The AchieVer Posted March 9, 2019 Share Posted March 9, 2019 Georgia county pays a whopping $400,000 to get rid of a ransomware infection County hired cyber-security consultant to negotiate ransom fee with hacker group. Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems. The ransomware hit the county's internal network last week, on Friday, March 1, 11Alive reported on Wednesday. The infection forced most of the local government's IT systems offline, with the exception of its website and 911 emergency system. "Everything we have is down," Sheriff Janis Mangum told StateScoop in an interview. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult." Jackson County officials notified the FBI and hired a cyber-security consultant. The consultant negotiated with the ransomware operators, and earlier this week the Georgia county paid $400,000 to hackers to get a decryption key and re-gain access to their ransomed files. County officials are in the process of decrypting affected computers and servers, Jackson County Manager Kevin Poe told Online Athensin an interview yesterday. "We had to make a determination on whether to pay," Poe said. "We could have literally been down months and months and spent as much or more money trying to get our system rebuilt." Poe identified the ransomware that infected the county's network as "Ryunk" --which is most likely Ryuk, a well-known ransomware strain that is currently undecryptable. The Ryuk gang is believed to be operating out of Eastern Europe and for the past year has focused on targeting local government, healthcare, and large enterprise networks. They intentionally go after big targets as part of a tactic known as "big game hunting." Ryuk operators typically look for and exploit computers with Remote Desktop Protocol (RDP) connections left open online but protected by weak passwords. However, Jackson County officials have not yet confirmed how hackers breached their network. Jackson County won't be the victim who paid the largest ever ransom demand, though. This "honor" goes to South Korean web hosting firm Internet Nayana, which paid 1.3 billion won ($1.14 million) worth of bitcoins to a hacker following a ransomware attack in June 2017. Jackson County Manager Kevin Poe also has a case when saying that the county would have spent more rebuilding its network than paying the hackers. Government officials in Atlanta, Georgia have ended up paying millions to rebuild their IT network following a similar ransomware attack in March 2018, a cost which ballooned from the initially estimated $2.6 million to around $17 million. Source Link to comment Share on other sites More sharing options...
Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems. The ransomware hit the county's internal network last week, on Friday, March 1, 11Alive reported on Wednesday. The infection forced most of the local government's IT systems offline, with the exception of its website and 911 emergency system. "Everything we have is down," Sheriff Janis Mangum told StateScoop in an interview. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult." Jackson County officials notified the FBI and hired a cyber-security consultant. The consultant negotiated with the ransomware operators, and earlier this week the Georgia county paid $400,000 to hackers to get a decryption key and re-gain access to their ransomed files. County officials are in the process of decrypting affected computers and servers, Jackson County Manager Kevin Poe told Online Athensin an interview yesterday. "We had to make a determination on whether to pay," Poe said. "We could have literally been down months and months and spent as much or more money trying to get our system rebuilt." Poe identified the ransomware that infected the county's network as "Ryunk" --which is most likely Ryuk, a well-known ransomware strain that is currently undecryptable. The Ryuk gang is believed to be operating out of Eastern Europe and for the past year has focused on targeting local government, healthcare, and large enterprise networks. They intentionally go after big targets as part of a tactic known as "big game hunting." Ryuk operators typically look for and exploit computers with Remote Desktop Protocol (RDP) connections left open online but protected by weak passwords. However, Jackson County officials have not yet confirmed how hackers breached their network. Jackson County won't be the victim who paid the largest ever ransom demand, though. This "honor" goes to South Korean web hosting firm Internet Nayana, which paid 1.3 billion won ($1.14 million) worth of bitcoins to a hacker following a ransomware attack in June 2017. Jackson County Manager Kevin Poe also has a case when saying that the county would have spent more rebuilding its network than paying the hackers. Government officials in Atlanta, Georgia have ended up paying millions to rebuild their IT network following a similar ransomware attack in March 2018, a cost which ballooned from the initially estimated $2.6 million to around $17 million. Source
sam3971 Posted March 9, 2019 Share Posted March 9, 2019 Rule number 1 with Ransomware, don't ever publicly admit that you paid the ransom. Apart from that, it is not easy to get infected with this stuff if your IT staff is careful when it comes to emails primarily. Link to comment Share on other sites More sharing options...
The AchieVer Posted March 9, 2019 Author Share Posted March 9, 2019 4 minutes ago, sam3971 said: Apart from that, it is not easy to get infected with this stuff if your IT staff is careful when it comes to emails primarily. I concur with you. If You venture out in uncharted territories, you are asking for trouble. Regards Link to comment Share on other sites More sharing options...
moopster Posted March 9, 2019 Share Posted March 9, 2019 Daily backups. 'Nuff said. Link to comment Share on other sites More sharing options...
dufus Posted March 12, 2019 Share Posted March 12, 2019 Georgia's massive new cybersecurity center opens “It is making us a national leader in cyber training and education, and already is attracting talented students to Augusta who will in turn become highly trained cybersecurity professionals,” Augusta University President Brooks Keel sauce Former NSA commander to lead Georgia's new cybersecurity center sauce Link to comment Share on other sites More sharing options...
vitorio Posted March 12, 2019 Share Posted March 12, 2019 What happened to the backup? No backup? Link to comment Share on other sites More sharing options...
dufus Posted March 12, 2019 Share Posted March 12, 2019 21 minutes ago, vitorio said: What happened to the backup? No backup? lost them Link to comment Share on other sites More sharing options...
dufus Posted March 13, 2019 Share Posted March 13, 2019 US Arrests Daesh Cyber Terrorist From State of Georgia sauce smell rat nice time story release Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.