UPDATE: Lake City fires employee after paying ransom in malware attack

Published: Jun. 25, 2019 at 6:16 PM EDT
Email This Link
Share on Pinterest
Share on LinkedIn


The city manager of Lake City, Joe Helfenberg confirmed that the director of information technology, Brian Hawkins, was fired.

This decision comes after a "Triple Threat" cyber attack that disabled city servers, phones, and email that resulted in ransom.

Lake City paid $460,000 in ransom for a cyber attack through the cyber cryptocurrency, Bitcoin.

Helfenberg will update the city council about the recovery of their encrypted files at a city council meeting Monday evening at 6 p.m. He estimates that the city should make a full recovery from the attack in about two weeks.


Lake City's online systems were compromised about three weeks ago by malware attackers. This week the city agreed to pay the ransom requested by the attackers. But one cybersecurity expert says paying the ransom is not a good idea.

Rod Wiggins is the owner of Computer Network Experts which is based in Gainesville.

He says he's worked with several companies that were victims of a ransomware attack and never advised his clients to pay a ransom.

"Paying the ransom is a bad precedent to set because now there's this idea that we can get away with it and make money," said Wiggins.

Lake City recently experienced a malware attack and approved for their insurance company, Florida League of Cities, to pay 42 bitcoins which was valued at $460,000 at the time.

The city paid a $10,000 deductible for the decryption key to restore their online systems. It was confirmed Friday that this resulted in one IT member being fired.

"Our city manager did make a decision to terminate one employee and he is revamping out whole it department to comply with what we need to be able to overcome what happened this last week or so and that's so it doesn't happen again," said Lake City Mayor Stephen Witt.

While Lake City officials told TV20 that their investigation is ongoing, Wiggins doesn't believe they'll be successful in tracking down the attacker.

"Because they used the Bitcoin to collect this money, the Bitcoin is not traceable so once you make this ransom payment, it's not like the authorities can hunt these people down, and a lot of these people are from eastern block countries or non-extradition countries so even if we know who they are we can't go get them," said Wiggins.

Mayor Witt says the decryption key has been working and that administration is hoping to be fully restored in the upcoming days.


For the past two weeks, in Lake City, many systems such as emails and telephones have not been operating due to a malware attack. The only department not affected was police and fire, because they operate on a different server. As time went on, city officials were faced with one solution.

This month Lake City administrators noticed things going wrong with their network. It was soon revealed that lake city had become the victim of a cyber attack known as "Triple Threat".

" IT staff have been working with a third party cyber security vendor as well as the Florida League of Cities, who is the insurance provider for the city to try and recover as much as they can," said Michael Lee, Lake City police department spokesperson.

There were several attempts to get the networks back up and running but there was no luck.

"It would be to try to either to retrieve it through unlocking the information or recovering it some other way and neither of those options is very good or very easy and not very cost effective," said Mayor Stephen Witt.

It was then recommended by IT staff and a third party vendor that there was only one thing left to do.

"About a week later after the attack occurred we did actually receive a ransom request. They were specifically requesting 42 bitcoins, which were the payment that they were requiring to release the decryption key to us," said Lee.

That money was paid by the city's insurance provider. Those 42 bitcoins were equivalent to $460,000 at the time. $10,000 of that had to be paid by the city.

"Luckily we have a good comprehensive insurance plan in place that does cover this type of an incident," said Lee.

There is an ongoing investigation to discover who is behind the attack.

" Well the city of Lake City, the police department and the Florida Department of Law Enforcement are working our case, but the FBI has had cities all over the country that have been hit by this, so there's a much bigger and broader investigation ongoing," said Lee.

It is unclear on how long it will take to get all systems back online, however, Mayor Witt says that the city is now working with experts to come up with recommendations to set up a system that wouldn't be susceptible to this attack again.


After the City of Lake City was targeted by a malware attack all city networks were immediately isolated and disconnected. City IT Staff along with a third party vendor began recovery efforts.

According to the city, initially, no ransom was received possibly due to the immediate response by the city.

Last week, a request for ransom was received from the attacker. This request was sent to the Florida League of Cities, the insurance provider for the City of Lake City. The League began negotiating with the attacker and agreed to pay 42 bitcoins ($400,085.00)

This was approved by the Emergency Council Meeting on Monday night.

This ransom was paid by the League today, resulting in the receipt of the decryption key from the attacker. The city IT staff is currently working with the security vendor to resolve the situation, while law enforcement

continues investigating as well.

According to the City of Lake City, the City’s IT Director and the security vendor recommended being more cost-effective to retrieve the key from the attacker than continue with self-recovery efforts.

The City of Lake City remains responsible only for the $10,000.00 deductible to the League of Cities.