After weeks of being shut down by a ransomware attack and much deliberation, Washington County Pennsylvania chose to pay the ransom rather than expose their children to possible abuse. That was the explanation given for paying almost $350,000 to a Russian ransomware group.
The county hired a cyber security firm to facilitate the payment of $346,687 to “Russian Hackers.”
Solicitor Gary Sweat said the hackers demanded ransom money or they’d release the hacked data and “We were advised not to make any statements because the cybercriminals were listening in on everything being said.”
WPXI Pittsburgh reported that Commissioner Larry Maggi voted not to pay the ransom, saying it was “repugnant” to give in to cybercriminals. But Commissioner Nick Sherman who voted to pay the ransom explained that the stolen data was more than just social security numbers and driver’s license numbers. “Some of the info they got was Children and Youth Services information about the children of Washington County… children in severe need of services, children who have been abused, abducted… very sensitive information.”
In exchange for the ransom payment, the County received a decryption key to unlock their servers and a promise of deletion of stolen data.
Commissioner Sherman’s had this closing comment: “When you pay the ransom they go away, and they leave you alone, because they know if they don’t people will continue to not pay ransom. It’s a business model they follow.”
I’ll come back to this later. But now I will hand this over to Mark Campbell, Sr. Director, Cigent:
“Ransomware gangs continue to lean in on extortion. It’s no longer about getting the data back via the decryption keys. Many organizations have ways to restore data already, however the threat of releasing sensitive data such as internal communications, customer information, or in this case highly sensitive information about the Children and Youth Services takes the extortion to a new level. Even if the extortion demands are paid, there is no real way to trust that the attackers will earnestly destroy the stolen data. Can we count on honor among these thieves?”
Here’s the deal. You should never, ever pay the ransom. There’s no guarantee that you will get your data back. There’s no guarantee that they won’t come back and attack you again. And there’s no telling what they will do with any data that they stole. This is a really bad move and it may come back to haunt Washington County Pennsylvania.
Like this:
Like Loading...
Related
This entry was posted on February 17, 2024 at 8:59 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Washington County, PA pays nearly $350,000 in ransom…. WHY??
After weeks of being shut down by a ransomware attack and much deliberation, Washington County Pennsylvania chose to pay the ransom rather than expose their children to possible abuse. That was the explanation given for paying almost $350,000 to a Russian ransomware group.
The county hired a cyber security firm to facilitate the payment of $346,687 to “Russian Hackers.”
Solicitor Gary Sweat said the hackers demanded ransom money or they’d release the hacked data and “We were advised not to make any statements because the cybercriminals were listening in on everything being said.”
WPXI Pittsburgh reported that Commissioner Larry Maggi voted not to pay the ransom, saying it was “repugnant” to give in to cybercriminals. But Commissioner Nick Sherman who voted to pay the ransom explained that the stolen data was more than just social security numbers and driver’s license numbers. “Some of the info they got was Children and Youth Services information about the children of Washington County… children in severe need of services, children who have been abused, abducted… very sensitive information.”
In exchange for the ransom payment, the County received a decryption key to unlock their servers and a promise of deletion of stolen data.
Commissioner Sherman’s had this closing comment: “When you pay the ransom they go away, and they leave you alone, because they know if they don’t people will continue to not pay ransom. It’s a business model they follow.”
I’ll come back to this later. But now I will hand this over to Mark Campbell, Sr. Director, Cigent:
“Ransomware gangs continue to lean in on extortion. It’s no longer about getting the data back via the decryption keys. Many organizations have ways to restore data already, however the threat of releasing sensitive data such as internal communications, customer information, or in this case highly sensitive information about the Children and Youth Services takes the extortion to a new level. Even if the extortion demands are paid, there is no real way to trust that the attackers will earnestly destroy the stolen data. Can we count on honor among these thieves?”
Here’s the deal. You should never, ever pay the ransom. There’s no guarantee that you will get your data back. There’s no guarantee that they won’t come back and attack you again. And there’s no telling what they will do with any data that they stole. This is a really bad move and it may come back to haunt Washington County Pennsylvania.
Share this:
Like this:
Related
This entry was posted on February 17, 2024 at 8:59 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.