Ransom paid by LaPorte to recover from ransomware attack

Indiana's LaPorte County has suffered from ransomware attack on Jul. 6, 2019. The ransomware attack has impacted the official website, computers, and email systems of LaPorte County. Two domain controller servers also were impacted by this attack, thereby disabling the network services.

"This particular virus - RYUK - that was used by the bad actors in this attack was particularly insidious in that it jumped all our firewalls and was able to penetrate backup servers," said Dr. Vidya Kora, La Porte County Board of Commissioners President.

The virus has encrypted the files on affected computers, thus preventing the users from accessing data. In addition, the malware has also targeted the servers containing the backup files for numerous infected machines, said Darlene Hale, the IT Director.

The LaPorte County worked with FBI and the security experts in order to recover from ransomware attack, however, decryption keys from FBI cannot restore encrypted files. Moreover, as the backup servers of the county were also infected, so this makes restoration from the backup impossible.

The insurance provider of LaPorte County has suggested meeting the demand of attackers' by paying ransom amount. A firm representing the county has convinced the hackers to lower their ransom demand to $132,300 from $221,000 worth of bitcoins. On Friday (i.e. on July 12, 2019), after the meeting of department heads and elected officials, the officials has decided to pay the ransom demand of 10.5 bitcoins (i.e. worth $132,300) for decryption key required to retrieve the important files on infected computers as well as servers, as per Dr. Kora. Travelers Insurance, who provides the cybersecurity insurance to the County, will pay $100,000 of that ransom payment.

"Fortunately, our county liability agent of record, John Jones, last year recommended a cybersecurity insurance policy which the county commissioners authorized from Travelers Insurance" Dr. Kora said to The News Dispatch, reported BleepingComputer.

There is still no proof that the hackers have accessed or acquired personal information of LaPorte County employee's through this ransomware attack, Kora added.

On July 15, 2019, the IT Department has restored functionality to domain controllers, thus bringing network of the county back online. The IT workers have also decrypted the files of every infected machine, said Hale.

Besides, the LaPorte County has also taken numerous steps to ensure that such an attack does not happen again.

» SPAMfighter News - 8/7/2019