Data Backup Digest

Despite our best efforts, it seems the number of ransomware cases is on the rise. Although it's a disturbing trend, some of these attacks have proven to be rather profitable for the hackers. One doesn't have to look far to find an example of this; just take a recent incident that took place in Jackson County, Georgia that netted the criminals $400,000.

The Attack

The initial attack took place in early March 2019 and specifically targeted the computer network of Jackson County, Georgia – including their email systems and emergency services department. While their 911 telephone lines and radio communications remained completely functional during this time, most of the county's internal office administrative duties were relegated to paper-based records of a bygone age.
Making matters worse, the county didn't have a comprehensive backup system to rely on. Instead, they had no other choice but to pay out the demanded ransom – all $400,000 – for a decryption key that would restore access.

Kevin Poe, a manager with Jackson County, explained the situation by saying: "They demanded ransom. We had to make a determination on whether to pay. We could have literally been down months and months and spent as much or more money trying to get our system rebuilt."

While they ultimately paid the ransom, via the assistance of a cybersecurity response consultant, it still took some time to restore full accessibility. With such a large and widespread network, the system simply required time to fully decrypt and process all of the data.

Poe continued his explanation of the incident by saying: "All of our operations are still ongoing, but we’re basically having to do it the old fashioned way. During this whole time we never lost our radios or phone service, so 911 was able to continue to operate. The emergency medical service was on a third party provider so it had minimal impact on EMS service."

An Unknown Origin

As expected, the FBI quickly launched an investigation. Although they were unable to determine exactly how the hackers gained entry into the system in the first place, or even how long they had access before they took action, reports indicate the malicious software in question was Ryuk – a ransomware utility that has roots to Eastern Europe and even North Korea.

However, given the availability of ransomware through the online underground community, nearly anyone with rudimentary knowledge could have purchased the software and included their own malicious coding.

Ryuk originated around mid-2018 when it was discovered by the prolific security research known as MalwareHunterTeam. Since then, it has collected hundreds of thousands of dollars through cryptocurrency-based ransoms – including the recent $400k from Jackson County. Both the Los Angeles Times and Tribune Publishing are listed amongst previous victims of the Ryuk ransomware software.

Perhaps more than anything else, this story emphasizes the importance of backing up your data on a regular basis. Had Jackson County maintained a full system backup, they could have easily restored their data with minimal impact.