When Dave Richards learned cyber hackers had locked down 23 of his municipal servers in West Haven, Connecticut on October 16, he quickly notified his bosses in the mayor’s office and took the usual steps of calling in state and local police and the Department of Homeland Security.
The criminals, who were operating from overseas, were demanding a ransom to restore the city’s access to what the city deemed “critical” networks. Richards, the city’s information technology manager, along with Mayor Nancy Rossi, and local police IT experts, agreed that the best course of action was to pay the hackers a $2,000 ransom in bitcoin to unlock the servers.
Three weeks later, Richards is still cleaning up the malware mess. “We’ve got the FBI and the DHS in here still finding things,” he said. “It’s an ongoing investigation. We’re still rebuilding.”
Security experts and law enforcement agencies have a rule when ransomware hackers try to extort money from companies, municipalities, utilities, hospitals, or individuals: Don’t pay.