Who: Jackson County, Georgia

Date: 9 March 2019

Ransom Costs: $400,000 in Bitcoin

What Happened: A ransomware attack hit the computers of Jackson County, Georgia, reducing government activity to a crawl until officials decided to pay cybercriminals $400,000 in exchange for the file decryption key.

How did it Happen: County offices were forced to revert to paper to do their job, which slowed operations drastically. The county did not have a backup system in place, one that is separate from the network for daily county government operations. If there is no backup available, the victim has to decide between paying or taking a huge operational hit and be offline for a long period, spend money to rebuild the network and, hopefully, adopt a strict data backup policy.

Outcome: The ransom payment demand was in bitcoins, to lower the chances of tracking it to the perpetrators. The FBI is currently investigating the attack and Poe said that the cybercriminals used a fairly new strain of ransomware called “Ryuk” and operating by a group in Eastern Europe which borrows code from another piece of ransomware known as Hermes and attributed to the North Korean hacker group Lazarus. On Friday, Jackson County had paid the criminals via a cybersecurity​ consultant negotiates with hackers. They received the correct decryption key and started to decrypt the information on the affected computers. Ryuk is typically used in targeted attacks executed through phishing