July 8 (UPI) -- Hackers behind what appear to be a series of specialized and repeating ransomware attacks against a number of U.S. cities -- holding hostage key computer systems for hundreds of thousands of dollars -- are keeping up the assault after at least two cities paid them off.
The hackers began to attract attention with a cyberattack in early May against multiple systems in Baltimore and Greenville, N.C. In Baltimore, which paid the hackers nothing, some of those systems are still down. Two cities in Florida, however, have paid the hackers a combined amount that surpasses $1 million. Both cities, Riviera Beach and Lake City, said they did so to quickly get back control of the hijacked files -- but experts fear paying the criminals is precisely what may be encouraging new attacks.
Georgia's state court system and Eurofins Scientific, one of Britain's largest forensics lab, have also been targeted. BBC News reported Eurofins paid the ransom, but the amount wasn't disclosed.
Bruce Shaw, a spokesman for the Georgia court system, told UPI at least a portion of the digital information systems in Atlanta were taken offline. The attackers left a note requesting contact but did not include further demands or a specific ransom, he said.
Shaw added there's no evidence yet of data mining and the affected servers did not contain any personal information.
Atlanta has previously been targeted by a ransomware attack -- in 2018, when the intrusion cost the city $18 million in recovery efforts. The court system joins the two Florida cities, plus Key Biscayne, on the growing victims list.
Riviera Beach's city council voted unanimously to pay at least $600,000 ransom through an insurance plan to recover files, and have committed to spend $1 million on new computer security. Lake City paid $460,000 from city insurance and $10,000 in public money -- and fired its information technology chief. Key Biscayne has not paid the ransom.
The target cities have since been able to revive a portion of their systems or files, but experts say they face ongoing vulnerabilities from the intrusions. Authorities are not yet sure if all, or any, of the ransomware attacks are connected.
Lake City Police Sgt. Mike Lee said the process has been "slow going."
"We have to take and backup the entire system and then we're recovering from the backups," he said, adding the city uses the process to "start over" if files are corrupted during the recovery process.
Lee said Lake City is performing a forensic analysis to determine whether hackers accessed city systems through phishing, or some other method.
The recent spate of attacks has prompted other cities nationwide to assess their security. Experts, including law enforcement authorities, have advised cities against paying any ransom amounts.
"They just want to get their money and they're going to leave," Zohar Pinhasi, CEO of cybersecurity firm MonsterCloud, told UPI last month.
"They don't really care about anything else."