[BreachExchange] City of Cartersville paid $380k ransom to restore access to files

Destry Winant destry at riskbasedsecurity.com
Thu Mar 5 10:10:03 EST 2020


https://www.scmagazine.com/home/security-news/ransomware/city-of-cartersville-paid-380k-ransom-to-restore-access-to-files/

Almost one year after a ransomware attack struck the city of
Cartersville, Ga., municipal officials revealed that they paid a
ransom of $380,000 to regain access to their files.

The news was made known after the local Daily Tribune News filed a
Freedom of Information Act request, which disclosed the payment to
mitigate the May 4, 2019 attack. The Daily Tribune found that the
initial ransom demand was for $2.8 million, payable in bitcoin, and
that the city’s insurance paid the majority of the cost.

The attackers did deliver the decryptor keys necessary to regain
access about 48 hours after the payment was made and all systems were
operational soon thereafter.

The FOIA showed city officials learned the attackers used Ryuk
ransomware and that police and other emergency services were impacted.

The city does not believe any information was removed, but there is no
way to know if ransomware attackers have taken data.

If an organization pays the ransom, that does not mean the bad guys
will comply and not make further use of the stolen information. The
people behind ransomware attacks are criminals and not to be trusted,
which is one of the primary reasons law enforcement officials
typically take a stance against paying a ransom. It guarantees
nothing.

“Stealing data simply gives them additional leverage to extort payment
and, perhaps, other options for monetization – selling the data to
other criminal groups or competitors, for example,” said Brett Callow,
a threat analyst with Emsisoft.


More information about the BreachExchange mailing list