New Bedford City Council Survives a Ransomware Attack Unscathed Author: Jimmy Aki Last Updated: 10 September 2019 New Bedford, Massachusetts was recently hit by ransomware attackers who demanded to get paid $5.3 million in Bitcoin before releasing the city’s information. Now, for its part, the city did try to reduce the ransom payable, with a counteroffer of $400,000 instead. So much for “We don’t negotiate with terrorists,” huh?). However, the criminals declined and reused to make any more offers. So, facing a loss of confidential data, the city council decided to call in some muscle of its own. According to a report from the South Coast Today, Mayor Jon F. Mitchell was able to hire security experts to recover the data and restore the network. Even though the city does have a $1 million insurance fund for this specific eventuality, Mayor Mitchell was able to find a workaround, and the attackers are now left with empty Bitcoin wallets. In a press release, Mitchell detailed that the malware used was the popular Ryuk virus. The attack reportedly happened on July 5, affecting up to 158 desktop and laptop computers. He credited their ability to resolve the issue to two things. The first is a conscious effort by the IT department to shut down the systems and disconnect them from the city servers, and the second was the stroke of luck that they had; apparently, most of the computers had been turned off because of the Fourth of July break. Thus, the spread of the vires could easily be contained. Now, that’s some real fortune. This isn’t the first time that Ryuk is gaining headlines for its ability to disrupt systems. As a matter of fact, the ransomware has been pointed as one of the most profitable malware in the cybercrime industry. A few months back, crypto-ransomware manager Coveware published a blog post which revealed that there had been a 90 percent increase in ransomware payouts in Q1 2019. The company claimed that its report was based on standard data, and it touched on the costs incurred in an average ransomware attack. These costs include downtime costs (missed opportunities, time lags, etc.) and recovery costs (ransoms paid to avert attacks). Coveware revealed that an average ransomware payout amounted to $12,762, 89 percent higher than the $6,733 paid in Q4 2018. This increase was especially attributed to the rise in popularity of Ryuk, as well as other ransomware such as Bitpaymer and Lencrypt. The report specifically mentioned GandCarb Dharma, and Ryuk as the three most popular types of ransomware for attackers. However, it laid particular emphasis on Ryuk, as it had seen the highest increase in adoption amongst all others. The difficulty of decryption was pointed out as the most prevalent cause of increased downtime, and given that Ryuk is the most challenging type or ransomware to be decrypted, it isn’t surprising that the firm found its stock trading very highly among attackers trying to make a quick buck. Somehow, the city of New Bedford was able to survive this, without even having to break into its insurance fund.