Yonkers attacked by ransomware but refuses to pay ransom

Government employees at the City of Yonkers were denied access to their computers last week, after cyber criminals launched a ransomware attack.

The city said that it refused to pay the ransom and would restore as much data as possible from backups.

In the meantime, employees have been doing as much work as possible manually. This often means keeping pen and paper records that are transferred into databases when the systems are back online.

The ransomware epidemic

Ransomware attacks against local government are nothing new. You may remember that the City of Baltimore was targeted in 2019, in what was at the time considered among the most damaging ransomware attacks of all time.

The city was crippled for more than two weeks before the government’s systems were restored, in a delay that cost the city more than $18 million.

Although Baltimore followed the advice given by cyber security experts and the FBI to not pay the ransom, many people questioned the city’s wisdom, given the extent of the damage.

Answering those critics, Mayor Bernard C. Jack Young said: “If we paid the ransom, there is no guarantee [the attackers] can or will unlock our system.”

He added:

There’s no way of tracking the payment or even being able to confirm who we are paying the money to. Because of the way they requested payment, there’s no way of knowing if they are leaving other malware on our system to hold us for ransom again in the future.

Ultimately, we would still have to take all the steps we have taken to ensure a safe and secure environment. I’m confident we have taken the best course of action.

Mayor Young would ultimately be vindicated after other cities in the US were targeted by ransomware and chose to pay up. What resulted was a spate of attacks in 2019, culminating in two Florida cities paying $500,000 within a week of each other.

When a third city was attacked, it sparked a meeting of the United States Conference of Mayors.

No more ransom payments

The meeting of US mayors resulted in a unanimous agreement to stop paying ransom demands.

“Paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit,” the mayors wrote.

“The United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm,” they added.

The philosophy was put to the test weeks later, when New Orleans came under attack. However, city officials stuck to their word and enacted a disaster recovery plan to help mitigate the damage.

Soon afterwards, cyber criminals got the message, with attacks on US local government dwindling. But two years removed and we’re starting to see attacks on the rise again.

Local governments must create an incident response plan to ensure that they’re prepared for the possibility of an attack.

In the case of the City of Yonkers, the city confirmed that the virus was quarantined on the network, no ransom was paid and the Department of Homeland Security was notified.

Responding to ransomware

The most important thing to remember about ransomware is that the faster you can respond, you smoother your recovery will be.

Unfortunately, many organizations lack the resources to create and enact a response plans. That’s why IT Governance USA has developed its Cyber Security Incident Response Service.

Expert consultants will guide you through every step, from identifying the source of the breach and how to stem the damage to notifying the appropriate people and returning to business as usual.