NEWARK, NJ — Some computers in the City of Newark have been infected with ransomware, rendering them unusable, and the hacker is demanding payment of 24 Bitcoin, or about $30,000 in ransom, according to a document obtained by TAPInto Newark and a city official with knowledge of the hack.
The document reveals that that city computers were infected with RSA-2048 encryption, which encrypts computer files, such as Word and Excel files, picture files and virtually any other type of file that runs on a desktop computer.
Seth Wainer, chief information officer for the City of Newark, confirmed that some computers were hit with a "virus" on Friday and over the weekend, though he declined to say specifically what type of virus.
"The virus compromised our network and disrupted many services that we offer," Wainer said. "Our police services are unaffected and continue operating normally."
Wainer said city government is operating in “safe mode as we inspect each service to look for security gaps."
"This means some of our digital services are unavailable," Wainer said. "We understand this causes an extreme disruption to residents who have come to depend on regular services - and we apologize."
Wainer said the city has been working closely with state and federal law enforcement "to address the present emergency and better prepare ourselves for the future."
City officials declined to confirm the authenticity of the document obtained by TAPIntoNewark because of the federal investigation.
In the document, the hacker explains that the city's computers can be easily unlocked by paying for a electronic key with bitcoin, an international electronic form of payment that is difficult to trace. One Bitcoin is worth about $1,257 today.
"You can get your private key in 3 easy step: Step 1: You must send us 1.7 Bitcoin for each affected PC OR 24 Bitcoin to receive ALL Private Keys for ALL affected PC's. Step 2: After you send us 1.7 Bitcoin, Leave a comment on our Site with this detail: Just write Your "Host name" in your comment."
The RSA-2048 maleware typically infects a user's computer when they are tricked into running an attachment in a spam email. Once the maleware is launched, it encrypts files and requires a "private key" to open them. The private key is only provided after the user pays the ransom.
The San Diego Union Tribune reported Friday that a soaring number of computers are being attacked by malware. The article said the FBI advises people who have been infected with ransomware not to pay.
“Obviously, we don’t want to see criminals make money from their criminal activity,” Special Agent Chris Christopherson, who investigates cyber crimes out of the FBI’s field office in San Diego told the newspaper. “It funds further illicit activity, and it kind of emboldens them.
“However, we do understand that businesses or even individuals might have a lot of money invested in files (on their computers). … There are going to be business decisions that arise where people pay the ransom.”