The government of La Porte County, Indiana,
paid a ransom of about $130k USD after suffering a ransomware
attack that encrypted access to all their files. According to information
security experts, the incident occurred after the U.S. decided that
local governments should not yield to the demands of threat actors in such
cases.
La Porte mayor reported that the local
government approved cybersecurity incident insurance last year, so most of the cost
of the ransom will be solved by the La Porte insurer, so the county will only
need to contribute with $30k USD. According to the current exchange rate, La
Porte paid the hackers about 11.3 Bitcoin.
Despite criticism, La Porte’s government claims
that the decision to pay the hackers was made after consulting the FBI
information security specialists, who determined that the ransomware variant
used by the attackers could not be countered with the tools available at the
agency.
The incident occurred sometime on July 6 and,
as a result, the county website, its email server, and La Porte’s computer
network were disabled. After the investigation, the specialists concluded that
the ransomware variant employed by hackers was the so called Ryuk,
an encryption malware used in multiple malicious campaigns for a couple of
years.
As in the ransomware attacks recently occurred
in some cities in Florida, USA, the La Porte administration decided to pay the
ransom to regain access to their systems as soon as possible. However, U.S.
authorities and cybersecurity experts recommend not negotiating or making
payments to hackers, as this helps threat actors to keep active, plus there is
no guarantee that hackers will fulfill their share of the deal.
Information security specialists from the
International Institute for Cyber Security (IICS) believe that the best way to
avoid the debate about paying or not paying hackers is prevention,
consolidating a secure system and establishing policies security to prevent
future ransomware infections.
