A city in Florida has confirmed hackers seeking to extort money were responsible for crippling its computer systems earlier this week.
But officials in Pensacola have yet to decide whether they will pay a reported $1 million ransom.
If they do opt to fork over the money, they may have to dip into Pensacola city coffers; the city of about 52,000 in Florida’s Panhandle – whose annual budget is roughly $245 million – is not insured for such an attack.
Obtaining it in the future is “something that our risk manager will certainly be looking into,” said city spokeswoman Kaycee Lagarde.
The potential cost of cyber attacks on US government agencies
Ms Lagarde confirmed that ransomware was behind the attack that brought down the city’s computer network over the weekend, less than a day after a Saudi aviation student killed three US sailors and wounded eight other people at a nearby naval air station.
The FBI has said the attacks were not connected.
The cyber security blog BleepingComputer reported earlier this week that a group behind a ransomware strain known as Maze claimed responsibility for the attack and was demanding $1 million from the city.
In emails exchanged with the website, the Maze hackers claimed they had stolen documents from the city but did not say whether they had given Pensacola officials a deadline to pay for them or if they had threatened to release the documents if they did not pay.
BleepingComputer editor Lawrence Abrams said the Maze operators had authenticated their identity with proof of a different hack and by posting snippets of email exchanges with his blog on a dark-web payment site.
In May, a cyber attack hobbled Baltimore’s computer network and cost the city more than $18m to repair
City officials declined to discuss who might have been responsible or any ransom amount demanded. The city said it has restored some services, including email, phone services and utility online bill payments.
Ransomware infections reached epidemic dimensions this year, and security researchers are concerned ransomware could also disrupt next year’s US presidential elections.
According to a report released this week by the cyber security firm Emsisoft, almost a thousand US government agencies, educational institutions and health care providers were hit in an unprecedented barrage at a potential cost of more than $7.5bn.
New Jersey’s largest hospital system and the city of New Orleans are among the most recent US ransomware victims.
In May, a cyber attack hobbled Baltimore’s computer network and cost the city more than $18m to repair. City officials refused to pay demands for $76,000 in bitcoin.
During the summer, two Florida cities – Riviera Beach and Lake City – paid hackers more than $1 million combined after being targeted.
Pensacola officials became aware of the cyber attack against their city about 1.30am last Saturday.
Ever since, information technology technicians have been working to restore services as officials continued to take stock of the damage, if any, and determine what information might have been compromised or stolen.
Ms Lagarde would not say whether any personal or financial data was breached. She said the city would notify residents and customers as warranted.