California City Confirms It Was Hit by Bitcoin Ransomware Attack
According to its city manager, Steve Schwabauer, Lodi City, California, was hit by a ransomware attack earlier this year. Those behind it demanded a Bitcoin ransom of 75 BTC be paid for computer systems to be returned to normal.
Schwabauer confirmed that city staff received an email resembling an invoice. Contained within were files to encrypt computer systems relating to various city services.
City Manager Confirms Lodi Will Update Digital Security Following Bitcoin Ransomware
The Lodi City Manager has said that the issues that plagued the city’s computer systems in April and May of this year were caused by a Bitcoin ransomware attack. According to a report in cyber security publication Government Technology, the city’s phone lines and financial data systems were targeted.
Those behind the attack sent malicious software to city staff under the guise of an email that appeared to have an invoice attached. Once the worker clicked the attachment, the software spread through the city’s entire computer system. It encrypted files relating to the phone system meaning, amongst others, the non-emergency number for the Lodi Police Department, as well as the City Hall, finance division, and emergency outage line for Public Works telephone systems all went down.
Schwabauer has confirmed that the attack was indeed an attempt to extort payment in Bitcoin from the city:
“The ransom demanded 75 Bitcoins (approximately $400,000 at the time of the inquiry) be paid to restore our systems. We did not pay the ransom. Instead, we rebuilt our systems from our back-ups.”
With the help of cyber security experts, the city was able to confirm that no public information was compromised in the Bitcoin ransomware attack. Schwabauer claims that the late revelation of the ransomware attack was at the behest of legal counsel. He stated:
“We did not come forward with this information because we were following the advice of legal counsel. To say anything more would be a violation of attorney-client privilege.”
The city has now confirmed that workers discovered the malicious software on April 1. A first attempt to fix the issues caused appeared successful but the systems were later compromised a second time, this time impacting the Lodi Police Department’s network.
Schwabauer admits that such ransomware attacks were not high on his radar as city manager. However, the city has since requested an additional $500,000 to improve its defences against potential future Bitcoin ransomware attacks.
Ransomware attacks have been around since before Bitcoin. However, they have proliferated in recent years and more often than not, request some form of cryptocurrency as payment. Since public blockchain-based currencies do not rely on centralised institutions that could block transactions, some believe digital currency makes a good vehicle for moving funds associated with such online crimes. However, with ever-improving blockchain forensics, law enforcement is getting more adept at pursuing and recovering funds from such illicit activities.