Key Biscayne recovering from cyberattack after hackers hit a third city in Florida

The village of Key Biscayne confirmed Thursday it had been hit by a cyberattack — the third Florida city this month to fall victim to outside hackers.

Village Manager Andrea Agha said a “data security event” occurred Sunday, June 23. She said that some permitting operations were handled manually while some systems were kept off-line “in an abundance of caution.” As of Wednesday night, she said, all village network systems were back up and running.

The village continues to work with outside counsel and third party forensic experts to determine the scope of the attack, the manager said. On Thursday morning, village council members authorized money for Agha to continue working with IT consultants.

The Key Biscayne incident comes on the heels of two other cyberattacks against Florida cities earlier this month. On June 5, the city of Riviera Beach in central Palm Beach County announced it had been the victim of a security breach.

Officials later confirmed a ransom worth about $600,000 in Bitcoin had been paid to recover city data.

On June 10, Lake City, about 60 miles west of Jacksonville, said it had also been the victim of an attack that rendered official email inaccessible. Lake City officials agreed to pay a ransom of about $490,000 in Bitcoin.

Both cities said insurance helped cover the costs. Key Biscayne’s Agha would not say whether a ransom was involved in the attack against the village.

The cyberattackers remain unknown, and it is not clear whether the incidents are related.

According to Armor, a cyber security firm, ransomware incidents have hit dozens of municipalities across the country this year.

Cities and small businesses are becoming more popular targets for hackers, who recognize frequently unsophisticated systems. According to FBI estimates, there were 1,493 ransomware attacks in 2018, with victims paying a total of $3.6 million.

“The biggest cloud operators, like Google, Amazon, and IBM, have hired some of the brightest minds in digital security, so they won’t be easy to crack,” MIT Technology Review writer Martin Giles wrote in a recent article. “But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved.”

In the most recent, high-profile attack, the city of Baltimore was left crippled by hackers demanding a $76,000 ransom. The city refused to pay; in the meantime, home sales and online bill pay was severely impacted. An estimate put the total damages to the city at more than $18 million.