Jackson County, Ga., paid cybercriminals $400,000 to remove ransomware that infected its IT systems. The ransomware, known as Ryuk Ransomware, hit the county on March 1 and impacted multiple county agencies, including the Sheriff’s Office.
Last Thursday, the government reported in a Facebook post that “all County email services are down.” While the ransomware attacked forced most of the county’s IT system’s offline, its website and 911 emergency system was still operational.
Following the infection, Jackson County officials did notify the FBI and also hired a cybersecurity consultant. In order to restore access, the consultant negotiated with the cybercriminals who infected Jackson County’s system and the county paid $400,000 to the hacker to regain access. After paying the ransomware operators, the county received a decryption key which unlocked the ransomed files.
“We had to make a determination on whether to pay,” Jackson County Manager Kevin Poe told Online Athens in an interview. “We could have literally been down months and months and spent as much or more money trying to get our system rebuilt.”
Poe also told the Georgia-based newspaper that the cybersecurity consultant paid the hackers in bitcoin, per their request. The county then reimbursed the consultant. He noted that the hackers specifically requested bitcoin, which is difficult to trace.
While the investigation has not been completed, Poe said that the FBI has indicated the hackers may be based in Eastern Europe. However, investigators have yet to determine how the hackers gained access to Jackson County’s computer system.
“They’ve been in our system I guess a couple of weeks,” Poe said. “They really plotted their attacks before they hit us. They totally crippled us.”
Jackson County wasn’t the first locality to be hit by ransomware–or even the first one in Georgia. Atlanta was the victim of a ransomware attack in March of 2018. However, unlike in Jackson County, Atlanta did not pay the ransom. That attack had a significant financial impact on the city.
“The attack significantly disrupted City of Atlanta operations, impaired certain governmental functions, and caused it to incur substantial expenses in the coming weeks and months,” the Department of Justice said in a release when the alleged hackers were indicted in December of 2018. “To date, the attack has inflicted millions of dollars in losses.”