Lake City Finally Admits to Cyber Ransom, FL League of Cities to Pay Approx $474,000
Posted June 25, 2019 07:45 pm
LAKE CITY, FL – Monday morning the Lake City City Council met in an unposted, unnoticed special meeting to approve the payment of a 42 Bitcoin ransom (Monday value approximately $462k) so the City could attempt to get its locked down and encrypted data back.
Related articles:
•
City Manager Declares War on Cyber Attacks –
Fortifying City IT: It Will Be Expensive
August 5, 2019
•
Lake City Finally Admits to Cyber Ransom, FL
League of Cities to Pay Approx $474,000
June 25, 2019
•
City Hit by Cyber Attack:
Was it the "Triple Threat," Inadequate Malware
Protection, Human Error? (June 11,
2019)
Earlier, we reported that City Manager Helfenberger said the cyber attack came sometime over the weekend of June 8. It appears that he may have been misinformed.
Sources have told the Observer that the City was hit on Thursday, June 6 and the IT folks didn't recognize the extent of the attack.
Yesterday, after the meeting, City Manager Helfenberger said the former IT director had been fired on Friday and the City was looking for a replacement.
It appears that the City's vulnerability was multifaceted, with the main fault being that many of the City backups resided on the City's main servers.
In simple English, the malware worm, once it got into the system, didn't have far to go.
It appears that some areas of the City use propriety vendor software and that information is backed up in the cloud; some think it is presumably safe.
Even if the City gets back its data, it appears that it will be a while as all City workstations that have been hit need new hard drives or at least wiped and reformatted drives, which takes some time.
With all the confusion in the City's IT world, it is not clear when the ransom was requested.
Special Meeting Not Posted: not even to a tree
The unnoticed, unposted meeting had two members
from the public present, some folks from
Motorola, and a contingent of City staffers.
There were only two members from the public at the Monday morning meeting, one who was advised by this reporter and one other.
The notice of this special or emergency meeting was not posted anywhere: not on the City bulletin board, not on the doors of City Hall and not to a tree.
Your reporter pointed out to the Council that the required notices regarding the need make a record for appeal and the ADA requirements were never posted, adding that the meeting was never posted.
City Attorney Fred Koberlein, Sr. blew off the requirements and after the meeting Councilman Greene advised your reporter that Mr. Koberlein said the "City did nothing wrong."
The morning's first emergency resolution regarding a P25 radio system, (it was never revealed why this was an emergency), was moved by veteran Councilman Eugene Jefferson.
The words had no sooner left Mr. Jefferson's lips when Attorney Koberlein interjected, "Mr. Jefferson, implicit in that motion is a declaration that a sufficient emergency would justify having a motion entertained at that meeting. Is that correct, sir?"
A surprised Mr. Jefferson looked over to Mr. Koberlein, "What's - repeat that."
Mr. Koberlein did. Mr. Jefferson said, "Yes."
Mayor Witt asked, "We should have a second for that?"
Mr. Koberlein answered, "Yes."
The additional language was never seconded.
Councilman Jefferson and Attorney Fred
Koberlein, Sr., after the meeting.
City Manager Helfenberger Introduced the Real Emergency
"The City's IT vendors have performed the
initial stages of a forensic investigation of
the City’s IT systems and recommend that the
City purchase a de-encryption key from the
individuals, or entity, responsible for the
cyberattack. The price for such a key is
currently 42 Bitcoin. Bitcoin is a
cryptocurrency and its value changes daily. Our
vendor would purchase the Bitcoin on behalf of
the City and the City’s Insurer, Florida League
of Cities, would reimburse the City for the
costs associated with the transaction minus the
City’s $10k deductible.
Based on the advice of the vendors the purchase
would provide a mechanism to the City to
retrieve the City’s files and data, which have
been encrypted, and hopefully return the City’s
IT system to being fully operational. If this
process works it would save the City
substantially in both time and money.
Law enforcement is actively investigating the
matter and at the conclusion of the
investigation we can provide more information.
Until then records are exempt from disclosure
and information is limited."
Shortly thereafter, the City Council unanimously authorized the City Manager to move forward with recovery and restoration of the City's computer system, including proceeding with the payment for an encryption key not to exceed the policy limits of the City’s cybersecurity insurance policy.
The cost is 42 Bitcoins, of which the City will have to pay a deductable of $10,000. The City's insurer, the Florida League of Cities will pay the rest.
Bitcoin prices have been rising and it was announced before this article was posted that the City had paid the ransom. The total price was not disclosed, but should be around $474,000 depending upon the time of day of the payment.
Tuesday, the Bitcoin price was on a rising trajectory with an average price of $11,300 a Bitcoin.
Epilogue
Getting the Info Back: May Be Problematic
Cybersecurity experts will tell you that the longer one waits to pay, the more difficult it is to retrieve ransomed information, with the chance of recovery between 25 and 30 percent.
As the Monday meeting concluded, City Manager Helfenberger said, "There is no guarantee" that the information will be restored.