Hacking Attack: Investigation Continues

A computer workstation in the Village of Key Biscayne, June 27, 2019. The image’s background is intentionally out of focus. (Key News/Tony Winton)

Law enforcement is continuing to investigate the hacking of Village of Key Biscayne computer systems that impaired some operations for several days last week. Village Manager Andrea Agha reported that systems were largely restored by last Thursday night. 

Agha said Monday that computer experts are trying to determine whether any personal information stored in Village computers was put at risk because of the intrusion. 

“We will immediately initiate disclosure” if a forensic team determines that personal information was put at risk, Agha said. Florida law requires that governments and other entities give notification in cases where personal information is accessed. 

Last week, Agha said officials could not retrieve some data, but said Monday that she “had no reason to believe” that the Village currently lacked access to information. She declined to say when officials regained access.  The attack caused temporary loss of email for the Police Department and disrupted permitting and other record keeping functions, officials said. For a while, the clerk’s office was posting neatly-lettered handwritten notices on the official bulletin board.

The Village Council, meeting in special session Thursday, authorized Agha to contract with computer security firms to respond to the hacking “event,” as the resolution described it, within the boundaries of the insurance policy. 

A handwritten notice of a special meeting of the Key Biscayne Village Council is posted on the official bulletin board as municipal computer systems were impaired by hackers, June 27, 2019. Some Village functions operated via paper during the outage.(Key News/Tony Winton)

Key Biscayne is not the only Florida city recently hit by hackers. Both Riviera Beach and Lake City were hit with what are known as “ransomware” attacks, where criminals lock up data. Agha declined Monday to either confirm or deny whether a ransomware attack had taken place, saying that the case was under criminal investigation.

In Lake City, a community of about 13,000 residents some 60 miles west of Jacksonville, the city paid about $460,000 in bitcoin to recover data and computer operations.

Joseph Helfenberg, city manager of Lake City, said paying the ransom was the cheapest option available since the city is paying a $10,000 deductible, and the rest is being covered by its insurer.

“We had a lot of attempts to recover the data that were unsuccessful,” Helfenberg said Wednesday.

Lake City was targeted by a malware attack known as “Triple Threat” June 10 rendering many network systems and telephones inoperable. Public safety departments were largely spared, but the attack made email systems unusable and affected the city’s utilities, customer service, clerk’s office and administrative departments, said Helfenberg, who said investigators are in the process of determining how the attack happened.

In Riviera Beach, which has 35,000 residents, the hackers apparently got into the city’s system when an employee clicked on an email link that allowed them to upload malware. Riviera Beach agreed to pay $600,000 in ransom.

Numerous governments and businesses have been hit in the U.S. and worldwide in recent years. Baltimore refused to pay hackers $76,000 after an attack last month. The U.S. government indicted two Iranians last year for allegedly unleashing more than 200 ransomware attacks, including against the cities of Atlanta and Newark, New Jersey. The men, who have not been arrested, received more than $6 million in payments and caused $30 million in damage to computer systems, federal prosecutors have said.

The FBI says 1,493 ransomware attacks were reported last year with victims paying $3.6 million to hackers — about $2,400 per attack. Some of those were against individuals.

Michigan State criminal justice professor Tom Holy said the recent attacks underscore the need for governments and businesses to spend money on backup systems and security protocols. If a city has been backing up its data, it’s probably not worth paying a ransom, but if they haven’t, “paying might be the cheapest option,” Holt said.

“Which is really awful, but that’s the point we may be at,” Holt said. “This ransomware threat is not going to go away anytime soon.”

 

Associated Press reporter Press Mike Schneider contributed to this story. 

This story was updated with information from the Village manager.