Ransomware Attack Freezes Jackson County, GA Government Systems
By: Jim Stickley and Tina Davis
May 4, 2019
The ransomware called Ryuk recently attacked the computer data systems of the Jackson County, GA government, bringing city services to a grinding halt. Jackson County officials made the decision to pay the $400,000 ransom, a move that goes against FBI guidance; stating ransoms should never be paid. The controversial conclusion of this attack brings to light the grim reality of ransomware attacks placing victims in a lose-lose situation should they not be prepared.
Experts believe the Ryuk ransomware used in the hack is that of a crime gang known as GRIM SPIDER, an eastern European hacking group with Russian-based ties. This latest attack froze city services including emergency services, although 911 operations were left unaffected. The Jackson County attack is just one of many perpetrated on city services throughout the country on an all-too-regular basis. The last ransomware attack making similar headlines was on the city of Atlanta, GA. In this case, Atlanta city officials refused to pay the $51,000 bitcoin ransom demanded by hackers. However, it cost tax-payers an estimated $17 million to bolster the city’s data systems in an effort to thwart another attack.
It’s believed that Jackson County paid the ransom because their data systems were not properly backed-up, making it impossible for them to recover data encrypted in the hack. When that happens, victims are left with little choice but to pay the ransom. The FBI made public their firm beliefs that paying a ransom only encourages more attacks. They also state that paying a ransom is no guarantee that data decryption keys will be handed over–knowing that relying on the promise of hackers is a slippery slope.
The way in which city governments prepare–or don’t–for ransomware attacks is something keeping some officials up at night. A commitment to fortifying data systems with proper protections is a big step in the right direction. Trying to prevent hacks to begin with, along with regular data backups, is the best combination currently available. What “regular” may be is different for each organization. For some, nightly might be just fine. However, for organizations in which having systems down may cost a life, such as hospitals, it’s important to have a backup routine in place. Because ransomware and other types of malware now have the capability of encrypting backups as well, be sure to keep those completely separate from the operations network.
For Jackson County, GA, it was an expensive lesson to learn. Not only was paying the ransom pricey, but they are now spending precious time decrypting and slowly restoring city services. This entire hack and its ramifications could have been avoided had the county learned from others’ mistakes. Keeping one’s fingers crossed is hardly a commitment to data security, whether it’s on an individual level or one involving the safety and security of an entire population.