Ryuk authors infected US city's network and required $5.3 million for affected files, got nothing instead

Hackers infected the computer network of the New Bedford city in Massachusetts with ransomware and asked the enormous $5.3 million for data recovery.[1] After negotiating, hackers rejected their offer of $400K and got nothing from the city officials since they chose to recover their files from backups.

The initial Ryuk ransomware attack took place back in July, when as many as 158 computers got disabled due to the infection.[2] The virus encrypted files placed on city's servers and blocked access to all their information. The damage was prevented when most of the city's systems were turned off. The damage estimated by the officials: 4% of all the computers used in the city.

At first, it was unknown which cryptovirus got access to the network, but recently Mayor Jon Mitchell held a press conference and detailed that Ryuk virus was the one to blame. Mitchell was eager to negotiate with the attacker at first, but the city was forced to think if it is worth to put the effort. They decided to go straight to restoring computers without hackers' decryption tool.[3]

Instead of paying the ransom, the city opted to recover data by using backups

The IT team of New Bedford we quick to disconnect affected computers from the system at first. Then, after they stopped the infection entirely, they tried to reach attackers through the email address to receive the ransom demand. The city officials offered a payment of $400K for the extortionists, but they refused to get anything less than $5.3 million.

The amount offered by the New Bedford city resembles amounts that other cities have paid for hackers in the past.[4] However, it is known that the biggest ransom which has even been paid is $1 million.

As Mayor Mitchell said, the insurance companies have paid hundreds of thousands for helping cities with the data recovery so far as it is always easier to make the ransom payment and get keys than restore data on your own.

We will rely on the advice of our experts to guide us, but we must remain constantly vigilant and willing to devote the resources necessary to protect our system from a much more debilitating attack than the one we just experienced. I am committed to making sure our City does just that.

Ryuk is the most popular, still active ransom-demanding threat

According to various analysis and statistics, Ryuk is one of the most prevalent viruses in the world. Over the past year, ransomware attacks on everyday users have clearly decreased and increased at least by 300% in a business environment. That was especially obvious when GandCrab creators announced about their retirement and left Ryuk the main cryptovirus for businesses.[5]

The decision to restore from backups, that New Bedford officials made, was the easier one. The low number of infected systems and the fact that systems haven't been impacted by the ransomware made officials less eager to pay the huge amount. Unfortunately, other municipalities needed to take serious measures when cities got paralyzed due to attackers and they were left with no data.[6]