Colorado city attacked by unknown ransomware actors, pays ransom

City of Lafayette paid ransom to criminals after it failed to restore data from backups

Colorado city Lafayette pays $45,000 ransom after failing to restore files from backups

Colorado city Lafayette, USA, has recently paid a ransom of 45,000 USD to a cybercriminal gang that has successfully encrypted important data.^[1] Cybersecurity experts call the city very lucky because the ransom was so low and could not cause significant financial losses for the city's budget. However, on the other hand, this could be a new strategy for ransomware attackers. A lower ransom is easier to pay, not so painful for the payer, and takes much less effort for the criminals to get it.

It is not yet clear which of the ransomware actors have conducted the attack. So far, no one has officially taken the credit but is suspected to be one of the new gangs. The infamous ones like Maze, Lockbit, or REvil are not ashamed to ask for hundreds of thousands or even millions^[2] to pay for the encrypted data.

City agreed to pay due to a low ransom demand

The city of Lafayette has announced they have been under a ransomware attack on the 27th of July. The ransomware virus has disrupted their phone services, emails, and even online payment systems. They were not able to recover their files from the backups and have agreed to pay the requested amount. In the meantime, all the emergency services were forwarded to the 911 of alternative numbers.

The giant companies that are getting under such attacks act differently. Some of them are paying the ransoms, and some decide to ignore the requests and face the consequences. Recently we have seen LG being attacked by ransomware,^[3] and the decision was to not pay the ransom because the stolen data had no big impact on the companies clients. However,

Lafayette city has decided not to take the risk and avoid the expenses for recovering the files thought third party companies. They have decided the easiest way is to pay and continue their usual work. The spokesman of the city Debbie Wilmot said:

“You’re never going to be in a place where you can eliminate 100% of the risk”

Lafayette ransomware attack served as a good lesson to other small towns

In the wake of a ransomware attack, the City of Lafayette is increasing its focus on cybersecurity – it implemented vulnerability assessment risk and is also preparing strong backup systems to prevent similar attacks from happening in the future.^[4]

In the meantime, it was admitted that the incident had made a good lesson for many small towns. It was clearly understood that a city like Lafayette with a small administration is not capable of having professionals IT staff and might always be an easy target for cybercriminals. D. Wilmot has added:

“That said, there’s definitely things you can do to make sure that you can recover things easily. … We’ll come out of the situation stronger, more productive and with our eyes open wider to be aware of what we need to do just to be more diligent of assessing our vulnerability.”

CEO of the Identity Theft Resource Center Eva Velasquez has noted the small cities are vulnerable for ransomware attacks, and it might become a bigger problem in the near future as the number of cyberattacks is increasing rapidly.^[5]

Cities, counties and school districts are not well-equipped to address a breach of any kind – data or security. They generally lack the resources to have the latest tools and they rarely have the latest generation of tech, which means as it ages, it becomes more vulnerable to attack

It is not yet clear which ransomware has made the easy money this time, but it is clear they have made enough attention and maybe have invited the municipalities to pay much bigger attention to cybersecurity.