The former Information Technology Director of Lake City, Florida, who was sacked after the city was forced to pay out a ₿42 ransom following a ransomware attack last month, has spoken of the attack in an interview with The New York Times. Brian A. Hawkins, who is suing the city for unfair dismissal, describes how a sophisticated phishing attack allowed the malware in, how the city’s outdated backup system afforded easy access to the hackers, and how eventually phones, computers, and even photocopiers were out of left commission.
“Super Crafty” Hackers
Hawkins describes how the “super crafty” hackers gained access to the city’s servers via a number of email-based phishing attacks, with infected emails coming from established contacts with innocent subject headings like “you have an invoice ready.” These emails were personalized and looked legitimate, but in reality were spear phishing attacks using what is known as Ryuk “triple threat” ransomware. One message even made reference to a prior email conversation the targeted employee had previously had with a colleague. Because of the sophistication, these emails bypassed spam filters and antivirus software, which Hawkins says in the interview were both up to date. A few weeks later the email system began to run slowly, eventually leading to Hawkins coming in to work one morning to find phones, computers, and even the photocopier offline and all the city’s files encrypted with a note left on the servers asking, “How do you want to open this type of file? Balance of shadow universe.”
Insecure Backups Partly to Blame
Soon after the hack came the ransom demand – ₿42, worth $490,000 at the time. The city’s insurer paid the fee in return for the key to decrypt the files, but not all came back and are now considered permanently lost. Hawkins was fired as a result of the hack, with the city citing “significant weaknesses with the city’s I.T. department under your leadership”, particularly with regard to the fact that a “reliable and effective backup system” was not in place. This is despite Hawkins stating that he championed an off-site, cloud-based backup system, something that would have allowed for a quick recovery of the files, but the city baulked at the price and refused to pay up, leaving most backups stored on the same server. Lake City is one of a number of public offices targeted by hackers in recent months, with hackers clearly seeing them as soft targets with limited resources to adequately protect their data.