Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/11/2019
11:00 AM
50%
50%

Georgia's Jackson County Pays $400K to Ransomware Attackers

The ransomware campaign started March 1 and shut down most of Jackson County's IT systems.

Jackson County, a rural area of Georgia located about 60 miles from Atlanta, has paid $400,000 to regain access to systems and data locked down in a recent ransomware campaign.

The cyberattack was first confirmed by officials on March 1. It shut down the county's network and knocked computers, email services, and websites offline. While the website and 911 emergency system were reportedly unharmed, Jackson County was mostly disconnected.

"Everything we have is down," said Sheriff Janis Mangum to StateScoop. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult."

Following the attack, Jackson County alerted the FBI and a cybersecurity response consultant, who communicated with the attackers and negotiated a $400,000 price for the decryption key.

Paying ransom is a controversial topic among cybersecurity experts. Businesses that pay are still subject to downtime, incomplete transactions, and unhappy customers following a ransomware attack. Further, the return of data isn't guaranteed, and payment encourages criminal activity.

Still, in this case and many others, the ransom is a small price to pay compared with the cost of rebuilding the infrastructure from scratch. "We had to make a determination on whether to pay," said Jackson County manager Kevin Poe to OnlineAthens. "We could have literally been down months and months and spent as much or more money trying to get our system rebuilt."

Read more details here.

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/18/2019 | 10:44:51 AM
Re: AND AGAIN - BACKUPS AND DISASTER RECOVERY?
You are indeed correct on this particular case but larger issue remains such as City of Atlanta - rebuilt everything from scratch and you would think THAT entity has a good budget and obbviously did not have a restoration plan.  I am not talking ransomware either ---- servers DO FAIL sometimes so what do you do then.  Lost data may as well be encrypted data.  I am beginning to think of ransomware entities as good backup entities --- pay them a monthly ransome, eh, fee for backup and then you have encrypted saved off-site data.  Think about it, it almost is a viable idea!!!!!

Added comment - if I remember well, the IT folk had a plan but it was judged more expensive to restore than to pay a ransom.  Well, why backup up ALL then.  Just let ransomware steal it and voila --- restoration problem solved on the cheap. 
BubbaHotep
50%
50%
BubbaHotep,
User Rank: Apprentice
3/14/2019 | 3:35:56 PM
Re: AND AGAIN - BACKUPS AND DISASTER RECOVERY?
Before crucifying the IT Admin look at the technology budget for the past five - ten years for this agency.  Chances are they were scraping by on the crumbs left over from Public Safety (police/Fire) and Public Works.  Municipal and county IT have never been at the forefront of any annual budget and have been neglected for decades.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/11/2019 | 1:13:03 PM
AND AGAIN - BACKUPS AND DISASTER RECOVERY?
YET ANOTHER DEMO that IT departments do not take backups and DR planning seriously.  What if a server crashed or data center went down?  Happens - see Delta at Hartsfield-Jackson.  See Atlanta.  EGAD they do not have plans and instead pay a ransom and STILL that data is not guaranteed destroyed!!!   IF they had a competant staff and true professionals then these events would be prevented.  On a very small scale, I had a catalog backup system dedicated to my accounts when a consultant in NY State.  Restored a Cryptolocker infection for a small 501C3 account in 3 hours.  Whole network compromised and gone. 

Now this was a small network but the rules fit.  If you FAIL TO PLAN you are really in a PLAN TO FAIL mode and  you will have a disaster.  This is a broken record for me.    (Survived the south tower on September 11 so I am somewhat familiar with a true disaster scenario.  Worked for Aon. )

Secondly - who initiated this disaster?  Which staffer opened up a bad email.  User education might have gone a real long way here. Like the one user who brought down North Carolina last year.  All it takes is a click of a mouse on an infected PDF and off to the races you go.  IT admin should be fired. 
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...