Jackson County government gives in to hackers and pays $400,000

mongeese

TS Maniac
Staff member

Employees first noticed that government computers, websites and even email addresses had stopped functioning sometime on March 1. While fortunately 911 emergency calls were still operational, every internet connected device was inoperable and it is possible that the hackers were able to steal police and county records, too.

“Everything we have is down,” Sherriff Janis Mangum told StateScoop. “[But] we’ve continued to function. It’s just more difficult.”

After a few days of what was undoubtedly chaos, the county’s technology department requested that the Sherriff contact the FBI and hire a professional cybersecurity team. “In dealing with the FBI and cybersecurity experts, this is one of the most sophisticated attacks they have ever seen in the US,” Jackson County manager Keven Poe told Online Athens.

On Friday, the decision was made to pay up. The hired cybersecurity team negotiated with the hackers, and agreed to pay about 100 bitcoins, or $400,000. According to Poe, it was simply the cheapest and safest route forward.

The FBI believes the ransomware might be a new strain of the impenetrable Ryuk, leaving hardware replacement as the only way to get the computers back online without paying the ransom. But that definitely wasn’t appealing. “We could have literally been down months and months and spent as much as or more money getting our system rebuilt,” Poe said.

Atlanta was hit with a similar attack last year but refused to pay the ransom. Despite initial estimates that replacing the computer systems would cost $2.6 million, it took $17 million. Worse though, is the fact that Jackson and Atlanta are just the tip of the iceberg, with counties in North Carolina, Washington, Ohio and Alaska and more all being hit in the last two years.

Permalink to story.

 

psycros

TS Evangelist
Sounds like they have a terrible backup strategy in-place.
Sadly, once they own your system they can usually get access to the backups as well. The only real safeguard against this is good old offline storage like tapes or removable drives. Everybody wants to sell you the "cloud" now because its cheap and allows third parties to see all your data unless you encrypt it yourself. Its fundamentally insecure and unreliable.
 

brucek

TS Maniac
Paying the ransom is just like up putting a help wanted sign for more attackers to attack you or other cities again.

The US should pass and enforce a law making it illegal for public and private organizations to pay these ransoms. The attackers are in it for the money. When there's no money, there's no attackers.

Meanwhile, in the case of a severe attack like this, I'd be fine treating it as a military attack on the U.S. Let the NSA identify the attackers, demand their host country extradite, and if not send a drone or a special operations team.

It wouldn't take too many examples before enthusiasm for this sort of scheme died down markedly.

And yes, of course, offline backups.
 
Encrypted cloud backups with versioning. It's really not that difficult.

The only major downside for cloud backup is the data restore is very annoyingly slow and some services don't give you a good time estimate for completion.

Not done yet? Just wait longer!
 
  • Like
Reactions: lipe123

Xclusiveitalian

TS Evangelist
What makes you think this won't happen again if it is this easy? This was probably a test and a successful one at that. They could hit the same county again because they now know they can't do anything. Maybe hit bigger cities and ask for more. This is bad.
 
  • Like
Reactions: Verrm

Knot Schure

TS Addict
OMG, BTC or not, those coins will pop up in exchanges / real life accounts / traded for traceable goods, somewhere....

Knowing the USA, the perpetrators are likely to get 7,000 years for this.

And rightly so.
 

Dosahka

TS Addict
OMG, BTC or not, those coins will pop up in exchanges / real life accounts / traded for traceable goods, somewhere....

Knowing the USA, the perpetrators are likely to get 7,000 years for this.

And rightly so.
Except the fact is BTC untraceable, put on a crypto currency wallet hardware key then transfer the amount you want to use to an online account, nobody will ask you questions where you got 100 BTC or any amount...
 
  • Like
Reactions: Verrm
I

iamcts

OMG, BTC or not, those coins will pop up in exchanges / real life accounts / traded for traceable goods, somewhere....

Knowing the USA, the perpetrators are likely to get 7,000 years for this.

And rightly so.
Except the fact is BTC untraceable, put on a crypto currency wallet hardware key then transfer the amount you want to use to an online account, nobody will ask you questions where you got 100 BTC or any amount...
BTC is not untraceable - it's anonymous. There is a significant difference.
 

Uncle Al

TS Evangelist
On the shear matter of principle alone they should dump their system and start over, then put the FBI cyber-crime unit on tracking these guys down. Oh yeah, there are invisible until they start up again, which is how they have caught quite a few of them. Once caught I'd throw the book at them, say 50 years to life without access any form of electrical driven technology .... not even an electric toothbrush!
 

Babbel13

TS Rookie
We need a national law that gives an automatic death penalty for malicious hacking. Maybe even a hit squad that is sent to kill the bastards where they live. The time for action has come.
 

