[BreachExchange] Georgia's Jackson County Pays $400K to Ransomware Attackers

[Destry Winant]

https://www.darkreading.com/attacks-breaches/georgias-jackson-county-pays-$400k-to-ransomware-attackers/d/d-id/1334124

The ransomware campaign started March 1 and shut down most of Jackson
County's IT systems.

Jackson County, a rural area of Georgia located about 60 miles from
Atlanta, has paid $400,000 to regain access to systems and data locked
down in a recent ransomware campaign.

The cyberattack was first confirmed by officials on March 1. It shut
down the county's network and knocked computers, email services, and
websites offline. While the website and 911 emergency system were
reportedly unharmed, Jackson County was mostly disconnected.

"Everything we have is down," said Sheriff Janis Mangum to StateScoop.
"We are doing our bookings the way we used to do it before computers.
We're operating by paper in terms of reports and arrest bookings.
We've continued to function. It's just more difficult."

Following the attack, Jackson County alerted the FBI and a
cybersecurity response consultant, who communicated with the attackers
and negotiated a $400,000 price for the decryption key.

Paying ransom is a controversial topic among cybersecurity experts.
Businesses that pay are still subject to downtime, incomplete
transactions, and unhappy customers following a ransomware attack.
Further, the return of data isn't guaranteed, and payment encourages
criminal activity.

Still, in this case and many others, the ransom is a small price to
pay compared with the cost of rebuilding the infrastructure from
scratch. "We had to make a determination on whether to pay," said
Jackson County manager Kevin Poe to OnlineAthens. "We could have
literally been down months and months and spent as much or more money
trying to get our system rebuilt."