Yet another incident of hackers using Bitcoin as a payment method for ransomware attacks has surfaced. One of the largest counties in Alabama was the victims this time, and the security breach and subsequent encrypting of sensitive information cost the local government a not-inconsequential $37,000.
The figure sounds a lot, but when you consider that County Commission Chairman Elton Dean estimates the value of the seized data at around $5 million, the legislature managed to reclaim the appropriated digital property for an absolute bargain. He also called the attack an “emergency situation,” a comment which probably made the hackers wish they’d asked for a greater sum of money.
The county paid the ransom on Friday after an emergency meeting was held by the Montgomery County Commission to authorize the cash to send to the cybercriminals. At the current market value of a Bitcoin, the security breach cost them just over 9BTC according to local news sources.
Hannah Hawk, a spokesperson for Montgomery County said that the attack “locked up” the county’s data using encryption methods. This prevented the necessary departments from accessing various pieces of sensitive information. Data ranged from vehicle tags to business and marriage licenses. Hawk also reminded officials and the public that no personal information had actually been stolen. This is because the hackers had charged the county for a key for the decryption of data, and therefore never actually had access to the information themselves.
Following the attack, the county had been working alongside the FBI to restore data from backups, but “issues” with the files had forced them to cede to demands. However, the federal investigators did not condone the payment of ransom, claiming that payment does not guarantee the delivery of files.
There have been cases where organisations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organisations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organisation might inadvertently be funding other illicit activity
Despite these warnings, the chief IT officer for Montgomery County, AL, did confirm that those targeting the local government with ransomware had indeed restored all the data and that no sensitive information had been compromised. How exactly they were able to ensure that a copy of all the sensitive information was not made to sell on the black market, thus further increasing the revenue generated from the scam, we’re not quite sure. However, Lou Ialacci seemed adamant this was the case:
“I hate to say this, but their reputation is that they do return stuff. They think of themselves as modern day Robin Hoods, they are here helping the masses. They are the good guys, they are going to come in, hack you and grab the files. If you pay them, that’s your punishment for letting them in.”
Despite these recent developments, the guidelines to deal with ransomware attacks remain the same. It is advisable not to pay ransom to the perpetrators as there is no guarantee that they will provide the decryption key after receiving funds. Meanwhile, good internet usage practices and creating regular backups of sensitive data will help users avoid being held to ransom by cybercriminals.
Ref: WSFA