Valdez City, Alaska, the Newest Victim of Ransomware
The massive change of malware trends happened last year when WannaCry of 2017 figuratively took the IT world to a terrible storm. The world has changed forever, as virus authors realize that there is money to be made from their creation, through ransom payments from their poor victims. This trend remains the same, albeit to a lesser degree. The latest victim which admitted of paying the virus authors the ransom for their files to get decrypted is Valdez City in the state of Alaska, United States.
The culprit, one of WannaCry’s successors, Hermes ransomware, which allegedly has links with the North Korean regime. The price of the ransom? A whopping $26,623.97, but a minuscule amount compared to the 2017 earnings of Wannacry which was estimated to have reached $4 billion.
“Valdez Police Department reached out through our law enforcement channels for assistance with addressing the ransom demand. Based on recommendations from several cyber-crimes specialists, the City engaged a specialty cyber-incident response and digital forensics firm based out of Virginia. We reached out to them (the third-party security company,) and through the dark web, anonymously, they reached out to the cyber attackers, so these people had no idea who we were. The firm anonymously contacted the attackers on the City’s behalf to investigate and possibly negotiate ransom terms. And they said ‘We understand you’ve seized my client’s system. What is it you’re looking for? And they (the attackers) came back with ‘Are you a hospital? Are you a bank? What are you?’ Trying to decide what they wanted to charge us for ransom” explained Bart Hinkle, Valdez City’s Chief of Police.
Due to lack of credible backup system, which could have saved the city tens of thousands of dollars for the ransom payment, the City’s action was to contact a 3rd party contractor with the sole purpose of contacting the virus authors of Hermes to “renegotiate” the ransom payment. At the end of the negotiation, the perpetrators agreed for Valdez City to settle for the decryption key to the tune of just four Bitcoins, which equaled to $26,623.97 at the time.
This is a huge discount, as the decryption key was able to restore the files in order for the city’s 170 workstation computers and 27 servers. The ransomware authors usually settle for one bitcoin per encrypted computer, though embarrassed this is the next best thing the city administration can do to restore order and normal operations of their offices.
“And so that particular day they requested — if you want your information back, four bitcoin. Our police officers and our police chief were very concerned — they had lost 15 years worth of data. And we have a lot of information — that court cases are coming up — put our police department in jeopardy of not being able to supply the information. After consultation with the City legal team, our insurance carriers, and careful consideration of the best interests of the City, I authorized the third-party firm to negotiate and pay up to the amount of the ransom demand,” emphasized Elke Doom, City Manager for Cyber Incident of Valdez City.
With this episode, the city officials have made a carefully studied plan that 2019 will be a major renovation of their IT infrastructure. There is still no assurance that the encryption will never recur for the short to medium term, and security can only be guaranteed with the total renovation, upgrade and replacement of poor quality systems. “Using lessons learned from this incident, the new system will meet or exceed current industry standards, with more robust security protections and additional efficiencies to better serve our citizens,” clarified Matt Osburn, Valdez City’s IT Director.