Ransomeware hackers had sought $31,000
NEWARK — The hackers behind a ransomware attack that crippled Licking County’s computer system for nearly two weeks this year sought about $31,000 worth of digital currency from the county.
According to the ransomware note released by the county following a publicrecords request, hackers demanded 28 bitcoins, a decentralized digital currency, to decrypt the county’s computers. At the time of the demand, a single bitcoin was valued around $1,100, said County Commissioner Tim Bubb.
The ransomware virus was detected on Jan. 31 on a Licking County computer, leading IT staff to quickly shut down the countywide network to prevent the virus from spreading. Most ransomware encrypts files and holds information hostage until a ransom is paid to unlock the system.
Rather than pay the ransom, Licking County worked to rebuild its system, a move that officials said was possible because of good backups and its quick system shutoff. It was about two weeks before the county’s system was back up and mostly operational.
Officials estimate that overtime and insurance costs likely will put the total cost of the ransomware attack to the county at around $50,000. That figure will include the $25,000 cyberinsurance deductible and about $17,000 in overtime for county IT staff, Bubb said, plus overtime accumulated in other county departments to get things back to normal once the network was restored.
Though it ultimately cost the county more to restore its computer system from backups, there was no guarantee that paying the ransom would have restored everything, officials said.
“I’d much prefer to pay our people overtime to fix our own system than give it to some criminal overseas. There’s no guarantee that criminals would be honorable or honest in giving us the key back,” Bubb said. “You’re dealing with people who, really, are trying to rip you off.”
The decision to restore the system using backups also meant the county could retain evidence to better protect against a future attack, officials said.
The county’s 911 dispatching remained operational during the outage, and computer technicians found no evidence of a data breach nor any indication that employees’ or county residents’ personal information was compromised.
The county originally would not disclose the amount of the ransom demand, citing insurance purposes and the ongoing investigation.