A ransomware infection locks down systems and does not allow access until the ransom is paid. Such attacks are not uncommon and can often prove to be very costly, as one Georgia county can attest. Jackson County, Georgia officials paid $400,000 to cyber criminals in order to regain access after their IT systems were infected with ransomware.
According to reports, the ransomware infection hit the county’s internal network last week. With the exception of its website and the 911 emergency system, most of the local government’s IT infrastructure went offline as a result of this attack.
Sheriff Janis Mangum told a news outlet that “Everything we have is down,” and that “We are doing our bookings the way we used to do it before computers. We’re operating by paper in terms of reports and arrest bookings. We’ve continued to function. It’s just more difficult.”
A cyber security consultant was hired and the FBI was informed in due course. The consultant then negotiated with the operators behind the ransomware which resulted in a $400,000 payment to the hackers. This got county officials a decryption key which allowed them to access their IT systems. County Manager Kevin Poe said that a decision had to be made whether or not the ransom was to be paid. If they didn’t do that their systems could have been down for several months and it may have cost more money “trying to get our system rebuilt.”
Security analysts believe that this ransomware strain known as Ryuk is being operated by a gang out of Eastern Europe. It has targeted healthcare, local government, and large enterprise networks over the past year. Jackson County officials haven’t confirmed as yet how their network was breached.