Credible Backup System To Rescue: North Bend City’s Successful Countermeasure to Ransomware Infection

Oregon’s North Bend City is the latest victim of a notorious ransomware attack, which paralyzed the operation of the city’s local government employees. The initial ransom demand was $50,000 worth of Bitcoin, the ransomware not only encrypted employees’ files but also the city’s database servers. “One weekend morning a few weeks back all of our servers and things locked up, and we received a ransomware note that said for $50,000 in Bitcoin these people would provide us with the code to unlock our computer systems,” explained Terence O’Connor, City Administrator of North Bend.

Unlike other cities that were infected by ransomware, North Bend City’s leadership has declined the demand to pay the ransom. The city instead approached the U.S. Federal Bureau of Investigation to conduct forensic analysis of the ransomware infection. This is a very commendable action on their part, given that other city that was infected with ransomware usually just surrenders, which made ransomware, more particularly WannaCry to produce an estimated $4 billion as profit.

“It appeared to be a more sophisticated ransom where there are two keys needed to unlock your system. One is planted on your system, the other the culprit has. The ransom note was directed at the police department, and it spread from their servers to ours. That’s why in some cases people who would expect emails from us weren’t getting any because we weren’t sure what vector was causing the disease. We’ve lost some time, and money to sanitize the computer systems,” added O’Connor.

The big advantage that North Bend City has is they have an efficient backup system, the best damage control scheme against malware that encrypts user files. Restoring user data using a reliable backup is much more efficient, faster and cheaper than trying to rebuild the lost data from scratch. North Bend City is also covered by an insurance policy in an event of a malware infestation, unfortunately, the insurance package only scales up to the maximum $5,000, which is not enough to pay for the ransom.

“We’ve hired some firms to go through the records we keep here … Employee personnel records appear to have not been impacted other than the fact that we couldn’t access them,” concluded O’Connor. At the time of this writing, FBI is still clueless about who is behind the ransomware attack, they were only able to trace the attacker as coming from a Romanian IP address.

The city government computers and network were not the initial targets of the ransomware, but it originated from a computer of the North Bend Police Department. Unfortunately, as the city government office hosts more vulnerable computers and servers than the police, they were more affected by it, hence the inflated amount of ransom demand was to the tune of $50,000.

Ransomware virus authors are pinning their hopes that their victims do not have a credible backup system, as those that have will just reformat the infected machines and restore user data from the backup instead of paying the ransom.