Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems.
The ransomware hit the county's internal network last week, on Friday, March 1, 11Alive reported[1] on Wednesday.
The infection forced most of the local government's IT systems offline, with the exception of its website[2] and 911 emergency system.
"Everything we have is down," Sheriff Janis Mangum told StateScoop[3] in an interview. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult."
Jackson County officials notified the FBI and hired a cyber-security consultant. The consultant negotiated with the ransomware operators, and earlier this week the Georgia county paid $400,000 to hackers to get a decryption key and re-gain access to their ransomed files.
County officials are in the process of decrypting affected computers and servers, Jackson County Manager Kevin Poe told Online Athens[4] in an interview yesterday.
"We had to make a determination on whether to pay," Poe said. "We could have literally been down months and months and spent as much or more money trying to get our system rebuilt."
Poe identified the ransomware that infected the county's network as "Ryunk" --which is most likely Ryuk, a well-known ransomware strain that is currently undecryptable.
The Ryuk gang is believed to be operating out of Eastern Europe[5] and for the past year has focused on targeting local government, healthcare, and large enterprise networks. They intentionally go after big targets as part of a tactic known as "big game