Georgia City Pays $380k Ransom (to Russia?)

Newly publicized documents reveal that Georgia's City of Cartersville paid hackers $380k in Bitcoin to restore their machines. The payment came as the city was under attack by Ryuk Ransomware in May 2019.

"Cybersecurity experts with the FBI suspect the Ryuk ransomware is the handiwork of Russian cybercriminals."

It's always difficult to determine the origin for a given cyber attack, but it's likely that Russian cyber criminals were the recipients of the $380k ransom.

"About 3 terabytes worth of data was impacted by the ransomware attack."

There was nearly a week of downtime while getting systems back online. Recognizing it could have been even worse, the city decided to pay the ransom.

“When you looked at the time it would take for us to either try to recreate the files, or wait and see if we would be able to get it back, the downtime on it was too great.” - City Manager Tamara Brock

As with most ransomware attacks, the breach started with a simple phishing email.

“What we basically have kind of narrowed it down to is it started as an email string, most likely, and came in when a file was clicked on.” - City Manager Brock

The city has moved aggressively to protect its people and its network, including implementing system-wide Phishing Training.

“Now, we’re regularly sending employees internal phishing emails to teach them how to recognize those for training purposes,” - Assistant City Attorney Keith Lovell

Cyber attackers have their sights on our local governments, and they don't appear to be stopping.

As cyber criminals keep getting better, more organizations are turning to INFIMA's fully automated Cyber Security and Phishing Training to keep their teams safe.
Want to learn more? Start here!