2nd Florida City Pays Hackers, as 3rd City Faces Breach [securityweek.com]:
A second small Florida city this month has paid hundreds of thousands of dollars to hackers who took over most of its computer operations, an official said Wednesday, while a third Florida city said its data was breached.
The attacks in Riviera Beach, Lake City and Key Biscayne underscore the need for municipal governments to update and secure their software systems, and also reflect the dilemma of how to respond to hackers. The FBI doesn't condone paying ransom to hackers, but city governments often consider it the most convenient option.
The city manager of Lake City, a community of about 13,000 residents some 60 miles (100 kilometers) west of Jacksonville, says it paid about $460,000 in bitcoin Tuesday to recover data and computer operations.
In a separate case, the Village of Key Biscayne, just off the coast of Miami, reported a data breach earlier this week. This comes a week after Riviera Beach in South Florida agreed to pay $600,000 in ransom [securityweek.com].
It was not immediately clear if there was any connection between the attacks.
Joseph Helfenberg, city manager of Lake City, said paying the ransom was the cheapest option available since the city is paying a $10,000 deductible, and the rest is being covered by its insurer.
"We had a lot of attempts to recover the data that were unsuccessful," Helfenberg said Wednesday.
[...]Michigan State criminal justice professor Tom Holy said the recent attacks underscore the need for governments and businesses to spend money on backup systems and security protocols. If a city has been backing up its data, it's probably not worth paying a ransom, but if they haven't, "paying might be the cheapest option," Holt said.
"Which is really awful, but that's the point we may be at," Holt said. "This ransomware threat is not going to go away anytime soon."
What would happen in your town or city if it were attacked for ransom? Are networks properly partitioned? Are backups up-to-date? Have the backups actually been tested?