Computers of Jackson County, Georgia, were infected with ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.
“The Jackson County government paid online criminals about $400,000
“County officials are in the process of decrypting computers and servers a week after the first signs of an attack, said Jackson County Manager Kevin Poe on Friday.”
The computers at all the departments at the Jackson County were infected with the malware, including emergency and email services, only 911 operations were not affected.
“At this time all County email services are down. If you need to reach county
The media reported that county offices were forced to use the paper during the attack with an important impact on the operations.
Officials at the County decided to pay the ransom to avoid a long-term interruption of the services. The decision suggests the IT staff at the County did not have backups, or that in some way backups were encrypted too because they weren’t properly managed.
“They demanded ransom,” said Jackson County Manager Kevin Poe. “We had to make a determination on whether to pay. We could have literally been down months and months and spent as much or more money trying to get our system rebuilt.”
“All of our operations are still ongoing, but we’re basically having
The FBI immediately launched an investigation, the feds believe the attack was carried out by a threat actor from eastern Europe.
Poe added that malware that hit the County is the Ryuk
The Ryuk ransomware appears connected to Hermes malware that was associated with the notorious Lazarus APT group.
The same ransomware was recently used in an attack that affected the newspaper distribution for large major newspapers, including the Wall Street Journal, the New York Times, and the Los Angeles Times.
Further investigation on the malware allowed the experts from security firms FireEye and CrowdStriketo discover that threat actors behind the
Ryuk ransomware are working with another cybercrime gang to gain access to target networks. They are collaborating with threat actors behind TrickBot, a malware that once infected a system creates a reverse shell back to the attackers allowing them to break into the network.
Experts at Crowdstrike believe the Ryuk ransomware is operated by a crime gang they tracked as GRIM SPIDER, in particular by its Russian based cell dubbed WIZARD SPIDER that is behind TrickBot.
Experts pointed out that Hermes was available for sale into the online underground community, attackers could have purchased it to create their own version of Ryuk.
At the time it is not clear how hackers infected the systems at the
Jackson County, experts
[adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]