author photo
By Bruce Sussman
Thu | Feb 27, 2020 | 7:15 AM PST

stuart-police-department-badgeIn Stuart County, Florida, the badges police officers wear display a source of community pride right at the top: "Sailfish Capital of the World." 

But this week, the police department revealed that falling for a spearphishing attack via email eventually forced it to set several suspects free and drop the charges against them.

Phishing email leads to Ryuk ransomware attack

During 2019, the Ryuk strain of ransomware hit Florida cities and businesses extremely hard. Some called Florida the ransomware state after two cities collectively paid hackers more than a million dollars in ransom to get their data back.

Hackers also hit the City of Stuart with Ryuk during 2019, but city leaders refused to pay cybercriminals a $300,000 Bitcoin demand.

Police drop charges after ransomware attack destroys evidence

Even though the attack was months ago, it took a new investigation this week by the NBC affiliate in West Palm Beach, Florida, to reveal the impact of the ransomware attack on law enforcement.

From the WPTV story:

The cyberattack forced the State Attorney's Office to drop 11 narcotics cases because evidence was lost, Contact 5 has learned.

"In our case, we lost approximately one and half years of digital evidence," said Det. Sgt. Mike Gerwan with the Stuart Police Department. "Photos, videos; some of the cases had to be dropped," Gerwan told Contact 5 investigator Merris Badcock.

Those cases included 28 charges against six different defendants for crimes including possession of meth, possession of cocaine, selling, manufacturing, or delivering various narcotics, and illegal use of a two-way communication device."

Can you imagine being charged with a felony and then being told you are receiving a "get out of jail free card" because the police evidence was destroyed by a cyberattack?

Add dropped criminal cases to the long list of costs from ransomware attacks.

More organizations are paying the ransom to hackers

The Stuart Police Department and the City of Stuart bucked a growing trend by refusing to pay.

An increasing number of organizations are paying a hacker's ransom, as revealed in the 2020 State of the Phish report. More than 50% of those surveyed about ransomware attacks say they are sending hackers the crypto payment—which only further encourages the crime.

One of the major reasons for this uptick in payment is that hacking groups increasingly operate as an enterprise, and are making ransomware money from both business-to-business (B2B) and business-to-consumer (B2C) types of transactions.

One recent example of this involved a plastic surgery clinic.

In early 2020, Dr. Richard Davis at The Center for Facial Restoration (TCFFR) in Miramar, Florida, wrote this letter to his patients and posted it on his website:

"On November 8, 2019, I received an anonymous communication from cyber criminals stating that my 'clinic's server (was) breached.' The hackers claimed to have 'the complete patient's data' for TCFFR that 'can be publicly exposed or traded to third parties.' They demanded a ransom negotiation...."

That is the B2B way to make money. The hacking business demands money from the plastic surgery business.

And then the hackers went straight to the patients. Dr. Davis revealed this fact as his breach notification letter continued:

"...about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met."

That's the B2C transaction. The hacking business goes after the consumer.

And as you can see, both types of transactions center around extortion. Hackers steal the data, then lock it up, then threaten to expose it. 

Roger Grimes, a data-driven Defense Evangelist at KnowBe4, calls this going nuclear.

"Ransomware isn't here to let you take time to decide if your supposedly good backups are really good. They want to inflict the most amount of pain and risk immediately. They want to get paid, and they will do anything it takes to make that happen, including making your company an example of what happens if you don't pay."

Grimes is a featured speaker on the upcoming web conference, Now that Ransomware Has Gone Nuclear, How Can You Avoid Becoming the Next Victim? 

Join Roger Grimes and Sam Masiello, CISO at Gates Corporation, as they uncover this evolving area of cybercrime and what your team should be doing about it.

One thing is certain: every organization is a potential target for this kind of attack.

And in Stuart, Florida, police expect to be investigating an increasing number of crimes like the one that hit their department.

"When I first got in law enforcement, most of the crimes [we investigated] were person crimes, a little bit of property crimes," Det. Sgt. Mike Gerwan said. "I believe that at the end of this decade, cybercrimes are going to make up a major percentage of the types of crimes that we investigate."

Related podcast: The Enterprise Business Model of Cybercrime 
For more, listen to the episode here, or on your favorite podcast platform.
Comments