Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/11/2019
11:00 AM
50%
50%

Georgia's Jackson County Pays $400K to Ransomware Attackers

The ransomware campaign started March 1 and shut down most of Jackson County's IT systems.

Jackson County, a rural area of Georgia located about 60 miles from Atlanta, has paid $400,000 to regain access to systems and data locked down in a recent ransomware campaign.

The cyberattack was first confirmed by officials on March 1. It shut down the county's network and knocked computers, email services, and websites offline. While the website and 911 emergency system were reportedly unharmed, Jackson County was mostly disconnected.

"Everything we have is down," said Sheriff Janis Mangum to StateScoop. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult."

Following the attack, Jackson County alerted the FBI and a cybersecurity response consultant, who communicated with the attackers and negotiated a $400,000 price for the decryption key.

Paying ransom is a controversial topic among cybersecurity experts. Businesses that pay are still subject to downtime, incomplete transactions, and unhappy customers following a ransomware attack. Further, the return of data isn't guaranteed, and payment encourages criminal activity.

Still, in this case and many others, the ransom is a small price to pay compared with the cost of rebuilding the infrastructure from scratch. "We had to make a determination on whether to pay," said Jackson County manager Kevin Poe to OnlineAthens. "We could have literally been down months and months and spent as much or more money trying to get our system rebuilt."

Read more details here.

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/18/2019 | 10:44:51 AM
Re: AND AGAIN - BACKUPS AND DISASTER RECOVERY?
You are indeed correct on this particular case but larger issue remains such as City of Atlanta - rebuilt everything from scratch and you would think THAT entity has a good budget and obbviously did not have a restoration plan.  I am not talking ransomware either ---- servers DO FAIL sometimes so what do you do then.  Lost data may as well be encrypted data.  I am beginning to think of ransomware entities as good backup entities --- pay them a monthly ransome, eh, fee for backup and then you have encrypted saved off-site data.  Think about it, it almost is a viable idea!!!!!

Added comment - if I remember well, the IT folk had a plan but it was judged more expensive to restore than to pay a ransom.  Well, why backup up ALL then.  Just let ransomware steal it and voila --- restoration problem solved on the cheap. 
BubbaHotep
50%
50%
BubbaHotep,
User Rank: Apprentice
3/14/2019 | 3:35:56 PM
Re: AND AGAIN - BACKUPS AND DISASTER RECOVERY?
Before crucifying the IT Admin look at the technology budget for the past five - ten years for this agency.  Chances are they were scraping by on the crumbs left over from Public Safety (police/Fire) and Public Works.  Municipal and county IT have never been at the forefront of any annual budget and have been neglected for decades.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/11/2019 | 1:13:03 PM
AND AGAIN - BACKUPS AND DISASTER RECOVERY?
YET ANOTHER DEMO that IT departments do not take backups and DR planning seriously.  What if a server crashed or data center went down?  Happens - see Delta at Hartsfield-Jackson.  See Atlanta.  EGAD they do not have plans and instead pay a ransom and STILL that data is not guaranteed destroyed!!!   IF they had a competant staff and true professionals then these events would be prevented.  On a very small scale, I had a catalog backup system dedicated to my accounts when a consultant in NY State.  Restored a Cryptolocker infection for a small 501C3 account in 3 hours.  Whole network compromised and gone. 

Now this was a small network but the rules fit.  If you FAIL TO PLAN you are really in a PLAN TO FAIL mode and  you will have a disaster.  This is a broken record for me.    (Survived the south tower on September 11 so I am somewhat familiar with a true disaster scenario.  Worked for Aon. )

Secondly - who initiated this disaster?  Which staffer opened up a bad email.  User education might have gone a real long way here. Like the one user who brought down North Carolina last year.  All it takes is a click of a mouse on an infected PDF and off to the races you go.  IT admin should be fired. 
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27020
PUBLISHED: 2021-05-14
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
CVE-2021-30183
PUBLISHED: 2021-05-14
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.