June Monthly Review: Ransomware Attacks Cripple Governments and Businesses

During the month of June 2019, business and governmental entities were quite busy fixing issues caused by ransomware attacks. However, it seems that hackers do not particularly care about who they are targeting. Even non-profit entities are under the cyber siege. We present noticeable ransomware incidents from around the globe.

Riviera Beach Florida to Pay $600,000 Ransom to Hackers

In real life, good guys do not always win. Unfortunately, in cybersecurity space, we see it far too often. It rings true even more so when powerful ransomware programs find their way within computer networks. Riviera Beach, a Florida city, recently found out just how devastating cybercrime can really be.

On May 29th, Riviera Beach’s computer system experienced a lockdown due to the ransomware virus spreading within the network. According to the local news, one of the employees opened up a link from a phishing email. Consequences were severe, with many services shutting down almost immediately, including online support, payments, and email.

Five days later, city management decided to purchase new hardware equipment, totalling $900,000 in overall costs. In the meantime, on June 5th, IT staff managed to bring back the city’s website. Shortly after, the local government made the first public announcement regarding the ransomware attack. Since then, it seems that authorities could not kick-start all services in a timely fashion. Moreover, large datasets remained locked.

With systems basically crippled, Riviera Beach authorities had very few choices in front of them. On June 20th, Riviera Beach city made a decision to pay hackers 65 Bitcoins, worth $600,000 to receive decryption code. Council members stated that a larger part of the ransom will be covered by the insurance. Additionally, CBS12 uncovered that the council decided to hire a crisis manager to smooth operations over.

Investigations are already digging through the available files. It is not known whether hackers provided the code. However, it is safe to say that the city’s cyber defences were subpar, allowing the spread of ransomware.

Riviera Beach not the Only Florida City Suffering from Ransomware

Apart from Riviera Beach town, there are other Florida municipalities that suffered a ransomware attack. The timeframe is very similar to Riviera Beach’s, with only a week being the difference between them. The first victim was Lake City, failing to stop the ransomware attack at the beginning of June. Hackers demanded 42 bitcoins as a ransom, worth $490,000.

Fast-forward to the end of June, the city’s management decided to pay a ransom, joining Riviera Beach in terms of victims that succumbed to cybercriminals’ demands. Lake City’s Mayor Stephen Witt stated that this was one of the hardest decisions for the city’s management to take. “I would’ve never dreamed this could’ve happened, especially in a small town like this,” he said.

The city manager of Lake City, Joe Helfenbergm confirmed to the local news that the town’s IT department will go through complete restructuring. As a result, one employee was fired for the time being. Following the ransomware attack, phone, email, and utility systems were out of function. Thus, the city hopes that paying the ransom will ease up processes.

Another ransomware attack saw Florida town Key Biscayne joining ranks with Riviera Beach and Lake City. City manager Andrea Agha stated that authorities are in the midst of investigations. So far, it is unknown which services are compromised and whether hackers left ransom demands. Investigations suggest that Ryuk virus is responsible for both Key Biscayne and Lake City attacks.

Paying Hackers might be the Only Option – Case of Red Mosquito

Each cybersecurity firm has its own strategy on how to approach ransomware and hackers’ demands. According to the ProPublica’s recent findings, UK-based cybersecurity company called Red Mosquito paid hackers. Researcher Fabian Wosar claimed within the publication that the company actively negotiated with cybercriminals.

Dubbed as a “one-stop data recovery and consultancy service,” Red Mosquito firm took the measure after it tried to unlock files manually. Once data decryption failed, staff members negotiated a $900 price tag with cybercriminals. $900. Take it or kiss data bye-bye,” hacker wrote. “We don’t run charity here.” Red Mosquito is not the first that succumbed to the hacker’s demands. Companies like Proven Data and MonsterCloud also provided ransom payments in the past.

Lessons Learnt: Baltimore Counts Financial Casualties in the Ransomware Attack Aftermath

Baltimore ransomware incident received a lot of attention since its start. Server’s downtime and issues that came along with it still plague city’s authorities. The ransomware Robinhood is responsible for the digital chaos that erupted, closing down even the real estate market. A month later, Baltimore is still struggling to improve town’s operations.

Local authorities refused to pay 13 Bitcoins as a ransom, choosing to gradually open up servers and restore services. However, that is not to say that the attack did not have a huge impact. According to Baltimore’s Mayor Bernard Young, the overall damages revolve around $18 million in costs. New equipment, lots of working hours for IT specialists, and lost revenues count as casualties.

The local government was heavily criticised for the lack of real online protection. The criticism intensified since experts established that ransomware did not have “Eternal Blue” exploit, developed by U.S. National Security Agency (NSA) as believed earlier. Regarding hackers, a Twitter profile called “Robbinhood” is one of the accounts that cybercriminals used to taunt Baltimore representatives. Culprits tried to extort money to no avail and the account was eventually closed.

Ransomware Hits Georgia Courts

Ryuk ransomware is quite a popular tool that hackers use when attacking US entities. Without proper defences, the virus quickly spreads around the system, locking files on the go. Georgia court learnt the hard way that cyber safety is quite important. Georgia Administrative Office of the Courts reported that the entire network went offline, forcing employees to work manually. According to the state court representative, management discovered the issue on Saturday morning.

Citizens that are used to filing court documents on the website are now forced to do so in a physical office. Atlanta agency added that several systems are in jeopardy and that hackers demanded ransom in exchange for a decryption code. Representatives did not share the demands’ overall value so far.

