A successful attack on a government system will have ripple effects beyond the organization itself. Because governments manage sensitive information and critical infrastructure, outages could have national security implications, damage the local economy, and harm the general public more broadly...

While governments are not the top target, nor does the U.S. top the list of affected countries, according to Cyber Edge, the threat still poses a huge and unique challenge, particularly for resource-strapped local governments. A successful attack on a government system will have ripple effects beyond the organization itself. Because governments manage sensitive information and critical infrastructure, outages could have national security implications, damage the local economy, and harm the general public more broadly.

Chloe Demrovsky, Forbes, August 27, 2019

The small city of Riviera Beach, Florida, has agreed to pay attackers over $600,000 three weeks after its systems were crippled by ransomware.

The city council has authorised its insurance company to pay 65 bitcoins to the cybercriminals who infected their system on 29 May 2019.

The Palm Beach Post reported that an employee in the City Police Department infected machines across its network by opening an email.

The attack on the city, a suburb of West Palm Beach with a population of 35,000, took all its operations offline. Email went down and officials had to resort to hand-printed cheques to pay employees. 911 dispatchers were also unable to enter calls into computer systems, said reports.

On 5 June 2019 the City posted a terse online notice reporting a ‘data security event’. No further updates appeared on its website or Twitter account.

Councillors had already authorized $941,000 to pay for 310 new desktop computers and 90 laptops after the attack, expediting an already overdue refresh of old equipment.

In paying the ransom, the council is relying on advice from external security consultants, said spokesperson Rose Anne Brown, adding that there was no guarantee the files would be restored.

Waiting to make the payment has cost Riviera Beach even more money. On 30 May 2019, the day after the infection, the ransom equated to $540,765 at Bitcoin’s closing price (via CoinMarketCap). As of yesterday, 20 June 2019, it amounted to $619,265. Bitcoin’s volatility can make an already tense situation even more problematic for victims.

Danny Bradbury, Naked Security, June 21, 2019

The Jackson County government paid online criminals about $400,000 this week following a cyber attack that crippled the county’s computer system.

County officials are in the process of decrypting computers and servers a week after the first signs of an attack, said Jackson County Manager Kevin Poe on Friday.

The FBI is investigating the ransomware scheme. Ransomware refers to hackers who lock victims out of their computers and other internet-accessible devices and then demand a ransom in return for restored access, according to digital security software provider Avast.

“They demanded ransom,” Poe said. “We had to make a determination on whether to pay. We could have literally been down months and months and spent as much or more money trying to get our system rebuilt..."

“In dealing with the FBI and cyber security experts, this is one of the most sophisticated attacks they have ever seen in the U.S.,” Poe said.

The county’s computer system went down sometime late March 1 or early the following day, he said.

“They’ve been in our system I guess a couple of weeks,” Poe said. “They really plotted their attacks before they hit us. They totally crippled us.”

The investigators haven’t determined yet how they gained access into the computer system, but the FBI indicated the responsible group could be in eastern Europe, he said.

Wayne Ford, Athens Banner-Herald, March 8, 2019

Almost half a million dollars was diverted out of the city of Tallahassee’s employee payroll Wednesday after a suspected foreign cyber-attack of its human resources management application.

Hackers attempt every day to breach the city’s security, officials say, but this week's operation netted about $498,000.

The employees have all been paid, said city spokeswoman Alison Faris, and officials are working to determine the hack’s origins.

“Early indication is that it was possibly initiated outside of the U.S.,” Faris said in an email.

The out-of-state, third-party vendor that hosts the city's payroll services was hacked and as a result the direct deposit paychecks were redirected. Employees throughout the city’s workforce were affected.

The city is working with its bank to recover the money and already has recouped 25 percent of the missing funds. It is also in touch with its insurance company and law enforcement to pursue criminal charges.

Officials learned of the security breach when the city's bank contacted them and employees awoke to notice they had not been paid. This is the second time in a month the city's online security has been compromised.

Last month, a Dropbox link was sent out from the email account of City Manager Reese Goad. The phishing email, which originated externally, contained a virus. It is unclear how many people the email went to, but there does not appear to be any lingering impacts, officials said.

Faris said the two attacks do not appear to be related, but IT professionals say phishing attempts can often garner passwords and other data that give hackers the tools to strike.

