Midland, which has a population of over 16,000, had its computer systems breached and infected with ransom malware that encrypted files at the beginning of the month. The cyber attack rendered the town’s computers inoperational for around 48 hours and this crippled email services, processing of payments, issuance of permits, reloading of transit cards and processing of marriage applications.
Critical services such as waste management and fire response were, however, not impacted. To facilitate decryption the hackers have been demanding that a ransom be paid in bitcoin. The town has consequently started the process of paying the unspecified ransom amount in bitcoin in order to get the decryption keys.
As per the media release from Midland Town Council the process of paying the ransom in exchange for the decryption keys has been initiated under the guidance of cyber security experts.
The release further stated that this might not be the ideal thing but this is the best possible solution to bring the systems back online as soon as possible. Insurance policy as already been secured by the town to cover such circumstances.
The decision by Midland Town Council to acquiesce to the demands of the hackers stands in contrast to the move by the Professional Golfers Association of America to refuse to pay a ransom in bitcoin after similar malware was planted on its computer systems early last month. This was despite the fact that the hackers insisting that only they possessed the decryption software as CCN reported:
“We exclusively have decryption software for your situation. No decryption software is available in the public.”
In agreeing to remit the ransom Midland is, however, not alone in preferring to pay up in order to get its systems working again as many victims have done so if the amounts obtained by ransomware creators are anything to go by. Last month, for instance, it was reported by a U.K.-based cybersecurity firm, Sophos, that the creators of the SamSam ransomware had managed to rake in more than US$6 million since it started proliferating in late 2015 with the highest amount paid by an individual being US$64,000.
Additionally, a report released last year by researchers drawn from Google, Chainanalysis, University of California, San Diego and New York University concluded that creators of various ransomwares managed to generate US$25 million in 24 months, most of which was being cashed out through the BTC-e cryptocurrency exchange.