Alabama county pays ransom to recover hacked data
After hackers targeted one of the largest counties in Alabama with a ransomware attack last week, officials in Montgomery County were forced to pay a ransom of $37,000 worth of Bitcoin to unlock nearly 70 terabytes of data.
The county was given one week to pay the ransom or nearly 70 terabytes of data could be erased from their servers, which had been locked by the ransomware attack, according to the Montgomery Advertiser. County Commission Chairman Elton Dean said that the files were valued at $5 million and called the attack an “emergency situation.”
#NOW Montgomery Co. Commission is holding an emergency meeting to discuss next steps after a ransomware attack earlier this week. pic.twitter.com/D90UR0ln4M
— Jalea Brooks (@JaleaBrooks) September 22, 2017
Montgomery County spokeswoman Hannah Hawk told RT America that county officials were forced to pay hackers nine Bitcoin in order to access the data.
The ransom was paid on Friday, after the Montgomery County Commission held an emergency meeting to authorize the funds to pay the ransom. At the time, nine Bitcoin was valued at more than $37,000 according to WSFA.
On Tuesday, Hawk reminded officials that no personal information had been stolen by the hackers, who encrypted the files on their servers and networks until they were paid for a decryption key to unlock those files.
Hawk said that the attack “locked up” the county’s system and prevented the probate office from working with vehicle tags and registrations as well as business and marriage licenses.
BREAKING: ransomware attack shuts down Mtgy CO's system, Probate can't process tags, business and marriage licenses. News conf starting now pic.twitter.com/wBCLVr1H44
— Jenn Horton (@JennWSFA) September 19, 2017
The county’s IT department worked “tirelessly” to recover data from its backup files, Hawk told RT America. However, she added there were “issues” with the backups, and added that the county has worked closely with the FBI since they were attacked last week.
The FBI does not support paying hackers in response to a ransomware attack, stating that: “paying a ransom doesn’t guarantee an organization that it will get its data back.”
“There have been cases where organizations never got a decryption key after having paid the ransom,” the FBI said on its Cyber Crime webpage. “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
The county’s chief IT officer Lou Ialacci, who was in contact with the hackers on the dark web, said that hackers did restore all their files after the ransom was paid and no personal information was compromised.
“I hate to say this, but their reputation is that they do return stuff,” Ialacci said, according to WSFA. “They think of themselves as modern day Robin Hoods, they are here helping the masses. They are the good guys, they are going to come in, hack you and grab the files. If you pay them, that’s your punishment for letting them in.”