Recently, ransomware breached the defenses of the Jackson County government. As a consequence, the government had to pay $400,000 to the cybercriminals.
Currently, the staff at the county are involved in the ransomware removal and decryption procedures since the last week, according to the County Manager, Kevin Poe.
Meanwhile, the FBI is in the loop as well and is engaged in the investigation of the attack. For those, who are unaware of ransomware, it is a type of malware in which the files of users are encrypted and locked out. The cybercriminals then ask for money in return for the restoration of data.
Poe explained that a ransom demand soon came after the attack. As a result, the management had to come up to a decision. They realized that it was possible for the servers to remain non-functional for months while at the same time they might have to spend a great amount of money for the restoration processes.
In order to counter the ransomware, the county decided to take up the services of a cybersecurity organization which had extensive experience of negotiations involving cybercriminals. After the negotiations, soon ransom was paid in the form of the popular cryptocurrency, bitcoin. Poe explained that the choice of bitcoin was due to the fact that it was extremely hard to track it.
Poe also revealed the fact his conversation with the cybersecurity professionals and FBI referred the breach among the most sophisticated of cyberattacks in the U.S history.
Earlier, on March 1, the servers of the county were corrupted due to ransomware. According to Poe, the ransomware dwelled in their systems for around 2 weeks. He commented on the planning and strategies of the hackers through which they brought down the entire IT infrastructure of Jackson County.
So far, there have been no clues about how exactly the hackers were able to enter into the servers of the county. Sources from FBI suggest that the cybercriminal group may belong to Eastern Europe.
However, the ransom demand was not accepted without proper verification. The hackers were first asked to decrypt one of the files as part of the test to determine the accuracy of their ransomware removal claims. In response, a decryption file was provided which was tested by the county officials. Subsequently, the file worked and the data was decrypted.
Poe also divulged the name of the ransomware, Ryuk Ransomware. He lamented the fact that due to its relatively new entry in the cybersecurity space, there were not enough antimalware tools which could detect it.