First it was Florida, now Indiana suffers ransomware attack; government had to pay over $100k USD

The government of La Porte County, Indiana, paid a ransom of about $130k USD after suffering a ransomware attack that encrypted access to all their files. According to information security experts, the incident occurred after the U.S. decided that local governments should not yield to the demands of threat actors in such cases.

La Porte mayor reported that the local government approved cybersecurity incident insurance last year, so most of the cost of the ransom will be solved by the La Porte insurer, so the county will only need to contribute with $30k USD. According to the current exchange rate, La Porte paid the hackers about 11.3 Bitcoin. 

Despite criticism, La Porte’s government claims that the decision to pay the hackers was made after consulting the FBI information security specialists, who determined that the ransomware variant used by the attackers could not be countered with the tools available at the agency.

The incident occurred sometime on July 6 and, as a result, the county website, its email server, and La Porte’s computer network were disabled. After the investigation, the specialists concluded that the ransomware variant employed by hackers was the so called Ryuk, an encryption malware used in multiple malicious campaigns for a couple of years.

As in the ransomware attacks recently occurred in some cities in Florida, USA, the La Porte administration decided to pay the ransom to regain access to their systems as soon as possible. However, U.S. authorities and cybersecurity experts recommend not negotiating or making payments to hackers, as this helps threat actors to keep active, plus there is no guarantee that hackers will fulfill their share of the deal.

Information security specialists from the International Institute for Cyber Security (IICS) believe that the best way to avoid the debate about paying or not paying hackers is prevention, consolidating a secure system and establishing policies security to prevent future ransomware infections.