Georgia paid half a million dollars to hackers after ransomware attack

Georgia paid half a million dollars to hackers after ransomware attack

Investigators say that the ransomware cyberattack affected Georgia’s internal network, on last Friday.
The cyber attack aftermath forced all local government’s IT systems offline, with one exception: the 911 emergency system.
This kind of cyber attack illustrates very well how dangerous ransomware is. In this case, literally, everything went off.

State officials declared that everything is now done the way was used before computers, with pencil and paper.
The same officials also said that the FBI was notified and a cyber-security consultant was hired.

Because of this action, the consultant conducted negotiations with the hackers, and this morning the Georgia county paid $400,000 to hackers in order to get a decryption key and re-gain access to their IT systems.
Soon after the payment, everyone got lucky because the hackers provided the decryption key and now all the systems are in the process of decrypting the affected files.

Cybersecurity researchers have identified the ransomware as “Ryunk” – which is most likely a new variant of Ryuk – a well-known ransomware strain that is very dangerous and powerful, currently undecryptable.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Thanks to the past investigations, was deducted that the Ryuk hackers group is operating out of Eastern Europe. They gained notoriety because just in the past year multiple local governments, healthcare, and large enterprise networks were affected by their actions.
The point of entry for Ryuk ransomware is usually a network that was previously infected with Emotet or Trickbot malware.

We do not encourage paying such demands like Jackson County did because in most of the cases you only give some money and that is all, no decryption key will be provided; in some cases, more money will be requested.

But don’t make the mistake believing that Jackson County is the first authority who pays a demand like this; not at all, the “kings of money well spent” is the South Korean web hosting firm Internet Nayana, which paid 1.3 billion won ($1.14 million) in bitcoins, in June 2017.
Government officials of Georgia decided to pay the ransom because back in March 2018 thanks to a similar cyber attack the rebuild of their IT network ended up costing around $17 million form an initially estimated $2.6 million.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.