Ryuk Saga: County Government Pays Nearly $400k to Hackers

Recently, Jackson County, Georgia fell prey to hackers during a ransomware attack. By many accounts, this was one of, if not the most sophisticated attacks to hit the US, and the hackers have achieved their goal with glaring success. The attack completely severed online communications by bringing down the entire computer and internet network.

The only good news coming from this is that the 911 systems remained intact, signaling the attackers may have had a little empathy for the people of Jackson County. Aside from that, though, every government-owned device connected to the internet was disabled. Employees apparently began to notice issues trickling in when computers, websites and email addresses stopped working on March 1st. They had no idea, at the time, what they were actually dealing with.

After several days of IT administrators scrambling to figure out the issue, it became clear that it was not due to an “ID10T” error, but was, in fact, a malicious attack aimed at gaining access to police and county records. It was then that government officials contacted the FBI and cybersecurity experts to get help with the situation. Though they all worked tirelessly to gain the upper-hand over the attackers, the effort was all for not, and they decided last Friday to just pay the ransom.

So, the cybersecurity team negotiated with the hackers and agreed to pay 100 Bitcoins, just about $400,000 at today’s market price. Had they not paid the ransom, all of the affected equipment would have just become expensive bricks, and the county would have needed to start over again. Obviously, the time, money, effort, and chaos involved in starting over would have led to much larger headaches for government officials and taxpayers, alike. The FBI stated they believe the attack was a new strain of ransomware called Ryuk, perhaps named after the Shinigami in the manga series Death Note (my personal favorite). Ryuk also struck the LA Times and it’s affiliate publishers in January.

But, this isn’t the first time that hackers have hit a government office in Georgia. In 2018, Atlanta was smacked in the face with a similar threat, and they refused to pay up. Instead, they opted to replace all of their equipment at an estimated cost of $2.6 million. Almost laughably, though, the final cost ended up being closer to $17 million.

Attacks such as this are not unique, as many of us know. Since 2014, Alaska, Ohio, Washington, Indiana, California, North Carolina, and many others have found themselves under siege. However, what makes this case so unique is that it made others like WannaCry, CryptoLocker, TeslaCrypt, and NotPetya look like the work of amateurs. Several of those attacks were brought down with the help of white-hat hackers, or in the case of TeslaCrypt, by the hackers themselves.