According to this link, https://www.bleepingcomputer.com/news/security/la-porte-county-pays-130-000-ransom-to-ryuk-ransomware/, La Porte County, Indiana, has paid $130,000 to recover data on computer systems impacted by ransomware.
- The attack occurred on Saturday, July 6 and was spotted before it propagated to all the computer on the network
- Despite this response, two domain controllers were impacted so network services became unavailable. Three days later, the government emails and the county website were still not working
- A forensic investigation firm and the FBI were involved but attempts to recover the data encrypted by the malware without paying the ransom were fruitless
- The news publication says that the ransomware affecting La Porte County’s systems is Ryuk, the same one that attacked the City of Lake City on June 10
Expert Comments:
Javvad Malik, Security Awareness Advoate at KnowBe4:
“Patching new exploits is a continual game of cat-and-mouse. Just as malware operators, in particular malware-as-a-service providers, will reuse and add functionality to their code. Therefore, in most cases, even if a company can keep up-to-date with all its patches, it is no guarantee it will safeguard it from all threats. And while some threats make their way through software vulnerabilities, in many cases, companies are exploited through social engineering techniques such as phishing. So, having a well-trained and aware workforce is essential in that regard to minimise the risk of malware successfully executing and crippling the IT systems.
The debate over whether to pay or not to pay the ransom once your system is encrypted is heating up. Recently, the US Conference of Mayors approved a resolution coming down in favour of not paying cybercrooks. There are arguments on either side of the question. Paying the ransom creates a huge incentive for ransomware crooks to keep plying their trade. However, in many cases, the costs of not complying with the demand can cost many millions more than paying and may not be a realistic option for some smaller cities. And once your system is compromised with ransomware there may be residual malware left behind and the only way to totally reduce that risk is to build back from bare metal”
