Hackers Are Still Cheap at $45k per week

Lafayette, CO paid $45k in ransom in late July | Why do many organizations pay ransoms in 2020? | Learn how to protect your business from adding a hacker to payroll.

“We attempted to pursue any possible avenue to avoid having to pay the ransom.”
– Lafayette Mayor Jamie Harkins

Lafayette Mayor Jamie Harkins woke up to some of the worst news any leader can hear on July 27, 2020. The municipality had been hacked.

Phone service, emails, and online payment systems were all disrupted. Communications were severely limited. Thankfully the city’s 911 and emergency dispatch system were unaffected. That gave Harkins and network security personnel the time they needed to immediately sever all network connections with the affected area before the threat spread even further. This desperate tactic successfully contained the spread of malware before it could do even more damage. However, the city ultimately forked over $45k to meet the hacking agency’s ransom requirement.

While this might be shocking for many CO residents, network security professionals are unfazed by now. Dozens of cities paid ransoms like this in 2019, and the average cost of these attacks actually tends to be higher ($84,116 as of Dec, 2019). But most organizations do not know about this dangerous trend until it is too late.

We’ll help you to understand in this article why Harkins ultimately handed over the cash, as well as what you can do to protect your networks from the same catastrophe.

Why Lafayette Paid Ransom

Lafayette Mayor Jamie Harkins published a public announcement on Youtube describing the events of the hack and explain the reasons for paying the ransom: “Hi Lafayette, I’m Jamie Harkins, and I am here to bring you up to speed with an event that has disrupted city computing services…” At that time, the city suspected that the attackers had bypassed endpoint security with real authentication credentials stolen by a phishing attack or by brute force. Brute force refers to an automation tactic of iteratively attempting random passwords until one finally works. Phishing is a social engineering attack that gains authentication credentials by tricking an employee to divulge the information unknowingly. Phishing typically starts with an email containing a bad link. After they breached endpoint security, the hacker agency proceeded to encrypt the networks they could access. This allowed them to hold the network for ransom.

The municipality ultimately decided to pay the ransom after a cost-benefit analysis. Harkins: “After a thorough examination of the situation and cost scenarios, and considering the potential for lengthy inconvenient service outages for residents, we determined that obtaining the decryption tool far outweighed the cost and time to rebuild data and systems.” This also is unsurprising.

Unfortunately, most organizations do not consider business continuity, or the cost of rebuilding their systems until they need to be rebuilt. The agency that hacked Lafayette certainly obtained their own estimate during the discovery phase. That’s how they came up with the $45,000 figure, which is in all likelihood a significant discount on what they city would have paid had they decided to rebuild without the hackers’ help.

Businesses Should Learn from Lafayette, CO’s $45k Hack

Lafayette is a case-in-point for Murphy’s Law because: had the municipality prepared just a little, they could have substantially reduced the cost of rebuilding. They know how much it is worth now.

Do you know how much ransom you would be willing to pay if your organization suffered a similar attack? Have you conducted a business continuity and disaster recovery assessment?

“While there is no way to eliminate the risk of these types of attacks, the city is taking steps to improve our technology protocols by installing cryptosafe backups, deploying additional cybersecurity devices, and implementing regular vulnerability assessments to prevent future data threats.”

It was too late for Lafayette, but it isn’t too late for most Colorado businesses. That is why it is absolutely critical that we spread the word about ransomware. The more organizations pay, the stronger these hacker organizations grow. We need to stop them from taking advantage of our network vulnerabilities before they get an even bigger pay raise.

If you would like to learn more about business continuity or the recent spike in ransomware payments, please email david@platteriver.com.