For three weeks, Riviera Beach, a city of 35,000 people in Florida, had its computer systems held hostage. On Monday, the city council voted unanimously to pay $600,000 in bitcoin to the hackers who caused the problem.
After a city employee clicked on a malicious link in an email,quickly spread throughout Riviera Beach's computer network, locking it down unless the city paid a 65 bitcoin ransom.
Email wouldn't work, 911 calls couldn't enter into computer records, and systems that controlled the water utility were offline, according to the Palm Beach Post. The city council first tried resolving the issue by paying $941,000 for new computers, but now it's decided to pay the ransom.
The payment will come from the city's insurer, though it's still unclear if the hackers will decrypt the locked files afterward. US law enforcement agencies often recommend that ransomware victims don't pay hackers, pointing out that there's no guarantee hackers will comply and that payments encourage cybercriminals to strike again.
The city council didn't immediately respond to a request for comment.
City governments that don't pay after ransomware attacks can end up with costs higher than what the hackers initially demanded. After Atlanta suffered a ransomware attack in March 2018, the hackers demanded $51,000 in bitcoin. The city refused to pay, and that cost it an estimated $17 million in damages.
Analysts at Forrester Research have said that paying ransomware is a "valid recovery option" for businesses that can't get their files back. Malwarebytes, a cybersecurity company, said in an April report that ransomware attempts on businesses jumped by 500% in the last year.
At least 170 state and local governments in the US have suffered ransomware attacks since the first one in 2013, Recorded Future said in a May report.
In November, the Justice Department announced charges against Iranian hackers for an incident that hit more than 200 city governments and hospitals with ransomware, causing more than $30 million in damages.
City governments are prime targets for ransomware attacks because government agencies provide critical services that can't afford the digital lockouts. Nearly 73 percent of public agencies have experienced issues with ransomware attacks, according to a 2019 report from Mimecast.
Originally published at 7:35 a.m. PT.
Update, 8:47 a.m.: Added that the city council didn't immediately respond to a request for comment.