Cyber Incident Victim: Riviera Beach

The Riviera Beach ransomware attack began in late May 2019 when hackers infiltrated the Florida city's computer systems through a phishing email. An employee inadvertently clicked on a malicious link within the email, enabling attackers to upload malware that encrypted municipal records and paralyzed critical operations. The breach severely disrupted city services, with immediate impacts including the complete shutdown of the email system and compromised emergency response capabilities. 911 dispatchers lost the ability to enter calls into computer systems, creating operational challenges for public safety personnel. The encryption of city records left officials unable to access essential administrative and operational data, forcing many municipal functions into manual processes.

On June 19, 2019, the Riviera Beach City Council unanimously authorized a $600,000 ransom payment to the attackers in hopes of recovering their encrypted systems. This decision followed three weeks of sustained system outages and preceded a separate $1 million allocation for new computer hardware to replace compromised infrastructure. Multiple federal agencies including the FBI, Department of Homeland Security, and U.S. Secret Service initiated investigations into the attack. The incident exemplified broader ransomware trends affecting municipal governments, with similar attacks previously targeting cities including Atlanta, Newark, and Sarasota. Recovery efforts focused on system restoration through ransom negotiations and hardware replacement while investigators worked to trace the attack's origins and methodology.