Stew Lilker’s

Columbia County Observer

Real news for working families.  An online newspaper

Lake City News

Lake City Finally Admits to Cyber Ransom, FL League of Cities to Pay Approx $474,000 

LAKE CITY, FL – Monday morning the Lake City City Council met in an unposted, unnoticed special meeting to approve the payment of a 42 Bitcoin ransom (Monday value approximately $462k) so the City could attempt to get its locked down and encrypted data back.

Related articles:
City Manager Declares War on Cyber Attacks – Fortifying City IT: It Will Be Expensive
August 5, 2019

Lake City Finally Admits to Cyber Ransom, FL League of Cities to Pay Approx $474,000
June 25, 2019

City Hit by Cyber Attack: Was it the "Triple Threat," Inadequate Malware Protection, Human Error?  (June 11, 2019)

Earlier, we reported that City Manager Helfenberger said the cyber attack came sometime over the weekend of June 8. It appears that he may have been misinformed.

Sources have told the Observer that the City was hit on Thursday, June 6 and the IT folks didn't recognize the extent of the attack.

Yesterday, after the meeting, City Manager Helfenberger said the former IT director had been fired on Friday and the City was looking for a replacement.

It appears that the City's vulnerability was multifaceted, with the main fault being that many of the City backups resided on the City's main servers.

In simple English, the malware worm, once it got into the system, didn't have far to go.

It appears that some areas of the City use propriety vendor software and that information is backed up in the cloud; some think it is presumably safe.

Even if the City gets back its data, it appears that it will be a while as all City workstations that have been hit need new hard drives or at least wiped and reformatted drives, which takes some time.

With all the confusion in the City's IT world, it is not clear when the ransom was requested.

Special Meeting Not Posted: not even to a tree

Lake City Council Chambers with City Council, a couple of members of the public, and city staffers
The unnoticed, unposted meeting had two members from the public present, some folks from Motorola, and a contingent of City staffers.

There were only two members from the public at the Monday morning meeting, one who was advised by this reporter and one other.

The notice of this special or emergency meeting was not posted anywhere: not on the City bulletin board, not on the doors of City Hall and not to a tree.

Your reporter pointed out to the Council that the required notices regarding the need make a record for appeal and the ADA requirements were never posted, adding that the meeting was never posted.

City Attorney Fred Koberlein, Sr. blew off the requirements and after the meeting Councilman Greene advised your reporter that Mr. Koberlein said the "City did nothing wrong."

The morning's first emergency resolution regarding a P25 radio system, (it was never revealed why this was an emergency), was moved by veteran Councilman Eugene Jefferson.

The words had no sooner left Mr. Jefferson's lips when Attorney Koberlein interjected, "Mr. Jefferson, implicit in that motion is a declaration that a sufficient emergency would justify having a motion entertained at that meeting. Is that correct, sir?"

A surprised Mr. Jefferson looked over to Mr. Koberlein, "What's - repeat that."

Mr. Koberlein did. Mr. Jefferson said, "Yes."

Mayor Witt asked, "We should have a second for that?"

Mr. Koberlein answered, "Yes."

The additional language was never seconded.

Councilman Jefferson and Attorney Fred Koberlein, Sr.
Councilman Jefferson and Attorney Fred Koberlein, Sr., after the meeting.

City Manager Helfenberger Introduced the Real Emergency

"The City's IT vendors have performed the initial stages of a forensic investigation of the City’s IT systems and recommend that the City purchase a de-encryption key from the individuals, or entity, responsible for the cyberattack. The price for such a key is currently 42 Bitcoin. Bitcoin is a cryptocurrency and its value changes daily. Our vendor would purchase the Bitcoin on behalf of the City and the City’s Insurer, Florida League of Cities, would reimburse the City for the costs associated with the transaction minus the City’s $10k deductible.

Based on the advice of the vendors the purchase would provide a mechanism to the City to retrieve the City’s files and data, which have been encrypted, and hopefully return the City’s IT system to being fully operational. If this process works it would save the City substantially in both time and money.

Law enforcement is actively investigating the matter and at the conclusion of the investigation we can provide more information. Until then records are exempt from disclosure and information is limited."

Shortly thereafter, the City Council unanimously authorized the City Manager to move forward with recovery and restoration of the City's computer system, including proceeding with the payment for an encryption key not to exceed the policy limits of the City’s cybersecurity insurance policy.

The cost is 42 Bitcoins, of which the City will have to pay a deductable of $10,000. The City's insurer, the Florida League of Cities will pay the rest.

Bitcoin prices have been rising and it was announced before this article was posted that the City had paid the ransom. The total price was not disclosed, but should be around $474,000 depending upon the time of day of the payment.

Tuesday, the Bitcoin price was on a rising trajectory with an average price of $11,300 a Bitcoin.

Getting the Info Back: May Be Problematic

Cybersecurity experts will tell you that the longer one waits to pay, the more difficult it is to retrieve ransomed information, with the chance of recovery between 25 and 30 percent.

As the Monday meeting concluded, City Manager Helfenberger said, "There is no guarantee" that the information will be restored.

Comments  (to add a comment go here) 

This work by the Columbia County Observer is licensed under a Creative Commons Attribution-Noncommercial 3.0 United States License.

Meeting Calendar
No need to be confused - Find links to agendas and where your participation is welcome.

Make a comment • click here •
All comments are displayed at the end of the article and are moderated.