead of night. When 158 city workers -- about 4 percent of the local government’s workforce -- got to their desks, they were greeted with computers infected by Ryuk ransomware. 

Fortunately, the City’s management Information Systems (MIS) staff' jumped in quickly and was adroit enough to keep the ransomware from branching out to other workstations. 

Et tu, Ryuk

The death knell potential of Ryuk is pretty potent. Ransomware recovery company Coveware says it has a “low data recovery-success rate” and is challenging to remove.

“Ryuk ransomware payments are typically much higher than the ransomware marketplace average,” said Coveware’s team. “This is due to highly-targeted nature of the attacks. Ryuk  affects mid-large sized organizations that have higher ability to pay relative to small businesses and individuals.”

In this case, the city weighed out the potential value of the loss and offered only $400,000, which New Bedford’s mayor said was in line with payments other municipalities have paid in similar situations.

The hackers turned down the offer and, after supposedly doing their homework on what it would take to reclaim the data by itself, city officials decided it would buckle up and take that route.

“Administrators of this sort of malware are making big money and have partnered up with other cybercriminals for distribution to victims,” wrote information security observer, Ionut Ilascu. “One of the most recent ransomware families is Sodinokibi. Although its activity started in April, the average payment for decrypting a network of computers is $150k. Its handlers have already found affiliates to spread it and take a portion of the ransom.”

Improving security 

In the end, New Bedford was able to rebuild its system and implement additional security enhancements. The total cost of that endeavor was considerably less than the millions the bandits wanted, a cost the city’s mayor expects its million-dollar AIG policy will cover.

It’s possible that the cyber-thieves who tried to pull off this job learned something too. Emnisoft’s Brett Callow told SouthCoastToday that he’d rather see cities like New Bedford pay for necessary security enhancements instead of making ransom payments.

“Paying a ransom simply perpetuates the cycle of cybercrime,” he said.

Take an Identity Theft Quiz

Get matched with an Authorized Partner