A village in central New York made ransom payments of $300 and $500 last year to keep its computers running after two official-looking emails released malware throughout its system, state auditors said.
The comptroller’s office, which has audited 100 municipal computer systems the past three years, said Ilion’s experience should warn others of the growing threat, which can infiltrate computers and make them inaccessible. The big problem for the village of 8,000 was its financial software.
“The payroll, village accounting systems, they were all locked up,” Mayor Terry Leonard said.
Ilion officials have endorsed new security steps and trained staff last year specifically on looking out for suspicious emails. They haven’t had another attack since but the hackers have not identified, Leonard said.
The first email attachment converted all data stored in the system into an unreadable encrypted format. A $300 ransom payment in January 2014 was made as directed, electronically transmitting the number of a prepaid credit card to a designated portal.
The second email, which also appeared to be for village business, led to more encryption and a $500 ransom payment in May 2014.
“These incidents should be a wake-up call to local government officials around the state,” Comptroller Thomas DiNapoli said.”