A second Florida city is reportedly giving in to the hackers behind a ransomware attack, offering them $500,000 to free its computers.
On Monday, Lake City authorized its insurer to send the hackers 42 bitcoins, according to The Gainesville Sun. The city itself will only pay a $10,000 deductible on its insurance policy, while the Florida League of Cities will pay the actual ransom fee.
The ransomware attack occurred on June 10, disrupting IT systems across the city, including email and landline phones. How the hackers struck isn't entirely clear. But the ransomware program combined "three different methods of attack to target network systems," according to a city statement.
Ransomware works by encrypting data, and then holding it hostage until the victim pays up. The more dangerous strains will also attempt to spread to other computers on the same network.
City officials initially said they were on the way to restoring municipal systems. "Data recovery efforts have so far been successful," the city police department said two days after the attack.
However, local media reports say Lake City encountered troubles disinfecting many of the systems hit in the attack. The hackers then sent the city a ransom request for 42 bitcoins in exchange for a decryption key to free the computers.
"If this process works, it would save the city substantially in both time and money," city manager Joe Helfenberger reportedly said.
Lake City officials did not immediately respond to a request for comment. It remains unclear if the city has successfully recovered the encrypted data.
Last week, another Florida city, Riviera Beach, voted to let its insurer pay 65 bitcoins to the hackers behind a ransomware attack that infected municipal computers. The FBI and IT security firms generally advise against paying ransomware hackers. Doing so can keep the hackers well funded and incentivize them to strike again. There's also no guarantee victims will get their data back.
To guard against ransomware attacks, security experts advise businesses and city governments to routinely backup any critical data and patch vulnerabilities in their IT systems.