Earlier this year, two small towns in Alaska were victims of cyber attacks. In each attack, the town's servers and computers were locked and held hostage while the attackers demanded a ransom to be paid in bitcoin, according to a November 18 report by Alaskan NBC affiliate, KTUU channel 2.
As per the report, on July 17 of this year, IT staff in the Matanuska-Susitna Borough (also known as the Mat-Su Borough) discovered a Trojan virus after attempting to install the latest update to their anti-virus software. The discovery reportedly initiated a "multi-agency collaboration" to contain the damage and restore the borough's network.
According to John Moosey, the Mat-Su Borough manager, the cyber-attack consisted of a "Trojan Horse, a worm, a CryptoLocker, a BitPaymer, a time bomb, a Dridex, and a dead man's switch all wrapped into one" that shut down the town's computer network.
During a panel discussion on cybersecurity at the Alaska Municipal League, Moosey stated:
"They grab the data, they lock it up, and then they get a nice little message to send a whole lot of bitcoin to some company or somebody in Sweden, and they'll unlock your stuff for just a mere $400,000"
Not wanting to encourage this kind of behavior, Moosey ultimately decided not to give into the hackers, even though the town apparently had cybersecurity insurance that would have covered the ransom.
A second, similar attack took place that same month in the Alaskan city of Valdez. According to a briefing by the FBI, sometime between July 25 and 26, Valdez city employees began to notice their network was slower than usual and they could not log in to certain accounts.
These problems escalated when the city's police department noticed that the city's webpage was down, leading to the discovery that the city's "IT Infrastructure" had fallen prey to a hack similar to the one in Matanuska-Susitna Borough. Strangely, however, according to the FBI, there is no evidence to suggest that the two attacks are related.
Upon discovery of the attack, officials for the city of Valdez contacted a third-party security consultant to see what action could be taken against the hackers. The investigator reportedly contacted the hackers via the dark web. Posed as a representative of a small business, the consultant asked the hacker(s) what they wanted in return for the captive data.
The hackers replied and asked the security consultant if they represented a hospital or a bank, apparently trying to decide how much of a ransom to ask for. Under the assumption that they had infiltrated a small company, the hackers demanded a measly 4 bitcoin (worth approximately $26,000 at the time.)
Before Valdez officials decided to pay the ransom, they first required the hacker to prove they could decrypt the captive data by anonymously sending them encrypted documents. Once the hackers proved their ability to return the stolen data, the ransom was paid, and the hackers provided a decryption key "enabling IT staff to begin unlocking its servers and work stations."
"I'd like to say it's as easy as saying 'We got the code, we unlocked the system, we're good to go.' We were not good to go," stated Valdez City Manager Elke Doom. "We can't trust that data. We have to run it through virus protections, we have to scrub it, we have to put it on a different server, we have to test it because there could be a virus lurking in there and we could be in the same situation again. But we're still vulnerable," Doom said. "We all are. Every single one of us."