In yet another example of why ransomware continues to remain a preferred choice for cyber criminals, Jackson county in Georgia, United States, was forced to pay $400,000 (£305,916) in ransom to rid government-owned computers of a ransomware infection that paralysed the local administration's services.
In August last year, government officials in the Matanuska-Susitna Borough in Alaska were forced to bring out typewriters from their closets and resort to writing receipts by hand after cyber criminals used a combination of an Emotet trojan horse and Cryptolocker and Dridex ransomware to paralyse the Borough's computer infrastructure, including computers/laptops, servers, networked telephones, and email exchange.
The severity of the cyber-attack was so high that the Borough had to declare a disaster and call in the FBI to investigate the attack. "Everybody's very exhausted. I'm mumbling because I'm beyond exhaustion for the last six days. I think everybody needs a pat on the back and some encouragement and this is going to be a long journey to recover. ... This is cyber crime and this is the future that we are dealing with," said Kurt Bunker, an IT consultant working with Borough IT.
Similarly, a "Ryuk" ransomware attack carried out by cyber criminals targeting the Los Angeles Times’ Olympic printing plant in December disrupted operations at the plant and delayed the printing and distribution of newspapers from leading U.S. media organisations such as The Los Angeles Times, The New York Times, the Wall Street Journal, Chicago Tribune, and Baltimore Sun.
Jackson County forced to pay ransom
In a virtual re-run of the cyber attack on Matanuska-Susitna Borough's IT systems, Jackson County in Georgia was recently forced to pay $400,000 in ransom to cyber criminals after a ransomware attack paralysed computer systems and email servers at all departments of the county, forcing County officials to rely only on phones and radio communication.
The lack of a backup system forced county officials to resort to paperwork to continue working and the network that served medical emergencies was the only one spared from the ransomware attack as it was run by a third-party provider, according to Bleeping Computer.
Because there was no backup, Jackson County was forced to acceed to the hackers' demands and had to pay $400,000 in ransom in exchange for decryption keys. Not accepting the hackers' demands would have led to a huge loss of data and would have cost the County millions to build new networks and to create fresh backups.
After the ransom was paid on Friday, Jackson County recovered all the data encrypted by cyber criminals. It is believed that the ransomware used by hackers in the attack was Ryuk, the one which was also used to target the Los Angeles Times’ Olympic printing plant in December.
"In light of the known circumstances, the payment seems to be a reasonable and economically-justified choice. Recovery and restoration could have cost millions to the taxpayers and taken months without being guaranteed to succeed. The next question is who shall be accountable that a [comparatively trivial] malware could take control over all IT systems?" asks Ilia Kolochenko, CEO of High-Tech Bridge.
"It seems that the very basics of information security and risk management were not fully implemented. IT suppliers and their work performed are to be scrutinized, however, it is also possible that the city did not want to spend adequate budget on cybersecurity. But the taxpayers deserve to know who is responsible for the incident and what will be done to prevent similar breaches in the future," he adds.
NCSC warned businesses about ransomware threats
Fearing similar ransomware attacks on businesses operating in the UK, the National Cyber Security Centre warned businesses about the growing cyber threat posed by new ransomware variants and asked them to stay prepared against future attacks as such attacks have the capability of inflicting wide-scale disruption.
"Throughout 2018, the NCSC has seen a trend in more targeted ransomware attacks. Criminal actors analyse victim networks to understand their ‘value’ and set a ransom demand based on that perceived value.
"Through analysis of the victim network and lateral movement, actors also seek to ensure that their malicious activity has the maximum impact on the victim organisation – potentially denying the victim access to business-critical files and systems and disrupting the operations of the victim organisation," it said.