By John Haughey | The Center Square
The Dec. 7 cyberattack against the city of Pensacola’s electronic infrastructure is not related to the previous day’s shooting by a Saudi Arabian Air Force officer that left four dead on nearby Naval Air Station (NAS) Pensacola, according to the FBI.
But it was – is – a ransomware strike.
Pensacola officials confirmed Friday that the city is being extorted by a hacker or hackers who are demanding a reported $1 million ransom for the return of stolen documents.
City spokeswoman Kaycee Lagarde told reporters that the cyberattack that crippled some of the city’s computer systems around 1:30 a.m. last Saturday is an unfolding act of extortion.
According to Pensacola officials, services affected by the cyberattack include the city’s phone systems, email system, 311 customer service line and online payments for Pensacola Energy and the city’s sanitation services.
The city has restored some services, including email, phone services, and utility online bill payments. Its 911 and emergency services systems were never compromised, according to city officials.
Lagarde would not discuss who or what is responsible, nor elaborate on whether any personal or financial data was breached in the ransomware attack, saying only the city would notify residents and customers as warranted.
The cybersecurity blog BleepingComputer reported a group behind a ransomware strain known as Maze had contacted it and claimed responsibility for the attack and demanded $1 million from the city.
The Maze hackers in emails to BleepingComputer claimed they had stolen documents from the city. There was no indication of a deadline or what they’d do with the documents if Pensacola didn’t pay the $1 million.
BleepingComputer editor Lawrence Abrams told the Associated Press that the hackers had “authenticated their identity” with proof of previous hacks.
At least three Florida cities have had electronic systems seized by hackers this year, forcing at least two to pay “ransom” using untraceable Bitcoin to unknown thieves.
Lake City, a city of about 13,000 residents 65 miles west of Jacksonville, paid 42 Bitcoin worth between $460,000 and $480,000 to end a June cyber-attack.
The same month, Village of Key Biscayne, an affluent community of 13,000 east of Miami, reported a ransomware “security event.”
Riviera Beach, a city of 35,000 in Palm Beach County, paid 65 Bitcoins – approximately $600,000 – in late May to regain access to its computer systems.
In Lake City’s and Riviera Beach’s cases, insurance provided through the Florida League of Cities (FLC) covered the bulk of the ransom with Lake City paying a $10,000 deductible and Riviera Beach, a $25,000 deductible
Pensacola, apparently, is not insured under the FLC or any provider for such an event, which means it could be forced to pay the reported $1 million ransom directly from its coffers.
Purchasing ransomware insurance is “something that our risk manager will certainly be looking into,” Lagarde said.
According to the FBI, there were 1,493 ransomware attacks reported in 2018 with victims – including individuals – paying $3.6 million to hackers.
A study by the cybersecurity firm Recorded Future found at least 170 county, city or state government systems have been attacked since 2013, including at least 45 police and sheriff's offices.
But those numbers – and the amounts of the ransoms – increased dramatically in 2019.
According to a report released Dec. 12 by cybersecurity firm Emsisoft, more than 950 U.S. government agencies, utility districts, universities, and hospitals have been struck with ransomware attacks thus far this year.
Emsisoft estimates the price tag for the demanded ransoms at more than $7.5 billion, although it is uncertain how much was actually paid since settlements – if any – are often not disclosed.
The cyberattack against Pensacola occurred about 18 hours after 2nd Lt. Mohammed Alshamrani, 21, of the Royal Saudi Air Force, opened fire in a NAS Pensacola classroom, killing three members of the U.S. Navy and wounding eight before he was gunned down by Escambia County sheriff’s deputies.
The FBI said in a tweeted statement that the agency has not identified any connection between the shooting and the ransomware event.
Comments
No comments on this item Please log in to comment by clicking here