County La Porte pays $130,000 to Ryuk Ransomware

Ryuk Ransomware

An additional US public administration is handing down cybercriminal claims such as $130,000 in La Porte County, India, to recover information on ransomware-impacted computer systems.

The attack happened on Saturday 6th July and was detected before it spread to the entire network computer. The reacted IT department could confine it to less than 7% of laptops.

In spite of this response, the network service was therefore unavailable affected by two domain controllers. The News Dispatch reported that the government’s e-mails and the county’s website still were not working.

There was a forensic inquiry firm and the FBI, but attempts were fruitless to recover the malware encrypted information without paying for the ranch.

Insurance covers part of the cost

Cyber criminals received about $130,000 in bitcoin from this attack with $100,000 covered in insurance. There may be no immediate impact, but in the long run it does create rips.

“Fortunately, our county liability agent of record, John Jones, last year recommended a cybersecurity insurance policy which the county commissioners authorized from Travelers Insurance” – Dr. Vidya Kora, La Porte County Board of Commissioners President, told The News Dispatch.

After we had seen that the FBI decryption keys could not restor the coded files, the decision to pay for cyber criminals came.

Blaming it on Ryuk

The county has backup servers but malware has infected them. According to WSBT.

It was stated in the newspapers that Ryuk was the “triple threat” of the city of Lake City on 10 June because of an Emot infection that provided Trickbot Trojan, which later became a ransomware for La Porte County systems. It was also reported in the news release.

In the case of Ryuk, antivirus manufacturer Emsisoft says that it has an opportunity for decrypting the files between 3 and 5 percent. The probabilities are poor, but better than nothing.

The infosec community and law enforcement agencies take bad practices into consideration, to pay criminals for the decryption key. This only strengthens the idea of profit and incitement to further these attacks if an successful attack occurs. In addition, there is no sure way to know that once the money is reached, attackers will keep their promise.

The way to protect data against ransomware encryptions is, in the absence of decryption keys, to set up a backup system that works regularly and saves copies in a safe and isolated location from the network.

The County La Porte is not the only government which pays for its files. Over $1 million in June (107 bitcoins) from only two Florida townships, Lake City, Riviera Beach was collected by assailants.

But a concerted effort is being made to combat this type of attack. In order to discourage cyber-criminals from ransomware infections, the mayors of the United States adopted a resolution.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.