The Long Reach of a Ransomware Fall-Out
Earlier this year, Lake City Florida was the victim of a ransomware attack. Like companies across the world, the city was infected by the ransomware variant, Ryuk. But it wasn't just the city that took a hit. The city’s IT Director, Brian Hawkins, also entered the firing line. This is the story of the human face of a ransomware attack.
A Quick Reminder of the Ransomware Attack on Lake City
On June 10th, 2019, Lake City, Florida, became aware of a ransomware infection on their network. Their files and documents had been encrypted by Ryuk ransomware. The attacks ended up costing the city a ransom of $460,000 in Bitcoin. Once paid, the city was able to access 90% of the encrypted files, the other 10% are still “missing in action.” These unrecovered files include historical documents.
Brian Hawkins, the IT Director at Lake City, became part of the fall-out of the attack when he was sacked and blamed for mishandling the infection. Brian was made the scapegoat by the city. Brian will also be dragged into an FBI investigation into the attack.
As you can imagine, this has had serious effects on Brian’s personal life.
For a full interview with Brian, check out our post: “Ransomware Scapegoat”
The New York Times View of Events:"When Ransomware Cripples a City, Who’s to Blame? This I.T. Chief Is Fighting Back"
Ransomware is an incredibly serious malware infection to deal with. It is insidious, affecting entire networks, effectively closing down a business. It is a very common form of malware infection. But there is also the hidden side of a cyber-attack; the human beings personally affected by the fall-out from an incident. When a cyber-attack happens, it isn’t just computers that are affected; peoples’ lives are also often seriously impacted. Jobs are lost, families lose income, children’s education plans can be affected. Entire careers can be lost.
In the case of the Lake City ransomware attack, Brian Hawkins was the human face of the long-lasting impact of malware. Brian became the person named and shamed as part of a deflection exercise used by Lake City to turn the heat down on their decision to pay a high ransom price. Brian’s name became splashed across national media. His life was turned upside down; his reputation was in tatters.
The New York Times took up Brian’s story to bring the truth to the world. The Lake City attack began like many similar cyber-attacks, with phishing emails. The cybercriminals behind phishing attacks are masters of manipulating human behavior. Several Lake City employees fell afoul of the phishing campaign used in the Ryuk ransomware attack. Phishing is the most successful way a cybercriminal can infect a network with malware. It is difficult to prevent. But there are ways and means of reducing the impact of a ransomware attack. Brian knew this, and he had urged the use of off-site back-ups which would have minimized the damage of a ransomware attack. The city did not heed his warning.
Brian was fired in the city’s attempt to “save face.”
How to Make Sure You Don’t End Up in the National Media Because of Ransomware
Brian is fighting back. He has taken out a lawsuit against the city. Brian urged Lake City to use off-site back-up services in 2017, two-years before the ransomware infection; Brian knew that on-site services would be compromised in a ransomware attack. Brian Hawkins is the human-side of a cyber-attack and the poster child for the following advice:
- Listen to your IT people. You employ your IT folks to do a job, let them do it. If they suggest using certain services, listen to their advice.
- Use a risk management process. Perform a risk management analysis on threats, vulnerabilities, and control measures to ensure you put your money in the right areas.
- The tone comes from the top. Management needs to get on-board the cybersecurity train and understand that a cyber-attack is “not an if, but a when.”
- Proper funding is needed. Cybersecurity is expected to cost businesses around $5 trillion by 2024, according to Juniper Research. Whether you are a small government office or a for-profit business, if you do not fund your security measures properly, you are instead funding cybercrime.
Brian Hawkins, the Next Chapter
WatchPoint saw Brian’s name in the multitude of press notices about the Lake City ransomware attack. We instantly saw the situation for what it was; Brian was made the scapegoat for poor security practices and choices by others. WatchPoint asked Brian to come on-board as our Technical Dispatch Manager. We knew that Brian would be a great addition to our team because he understands that cybersecurity is about preparation, processes, and people.
We are looking forward to a respectful and fruitful working relationship with Brian. Lake City’s loss is WatchPoint’s gain.