Jackson County pays ransomware operators $400k to regain access to computers

Officials in Jackson County, a rural area in the southeastern US state of Georgia, were forced over the weekend to pay hackers almost half a million dollars after a ransomware attack brought its entire fleet of computer systems to its knees.

AWS Builder Community Hub

According to, the county government’s entire email system was taken offline following the attack, with some departments resorting to pen and paper to conduct operations.

“Everything we have is down,” Sheriff Janis Mangum said. “We are doing our bookings the way we used to do it before computers. We’re operating by paper in terms of reports and arrest bookings. We’ve continued to function. It’s just more difficult.”

The sheriff contacted the FBI soon after discovering the incident. Details of the attack were scarce. However, county manager Kevin Poe later told OnineAthens that the county wound up paying the attackers $400,000 for the decryption keys. The ransomware strain was also revealed: Ryuk.

Ryuk ransomware has been involved in targeted attacks associated with the infamous North Korean APT Lazarus Group. Ryuk’s encryption algorithms are designed for small-scale, targeted operations. Distribution has been notoriously carried out manually by the attackers.

In related news, Columbia Surgical Specialists reportedly ended up paying a $15,000 ransom to regain access to files encrypted in a ransomware attack last week. As one incident closely followed the other, the operator is likely the same.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: