The City of Valdez did not agree to pay bitcoins for ransomware removal without a reason. While contemplating the decision, the management came to know that the data from the police department was encrypted in the attack. This data contain information from the past 15 years which could prove pivotal in the upcoming court cases. As a result, the City agreed on the payment.
However, there was one major concern: often such attackers renege on their promise of ransomware removal. As a result, the agreement also included a set of terms and conditions. According to Doom, the City’s Manager, they tested a few files and were successful in decrypting them. These files were then sent in their encrypted states to the cybercriminals for ransomware removal to verify their claims. In response, the cybercriminals succeeded in decrypting the data and the City paid the quoted ransom of bitcoins after confirmation of their abilities.
Afterwards, the City received a decryption key from the perpetrators, and the ransomware removal and restoration processes began. However, the City realized that their work was not yet completed and they could not afford to be complacent as the data from the perpetrators still may contain any malware.
Subsequently, Doom explains that the city tested the data with anti-virus tools and began passing the data through different layers of security to make sure that it did not carry any harmful ransomware strain or Trojan that may reset the City’s original misery.
As the highly laborious effort for the verification and cleanliness of the data came to an end, the city started incorporating several modifications for its secure data management so any future cyberthreat could be repelled in time.
While the department went back to its original operation, Doom believes that companies and governments still remain vulnerable to any future ransomware strain.