True North Networks Blog
Georgia County Paid $400K to Ransomware Hackers
Just days after informing residents that its computer systems were severely crippled by a ransomware attack, the government of Jackson County, Georgia, paid hackers $400,000 to regain access to its files.
The payment, one of the largest recent sums to pay off a ransomware scheme, was first reported by the Athens Banner-Herald.
County officials said last week that a ransomware attack locked agencies out of nearly all their systems, forcing many, including the sheriff’s office, to resort to carrying out operations on paper.
“We are doing our bookings the way we used to do it before computers,” Sheriff Janis Mangum told StateScoop.
The Banner-Herald reported that County Manager Kevin Poe made the decision to pay the ransom after speaking with cybersecurity consultants, who advised him that rebuilding networks from scratch — as other ransomware victims, like Atlanta, have done — could be a long and costly process for the 60,000-person county.
“We had to make a determination on whether to pay,” Poe told the Banner-Herald. “We could have literally been down months and months and spent as much or more money trying to get our system rebuilt.”
After paying, the hackers sent a decryption key that allowed county workers back into their computer systems. The county is also working with the FBI, which tells ransomware victims not to pay up.
Poe also said the ransomware that took down Jackson County’s systems has been identified as the Ryuk virus, which demands far higher payments than other strains. Research published last month by McAfee and Coveware found that the hackers behind Ryuk typically ask for 100 bitcoin — equal to about $384,000 as of this writing. Ryuk is now believed to have originated in Eastern Europe or Russia, contradicting earlier reports of origin in North Korea.