In the past eight months, three Florida Keys municipal and regional companies were hit by a computer ransomware virus that practically shut down their systems for weeks.
Two of the computer virus attacks on the computer servers at Key West City Hall and the Florida Keys Mosquito Control District occurred in the past 10 weeks. The first of these three system hacks hit the computer system of the city of Marathon on March 4th, and the information technology staff there still have not brought all of the municipal servers up and running.
The computer ransomware virus that shut down Key West City Hall’s computer system for more than three weeks on August 28th appears to be remarkably similar to the other two viruses that have taken control of the state’s internal computer servers and the data stored there have encrypted them to make them illegible and useless. Ransom demands were received in Key West and Marathon. At Mosquito Control, the district’s chief technical officer Tony Nunez was able to shut down the system during the attack and potentially stop the infection process before it could be more embedded. Chad Huff, public education and mosquito control officer, said Nunez somehow became aware of the attack on the evening of October 20.
“The next morning, all of our phones and computers were inoperative. All of our data has been encrypted. He [Nunez] I pulled the plug and kept it from getting worse, ”Huff told The Key West Citizen this week.
Possibly as a result, Huff said, the county mosquito control bureau never received a ransom note. But Key West and the Marathon weren’t so lucky. Key West City manager Greg Veliz said the ransom note rose to $ 1.1 million in exchange for the hackers removing the virus that encrypted the city’s urban data. U.S. intelligence was involved in the negotiations, as was a team of ransomware experts deployed by the city’s insurance company, he said.
“You put people in immediately. They were a team that we met with pretty regularly, ”Veliz said, adding that the team ultimately decided not to pay the ransom note. “I’m not giving anyone $ 1.1 million. I’m not from St. Louis, but you have to show me. I haven’t seen enough. “
As a result, the Key West City government reverted to the days before the computer for more than three weeks. While 911 911 was still on, employees had no internal computer access for departmental records and operations and only limited telephone service. They had to mix and match to find workarounds to keep the city going, including using cell phones and laptops. Several departments had to go to lockers to find paper records. Police officers had to fill out incident reports by hand. Emergency building permits were issued by hard copy, while handwritten inspection requests were made to inspectors. And since the project plans were locked in the construction department’s computers, the inspectors had to rely on the contractors having on-site printouts of the plans to determine where an inspection was needed.
Veliz said city officials were so tense at the time of the attack, at the request of the secret service. In addition to shutting down the servers, the hackers said they had access to personal information for some of the city’s employees and residents, which they would “throw” on the Internet if they weren’t paid. Veliz said the Secret Service told him that the more media outlets paid attention to the attack, the higher the ransom demand.
However, during the ransom negotiations, it did not appear that the hackers stole a lot of potentially harmful personal information from local residents.
“We [communicated] by email and them [hackers] showed us what they had, ”said Veliz. “I haven’t seen enough. We made up our minds, no. “
At this point, Veliz said, the risk of a resident data dump appears to be low. There is a notification procedure whereby the city must tell everyone whether their personal information could be compromised. So far, however, the city had “not been made aware” that a resident had been exposed, he said.
Ransomware is a criminal offense within the meaning of federal law on computer fraud and abuse.
In the Mosquito Control District offices, Huff said their servers are about 95% restored. At no point during the system crash was the office unable to do its job, including continued spraying missions from trucks and helicopters to control the mosquito population.
“We were just back 20 years ago. Everything was on paper. Pencils are replacing cards and computers, ”said Huff.
In Marathon, former mayor Steve Cook, who was mayor when the hack arrived on March 4th, attributed the attack to an unnamed European hacking group. He said the city has cyber insurance that is helping to hire computer technicians to restore the servers.
“We have been completely closed,” he said, adding that the hack came 10 days before Monroe County’s closure to visitors due to the coronavirus, adding to the difficulty of repairing the damage.
Cook said the ransom note “was made from the start”. He wouldn’t say how much demand was.
“When we found out that all of our on-site and off-site servers were compromised, we had to make a decision,” said Cook. “We’re still bringing some of our servers back online.”
Two years ago, the Monroe County’s school system was hit by a similar ransomware attack that shut down systems for about a week even though it did not affect teaching. No ransom demand was made; However, the virus has been identified as a type of malware, “GandCrab”, which is usually a form of something called a “Trojan Horse” virus that encrypts data into unreadable gibberish that can only be unlocked with software keys when the target pays for the payment Ransom note.
And just two weeks ago, the FBI and two other federal agencies warned US hospitals that cyber criminals would trigger a new wave of blackmail through data encryption that would lead to “data theft and disruption to health services.”
With future threats that may be in sight and the fact that all three community and county hack victims are being forced to rebuild their computer systems from scratch, additional virus protection is added. At Mosquito Control, Huff said that “maximum” firewalls have been set up at short notice and additional, longer-term protective measures will be installed. In Key West, Veliz said IT technicians “went the extra mile”.
“If it is available to protect,” he said, “we have it.”