Even Non-Profits are in Danger from Ransomware

Non-profit organisations face much the same threat from ransomware as companies and governmental agencies. Brockton’s homeless shelter called Father Bill’s and MainSpring recently announced that ransomware penetrated their defences. The organisation declared that no personal data was stolen during the process. According to the president & CEO John Yazwinski, the virus was “detected and blocked in less than 30 seconds.” Disabling data centres and network proved to be a good choice.

However, Washington’s food charity, Auburn Food Bank, did not have such luck. Entity faced a ransomware virus that locked out its complete computer network on June 5th. Hackers then demanded a ransom payment from the food bank, which management refused. The overall damage estimates revolve around $8,000 since equipment needs complete replacement.

Popular YouTube MP3 Converter Filled with Ransomware

It should surprise anyone that hackers are constantly trying to find new ways to sneak ransomware into victims’ computers. Namely, ZDNet indicated that a popular YouTube MP3 conversion platform has its website’s servers contaminated with ransomware virus. Although not naming the exact platform, the process itself is quite interesting.

According to the source, hackers found a way to imbue malicious codes and links into the website’s source. Then, the said code would be carried out by reputable advertising companies, unaware of their assistance for the cybercriminals. Victims would not know that clicking ads and links from reputable sources would lead towards their computer’s deadlock. Apparently,  GreenFlash exploit kit and Seon ransomware are the main tools hackers used to penetrate YouTube MP3 conversion users’ defences.

UK Police Suffers a Setback following the Eurofins Ransomware Attack

Ransomware attacks can have far-reaching consequences, especially for organisations that deal with sensitive information. A renowned testing services platform Eurofins suffered a devastating ransomware attack that crippled its network. Now, the company faces massive revenue losses since its biggest customer is the UK police. Services that Eurofins provides to the law enforcement include DNA analysis, toxicology, and ballistics and computer forensics.

Following the attack, the Guardian uncovered that UK police representatives withdrew their service requests and are actively seeking alternative routes. Eurofins supplied 50 per cent of forensic needs. A loss of such work scope will definitely impact the company’s financial reports. Eurofins management stated that, although ransomware has quite an impact, there is no loss of sensitive data.

MSP Companies Targeted by Ransomware Criminals

Ransomware virus does not recognise nor does it differentiate types of entities it attacks. Apart from governmental agencies and non-profit entities, managed service provider (MSP) companies are on the target list as well. Reported in Reddit, it seems that at least three MSPs were hit by a ransomware attack in June 2019. The virus in question is supposedly sodinokibi ransomware, carried through a Kaseya RMM tool.

Using Remote Desktop Endpoints, hackers gained significant privileges within penetrated systems. They used it to manually uninstall anti-virus software programs, allowing them to freely roam the network. Huntress Company CEO Kyle Hanslovan has confirmed the incident and that three companies are now facing difficulties in serving their customers. So far, information regarding hackers’ ransom demands or data loss is not known.

GandCrab Ransomware Owner Done with “Business”

Ransomware serves as an illicit tool for hackers to gain access to revenues unfairly. Thus, if the said tools stop bringing in the profits or victims create countermeasures that render it useless, criminals would abandon it quickly. Such is the case with GandCrab ransomware where hackers announced their “retirement.”

However, research shows that anti-ransomware programs are responsible for the hacker’s early exit. A decryption tool made by Romanian Police, Europol, and Bitdefender recovers data encrypted by the ransomware. Moreover, it is free-to-use software, developed with the aim to protect individuals from GandCrab hackers.

Although a success story, a painful fact remains – cybercriminals made a lot of money through the GandCrab ransomware. According to some sources, the number goes as high as $150 million. Currently, it is hard to verify the value, as hackers themselves are not one of the most trustful sources. Yet, it does serve as a warning sign that law enforcement agencies have a long way to go in order to bring hackers to justice.

Airplane Parts Manufacturer Stops Production due to a Ransomware Attack

Although paid vacation might sound like a great idea to many, if it occurs as a result of a ransomware attack, it stops being amusing. In June 2019, about thousand employees were sent home after the ransomware took airplane parts manufacturer’s system hostage. The affected company ASCO reported that all four plants were shut down, including factories in Belgium, Germany, the US, and Canada.

Interestingly, offices in France and Brazil that do not deal with production remain relatively unaffected. Adding more fuel to the fire, ASCO is considered as one of the most vitally important supply chain partners by large aircraft organisations. These include US military and Boeing entities, which might explain why ASCO provided very scarce details regarding the attack. It is unknown whether hackers demanded ransom payments and how is management dealing with the situation.

DanaBot now Uses Ransomware as well

Cybercriminals have an abundance of available tools to hack systems and extern money or personal details from their victims. Recent research by Checkpoint, it seems that ransomware is becoming more popular as one of the means. Analysts Yaroslav Harakhavik  and Aliaksandr Chailytko stated that DanaBot trojan is now a regular part of the criminal DanaBot’s “portfolio.”

The trojan uses the programming language Delphi, providing .exe file within a phishing email. First victims originated from Australia and Canada but now even European entities are on the radar.


Lackluster cyber defences can lead to a large data set and revenue losses for businesses if ransomware finds its way into the network. Cloud backup of files can go a long way in protecting assets from criminals that do not exactly care who you are. Employ the right risk management strategy by moving files outside of the system. BOBcloud platform offers such services, readily available for businesses and governmental agencies.

Leave a Reply

Your email address will not be published. Required fields are marked *

The Old Sorting Office, Corsham, Wiltshire SN13 9AA
Tel: 0800 907 8238 https://www.bobcloud.net/wp-content/themes/bobcloud/images/logo.png