In a concerning trend for local governments, Florida has recently seen two critical ransomware incidents, resulting in over $1.1 million being paid to cybercriminals in bitcoin. The attacks targeted Riviera Beach and Lake City, raising alarms regarding the cybersecurity posture of municipal systems.
Lake City, located in northern Florida, became the latest victim when it agreed to pay 42 bitcoins—approximately $573,300—to regain access to essential email and phone systems. This decision followed a debilitating ransomware attack that incapacitated the city’s IT infrastructure for two weeks. The malware, which employs a technique dubbed “Triple Threat,” leverages multiple vectors to penetrate network defenses. The breach occurred on June 10 when a city employee inadvertently opened a malicious email that delivered the payload.
Despite a rapid reaction from the IT department that disconnected systems within ten minutes of detection, the damage had already been done, with vital email accounts and servers locked down. Fortunately, public safety services remained operational, as they were on separate servers and unaffected by the attack.
The hackers initiated contact with the city’s insurer, negotiating a ransom payment in bitcoins. City officials convened and made the decision to pay the ransom to restore access to their critical systems. While most of this payment will be covered by insurance, taxpayers are expected to bear an additional $10,000.
City Information Technology Director Brian Hawkins indicated that, while operations were disrupted, there was no evidence of sensitive data being compromised. He noted that all customer payment information, such as credit card data, was stored off-site by third-party vendors and remained secure against the breach.
Lake City is not alone in facing such threats; Riviera Beach experienced a similar attack that began on May 29 after an employee clicked on a malicious email link. This incident disabled the city’s systems for three weeks, prompting the Riviera Beach City Council to authorize a ransom payment of 65 bitcoins, amounting to $897,650.
Federal authorities and cybersecurity experts continually advise against paying ransoms, as it not only incentivizes cybercriminal activity but also does not guarantee the restoration of compromised systems. Business owners and government officials are urged to maintain robust backup solutions and employ staff training to fortify defenses against such threats.
The attacks in both Riviera Beach and Lake City highlight serious vulnerabilities within municipal networks. The methods employed, such as phishing for initial access and exploitation of system weaknesses, align with tactics cataloged in the MITRE ATT&CK framework, underscoring the need for enhanced cybersecurity measures in local government infrastructures.
As the situation continues to evolve, it is imperative for organizations to prioritize cybersecurity and develop comprehensive strategies to mitigate the risks associated with ransomware and other cyber threats.
