La Porte County, Indiana, has paid $130,000 to retrieve data on computer systems affected by ransomware.
Occurred on Saturday, July 6, the attack was spotted before it spread to all the computer on the network. The IT department responded managed to restrict it to less than 7% of the laptops.
The response notwithstanding, two domain controllers were affected so network services became inaccessible. A forensic investigation company and the FBI were involved but efforts to retrieve the data encoded by the malware without paying the ransom were unproductive.
Insurance includes part of the cost
The cybercriminals obtained around $130,000 in Bitcoin from this attack, with $100,000 being protected by insurance. The effect may not be instant but it does raise alarm bells in the long run.
“Fortunately, our county liability agent of record, John Jones, last year recommended a cybersecurity insurance policy which the county commissioners authorized from Travelers Insurance” – Dr. Vidya Kora, La Porte County Board of Commissioners President, told The News Dispatch.
WSBT says that the county had backup servers but they were infected by malware.
The news publication says that the ransomware impacting La Porte County’s systems is Ryuk, the same one that attacked the City of Lake City on June 10 in what the municipality dubbed a “triple threat” because it emanated from an Emotet infection that brought Trickbot trojan, which then installed Ryuk.
In the case of Ryuk, antivirus maker Emsisoft says that they have between 3% and 5% chances of success to decrypt the files. The chances are poor, but they are better than nothing.
La Porte County is not the only management to pay for getting their files back. Attackers collected over $1 million (107 Bitcoins) in June from just two municipalities in Florida, Lake City and Riviera Beach.
Nevertheless, there is an intensive effort to fight this kind of attacks, with mayors in the US making a resolution not to pay cybercriminals after ransomware infections, with the aim to discourage them.