“Usually the way they get in is through email," said Blake Dowling, president of technical support and cyber security company Aegis Business Technologies. “Those happen all the time. If you’re not trained to be on the lookout for something, about how that may look or feel or the implications, it can bring your city to a crawl.”

Karl Etters, Tallahassee Democrate, April 5, 2019

AUSTIN, Texas (CN) – A ransomware cyberattack took down the systems of 23 local governments in Texas, state officials said over the weekend.

The Texas Department of Information Resources said the attack came Friday morning, with most of the targets being “small local” governments it did not identify. It said no statewide systems or networks were affected.

The hackers apparently broke into the city’s system when an employee clicked on an email link that allowed them to upload malware. The city also suffered a disabled email system; employees and vendors had to be paid by check rather than direct deposit, and 911 dispatchers were unable to enter calls into the computer. The city denied there was any delay in emergency services’ response times.

David Lee, Courthouse News, August 19, 2019

Officials in Sammamish, Washington, are conducting city business with pens and paper after a ransomware attack prompted them to take their municipal computer systems offline.

The city of about 65,000 residents just east of Seattle discovered Wednesday that some of its data had been encrypted by an unknown source. Larry Patterson, Sammamish’s interim city manager, declared an emergency and began shutting down services. City officials now say they are working with a security consulting firm to uncover details of the cyberattack.

The city has stopped processing passports, pet licenses and permits, and also took its map services offline. Many of the city’s shared storage drives are inaccessible, city spokeswoman Sharon Given told StateScoop. The city also cancelled its credit cards as a precaution.

The city’s 311 service, provided through third-party website SeeClickFix, is still working. The city says its police, fire, 911 and other emergency services have not been affected.

“We’re continuing the work of the city the old fashioned way with paper and pens and phone calls and talking to people in person,” Given said.

Colin Wood, Statescoop.com, January 25, 2019

City officials, rather than pay off the apparent creator of malicious software that froze up the city's computer network and forced Augusta City Center to close April 18, instead pulled the plug and rebuilt its network from backup data.

AUGUSTA — The apparent, and still unknown, source of a cyberattack that shut down the city’s computer network and forced the closure of Augusta City Center for two days sought a ransom payment of more than $100,000 to unlock the frozen system.

Instead of paying the ransom, city officials — who as soon as they knew an attack was underway, literally pulled wires from devices as fast as they could to prevent the malicious software from spreading further through the system — decided they had the necessary data backed up, erased the city’s servers and set about restoring them.

City Manager William Bridgeo told city councilors Thursday that the attack was ransomware — software from a creator who seeks to get them to pay up to have it removed from their systems — and included an offer to unlock the system if Augusta paid a ransom “in the six figures.”

“We did not pay the ransom,” Bridgeo said. “If the ransom was $250,000, I was committed to paying $500,000 to fighting it.”

Fred Kahl, director of information technology, said if the city paid the ransom it may not have even fixed the problem.

“You’ve got to remember you’re dealing with criminals, so if you pay the ransom, there’s no guarantee you’re going anywhere with that,” he said. “I was warned when this type of thing started they were pretty good about unlocking, but that’s no longer the case. They’ll just take your money and say bye.”

Keith Edwards, Kennebec Journal, April 28-29, 2019

CLEVELAND — In a news conference Monday, city and airport officials confirmed ransomware infected portions of Cleveland Hopkins International Airport's baggage and flight screens and its email system.

For nearly a week, the screens at the airport went dark and the email systems were down. During the period of time technical issues affected the airport, city officials downplayed the malfunctions early on, saying Monday in a statement, “Cleveland Hopkins International Airport is experiencing technical issues which are impacting a small number of systems. Email is temporarily down as well as in-airport flight and baggage information screens. All other systems are functioning as normal and there are no impacts to flights or safety and security operations.”

It wasn't until Friday that city officials confirmed malware infected the airport's computer system, while still sticking by the fact that they were "not hacked and no ransom demands were made..."

“There were no safety issues at the airport. The FBI was notified on Sunday about the incident and our office provided some guidance to the staff and how to deal with it,” Smith said. “We have a dedicated team of cyber experts that is familiar with the malware affected in the Hopkins system.”

"We confirmed ransomware is on this system," Smith said.

Kaylyn Hlavaty, News5Cleveland, April 29, 2019