A Florida city paid a $600,000 bitcoin ransom to hackers who took over its computers — and it's a massive alarm bell for the rest of the US

Samantha Lee/Business Insider
  • A Florida city agreed to pay $US600,000 worth of bitcoin to hackers who took its computer systems offline with a cyberattack.
  • Riviera Beach’s city council voted to pay the money after an attack in May affected the city’s online services, including email and 911 dispatches.
  • The attack is part of a pattern that has targeted cities around the US. The disruption has cost millions of dollars.
  • The US Department of Homeland Security warned in 2018 that local-level governments around the US were being hit with malware that is “among the most costly and destructive.”
  • Visit Business Insider’s homepage for more stories.

A Florida city’s council voted to pay a ransom of $US600,000 in Bitcoin to hackers that targeted its computer systems – and the payout is a sign of how unprepared much of the US is to deal with a coming wave of cyberattacks.

The city council of Riviera Beach, Florida, 50 miles north of Fort Lauderdale, Florida, voted on Monday to meet the demands of its hackers in hope of getting back the city’s compromised data,CBS News reported.

According to The Palm Beach Post, the attack began on May 29, when an employee from the police department opened an email attachment that contained malware.

The software quickly spread through the city’s computer systems, affecting its email system and even the 911 dispatch operations.

The New York Times reported that the hackers demanded their ransom in bitcoin. The paper said there was no guarantee the hackers would honour their end of the deal after getting the money.

CBS reported that the council already voted to spend $US1 million on new computers after the attack.


Read more:
Cyberattacks are the newest frontier of war and can strike harder than a natural disaster. Here’s why the US could struggle to cope if it got hit.

A spokeswoman for the city told The New York Times that Riviera Beach was working with law enforcement and security consultants. “We are well on our way to restoring the city system,” she said.

Riviera Beach is a stark example but far from the only US city to be crippled by a cyberattack.

Security experts in the federal government and the private sector have repeatedly warned that much of the US public infrastructure is dangerously exposed to cyberattacks, but many institutions have been slow to respond.

Baltimore is one of the highest-profile victims and has spent much of the past month paralysed by a cyberattack that froze a large chunk of its computer network.

The attack began in early May, shutting down infrastructure for its email systems and the payment of water bills.

As recently as June 12, local media reported that 30% of city employees still had no email access and many services would not return to full functionality for months. According to the city’s latest estimate, the attack has cost it more than $US18 million.

Hackers had demanded Baltimore pay a $US76,000 ransom, but the city refused.

Elsewhere, a ransomware attack on Atlanta in March 2018 ultimately cost the city some $US2.6 million.

Albany, New York; San Diego; Sarasota, Florida; and a Los Angeles hospital have also faced similar attacks.

Tyler Moore, a University of Tulsa cybersecurity professor, told The Guardian in June that “attackers have found a playbook that is working.” They continue to target smaller governments until they find some that are vulnerable and willing to pay.

The US Department of Homeland Security warned in 2018 that governments around the US were being hit by malware that is “among the most costly and destructive.”

Small-scale attacks like these, while damaging themselves, could also be a precursor to something larger.

Last month, Business Insider published an extensive feature describing how a large-scale cyberattack – particularly one targeted at the electrical grid – could cripple the US.

Some experts believe US cyberdefenses will continue to be ignored until an attack is so catastrophic that people are forced to take notice.

James Andrew Lewis, a senior vice president and technology director at the Center for Strategic and International Studies, told Business Insider: “I’m often asked: How many people have died in a cyberattack? Zero.

“Maybe that’s the threshold. People underappreciate the effects that aren’t immediately visible to them.”

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.