The cyberattacks on Lake City and Riviera Beach have put other government agencies in the region on high alert. Ransom demands totaled more than $1 million, leaving neighboring cities to question their preparedness.
(TNS) — Hackers are targeting small Florida cities and demanding big payouts. In two recent cases, the hackers got exactly what they asked for.
In June, hackers attacked computer systems and held hostage city files and data in Lake City, a city of 12,000 about 60 miles west of Jacksonville, and Riviera Beach, a small city of about 35,000 people, and demanded a combined $1 million in ransom.
After weighing the positives and negatives, both cities began negotiating with the attackers, and in the case of Lake City, decided to pay them 42 bitcoins — roughly $480,000 — after an attack that disabled the city's computer system and shut down phone lines, email and online utility payments. In both cases, insurance took on most of the loss with the cities paying just $10,000 each.
The attacks have put other government agencies, including St. Johns County Government, the City of St. Augustine and the St. Johns County School District, on high alert.
"It's definitely a concern," said City of St. Augustine General Services Department Director Jim Piggott. "We are aware of what is going on in other cities in Florida."
Before the June attacks, there had been 22 known public-sector attacks across the country in 2019, according to CNN, which would outpace 2018. Piggott said the city is taking the proper steps to guard against attacks seen in other cities but declined to elaborate on exactly what steps are being taken as a security precaution.
Piggott did say that one of the steps is educating employees on exactly what to look for to help prevent attacks. In the case of the Lake City attack, Mayor Stephen Witt told The New York Times it started on June 10 when an employee clicked on a malicious email that ended up infecting the city's computer with ransomware.
Piggott and Michael Ryan, spokesman for the county, both said educating employees on how to guard against attacks is a top priority.
"We are doing amplified monitoring and educating the staff on what to look for in emails," Ryan said.
The county defends against external threats on a daily basis, Ryan said, and there have been cases of minor viruses, but there have been no catastrophic attacks like the ones seen in other Florida cities.
In a school board workshop on Tuesday, the district talked about how it is trying to make sure it doesn't fall prey to a malware attack.
The district recently started to implement a multi-factor authentication system for employees. It's a security system that requires more than one method of authentication from independent categories of credentials to verify the users identify for a login or other transactions.
In other words, it adds a second layer of security on top of a traditional 8-64 character password. Password breaches have accounted for more than 80% of the data breaches in the past few years, according to Bruce Patrou, chief information officer of the district's IT Department.
The district plans to test and pilot the system over the summer and fully implement it before December. It's unclear if the county or the city have multi-factor authentication system for employees or plan to add them in the future.
Patrou said the system will help protect student records — valuable assets on the black market because they can be used to set up fraudulent credit cards. The attacks also target teachers. Last year, a "spear phishing" attack cost a local teacher $500.
"These hackers know what they are doing. They do this for a living," Piggott said.
And the attacks keep coming. The Village of Key Biscayne, a town of about 12,000, confirmed it had been hit by a cyber attack on June 23, marking the third Florida city in the month to fall victim to outside hackers. Key Biscayne would not say whether a ransom was involved in the attack, according to The Miami Herald. As of Friday, the FBI, which was investigating the attacks, had yet to publicly identify the hackers involved.
Mayor Witt, who said Lake City fired the IT director it deemed had not done enough to protect the computer systems, urged other small cities in Florida to make changes and take stock as soon as possible.
"We're developing a system with a backup that hopefully won't be vulnerable," Witt told the New York Times. "Every other town needs to look at their system — today."
©2019 The St. Augustine Record, Fla. Distributed by Tribune Content Agency, LLC.