IAMTHESTIG

TS Evangelist
Yes, we negotiate with terrorists. Who want's free money?!?!?! All you gotta do is bring us down to our knees and make us beg!
 
  • Like
Reactions: Verrm

Q Wales

TS Rookie
Paying the ransom is just like up putting a help wanted sign for more attackers to attack you or other cities again.

The US should pass and enforce a law making it illegal for public and private organizations to pay these ransoms. The attackers are in it for the money. When there's no money, there's no attackers.

Meanwhile, in the case of a severe attack like this, I'd be fine treating it as a military attack on the U.S. Let the NSA identify the attackers, demand their host country extradite, and if not send a drone or a special operations team.

It wouldn't take too many examples before enthusiasm for this sort of scheme died down markedly.

And yes, of course, offline backups.
Totally agree, although I'm not sure it would be wise to send in a drone if it turned out to be the Ruskies
 

lipe123

TS Evangelist
I'm sorry it's just normal ransomware, how in the world was it "the most sophisticated attack EVAR" when everyone knows what happened was someone got and email, clicked on the link, downloaded the executable and ran it?!

So that county had:
1. Not a good antivirus/antimalware
2. Users had admin rights on computers to execute junk.
3. Non Secure admin passwords.
4. No backup or just a second volume to backup to instead of cloud/ftp/tape/etc.

What even is the deal with "hardware replacement as the only way to get the computers back online without paying the ransom" They can't just reformat and reinstall?!
BS!
 

Soaptrail

TS Rookie
Paying the ransom is just like up putting a help wanted sign for more attackers to attack you or other cities again.

The US should pass and enforce a law making it illegal for public and private organizations to pay these ransoms. The attackers are in it for the money. When there's no money, there's no attackers.

Meanwhile, in the case of a severe attack like this, I'd be fine treating it as a military attack on the U.S. Let the NSA identify the attackers, demand their host country extradite, and if not send a drone or a special operations team.

It wouldn't take too many examples before enthusiasm for this sort of scheme died down markedly.

And yes, of course, offline backups.
I believe it is illegal in certain states and/or cities.
 

lturn9

TS Rookie
On the shear matter of principle alone they should dump their system and start over, then put the FBI cyber-crime unit on tracking these guys down. Oh yeah, there are invisible until they start up again, which is how they have caught quite a few of them. Once caught I'd throw the book at them, say 50 years to life without access any form of electrical driven technology .... not even an electric toothbrush!
I'd have no problem with a life sentences for these vermin. While the 911 service still worked in this case, it could have been inoperable and many lives may have been lost. And any govt group that pays will likely be hit again and again IMO.
 
  • Like
Reactions: Verrm

Knot Schure

TS Addict
Except the fact is BTC untraceable, put on a crypto currency wallet hardware key then transfer the amount you want to use to an online account, nobody will ask you questions where you got 100 BTC or any amount...
Deflection of facts.

Transfer 100BTC from your exchange account, to your real life account, and let me know if anybody immediately calls you right up from the tax office.

But I can save you the suspense - they will.

Why are we splitting hairs in the first place? WE know you can have as much as you want in BTC, but try spending that stolen 100BTC, and you will quickly become undone.
 

Verrm

TS Enthusiast
Except the fact is BTC untraceable, put on a crypto currency wallet hardware key then transfer the amount you want to use to an online account, nobody will ask you questions where you got 100 BTC or any amount...
Deflection of facts.

Transfer 100BTC from your exchange account, to your real life account, and let me know if anybody immediately calls you right up from the tax office.

But I can save you the suspense - they will.

Why are we splitting hairs in the first place? WE know you can have as much as you want in BTC, but try spending that stolen 100BTC, and you will quickly become undone.
Not really. You can safely split that amount to various accounts and through safe vpns make transactions that would look like random ones from different countries. Hackers really know what they're doing asking for BTC. Don't think even for a while that hackers are *****s that will ask for a payment that will give them up.
 

Dosahka

TS Addict
Deflection of facts.

Transfer 100BTC from your exchange account, to your real life account, and let me know if anybody immediately calls you right up from the tax office.

But I can save you the suspense - they will.

Why are we splitting hairs in the first place? WE know you can have as much as you want in BTC, but try spending that stolen 100BTC, and you will quickly become undone.
Sorry if I wasn't clear enough by online account I meant online crypto currency account not your real life online banking account.

It seems that you know a lot about crypto currency wallets.
Do you know what bitcoin mixing is? or what does HD Wallet means? using these two and you won't be connected to more than 2 transactions, also you can use logless VPN and Tor network to make it even harder to trace...
A bitcoin wallet does not require any form of identification (no bank account, no ID...etc) other than your email.