Attackers Demand $5.3 Million in Ransom, New Bedford Makes Counteroffer for $400,000

Attackers Demand $5.3 Million in Ransom, New Bedford Makes Counteroffer for $400,000

  • A group of hackers breached the IT network of New Bedford, Massachusetts in July and demanded a ransom of $5.3 million.
  • The details of this attack were revealed on September 4 by the New Bedford Mayor Jon Mitchell.

After executing the attack that disabled many city computers in New Bedford, the hacker group behind the incident demanded a ransom of $5.3 million. This ransom was demanded in exchange for the decryption key to unlock files encrypted by this cyber attack.

What happened?

  • On the night between July 4 and July 5, a group of hackers infiltrated into New Bedford’s IT network and introduced a type of ransomware called Ryuk. The Ryuk is known to be used for financial extortion purposes.
  • This ransomware encrypted data stored on 158 systems, blocking city officials from accessing them. Since the attack happened at night, a lot of city systems were turned off, and the ransomware didn’t infect the entire network.
  • The attack was recognized by the city’s IT staff the next morning, and infected systems were immediately disconnected. The city then reached out to the hacker group who demanded a ransom payment in Bitcoin equal to $5.3 million in exchange for the decryption key.

The nature of this attack was kept undisclosed till September 4, when mayor Mitchell spoke about it in a press conference. The attack was previously blamed on an unspecified virus.

How did the city respond?

The city didn’t pay because of a lack of funds. If New Bedford had paid this ransom, it would have gone down in history as the largest ransomware payment made to date. The city made a counteroffer of $400,000, a value which was approximately what other municipalities paid as ransoms recently. The attackers declined the offer and the city decided to restore its data from back-ups.

New Bedford’s MIS department has rebuilt the server network completely, restored applications, and replaced affected workstations. The city’s insurance company has made the monetary contribution necessary for the recovery process.