Indiana county meets $130,000 ransomware demand, despite advice against payment
This is starting to become all too familiar.
Officials in La Porte County, Indiana, agreed to pay $130,000 in bitcoin to alleviate the pain from a ransomware attack that affected two domain controllers, knocking network services offline, according to WSB-TV. While an insurer will cover $100,000 of that fee, the northern Indiana county is the latest local government to pay digital extortionists to unlock a compromised network amid a spree of similar incidents throughout the country.
Attackers hit La Porte on July 6, deploying the Ryuk ransomware to disable the city’s computer network, website and email service systems. Versions of Ryuk, which the FBI said has had a “disproportionate impact” on small municipalities, also have been blamed for attacks on Georgia’s court system and on small towns in Florida. In this case, La Porte County leaders told WSB-TV they decided to pay the ransom after a decryption key provided by the FBI was ineffective.
The initial ransomware request reportedly was higher, with the FBI negotiators bringing the ultimate fee down to $130,000, according to the local news outlet. Travelers Insurance, which the county enlisted last year, will cover $100,000 of that, county president Vidya Kora told the Michigan City News Dispatch.
The FBI doesn’t encourage ransomware victims to pay hackers, but the La Porte incident highlights law enforcement’s struggle in stopping the attacks. Ryuk was the third-most popular ransomware strain through the first quarter of this year, according to the security firm Coveware. International police and security practitioners have developed decryption tools for some attacks, most notably the GandCrab ransomware which allegedly earned $2 billion. Europol, with help from various security vendors, has published a series of software tools to help vitcims unlock their systems without paying.
But thieves still are quick to create variants of their malicious code to keep ahead.
The La Porte payment also coincided with an announcement from the U.S. Conference of Mayors to pass a resolution calling on cites to not pay attackers. More than 170 recorded ransomware attacks have hit state and local governments since 2013.
Despite the FBI and Department of Homeland Security advisories on the matter, attacks only seem to have accelerated in number since hackers demanded $75,000 in bitcoin from the city of Baltimore. Lawmakers declined to pay, forcing the city to rebuild much of its network infrastructure while overall costs approach $18 million.