When ransomware attackers targeted the city of New Bedford, Massachusetts, two months ago demanding $5.3 million in Bitcoin, they must have felt very confident when turning down a counter-offer of $400,000 that the city presented. That feeling probably turned to regret soon thereafter as it has now emerged that the U.S. city did not bid up.
According to Mayor Jon Mitchel, instead of offering more, the city decided to turn to its own devices to recover the data and restore the network after the counter-offer was outrightly rejected and no counter-demand made, per the South Coast Today:
Without a counter-offer, the City faced the prospect of negotiating against itself, a course I would not entertain, even if using insurance proceeds.
According to the Providence Journal, New Bedford has a $1 million cybersecurity policy with AIG.
According to Mitchell, the ransomware was a variant of the RYUK virus. The attack occurred early on July 5th prior to the start of the working day. Mitchell disclosed that 4% of New Bedford’s desktop and laptop computers, 158 to be precise, were affected.
The spread of the virus was contained by the quick actions of the city’s IT staff who ‘disconnected the city’s computer servers and shut down systems’.
Additionally, the spread of the ransomware was limited by the fact that most computers had been turned off due to the Fourth of July holiday which had been observed the day prior. Service delivery to residents remained unaffected, however.
According to cybersecurity firm Coverware, the Ryuk variant of ransomware is one of the most lucrative with the Bitcoin ransom being typically above the average in the marketplace. This has been attributed to the fact that it targets mid-large size organizations that have the capacity to pay rather than attacking individuals or small enterprises.
By not paying the Bitcoin ransom, New Bedford seems to have made the right decision though as the decryptor tool offered by Ryuk ransomware attackers has a low data-recovery success rate, per Coverware.
Per the cybersecurity firm, Ryuk ransomware’s decryptor tool is labor-intensive and takes longer to recover relative to other ransomware.