The Lake City attack started on June 10, when an employee clicked on a malicious email and infected the city's computers with ransomware, the mayor said. The program, which the city identified as malware known as "Triple Threat," hit anything other than Lake City's police and fire departments, which are on a separate server.
"As a result, all emergency services remain intact," the city said when it revealed the attack.
Several days passed before the hackers demanded a ransom. Initially, the city, which is about 65 miles west of Jacksonville, in the place where Interstate 1
"Every IT professional will tell that they are constantly averting attacks," said Eric Hartwell, deputy general attorney and Florida League Insurance Adviser, who began offering cyber attack liability coverage to his hundreds of members a few years ago. "It's not necessarily a new thing – I'm just thinking for whatever reason, the news cycle now shows that municipalities do not differ from private companies."
There is a chance that Lake City could have decrypted ransomware alone. A city spokesman said ransomware was a variant of a malware strain called "Ryuk." Security experts have successfully written off Ryuk ransomware in 3 to 5 percent of the cases, according to Emsisoft, a security firm. Part of the problem, said Brett Callow, a spokesman at Emsisoft, is that security experts need better communication channels with the victims. His company created ID Ransomware, a free website that allows victims to upload tribes of ransomware so that security experts can help them decrypt it.
In Europe, similar projects have proved successful. Security experts, law enforcement agencies and local officials participate in No More Ransom Project to share real-time attack information, share decryption techniques, and point out law enforcement against command and control attackers. In Poland, the Polish police, Belgian federal police and Europol arrested a Polish citizen suspected of having infected several thousand computers with ransomware. Security experts said they had had the same success in working with the Dutch police, but had a harder time connecting with F.B.I. because the agency has stricter communication protocols.
Mr. Witt said Lake City fired an employee whom it considered had not done enough to protect the computer systems from a burglary. The employee was not the same person who clicked on the malicious email, he said.
"We are developing a system with a backup, which hopefully will not be vulnerable," said Witt, and asked other mayors to do the same. "Every other city must look at their system – today."
"I've been in the office for 14 years," he added. "We've had tornadoes. We've had hurricanes. We've had fires, they told me they might reach the city limits. But it was unusual. This was different."