When $25k is Cheap...
Delaware County got lucky.
Yes, they got hacked... badly.
It all started, as all of these attacks do, when an employee clicked on a Phishing email. It takes 1 unsuspecting/busy/stressed/anxious employee clicking on 1 Phish.
From there, the cybercriminals get to work.
Hackers first infiltrated the network through a phishing email opened by a county employee.
In the subsequent weeks after the attackers' Phished entry, they used privileged network access to locate and steal sensitive data from the county. This is the same data they later threatened to release on the Dark Web.
Once the hackers grab all the sensitive data they can find, they trigger the Ransomware. This is that infuriating part where all the affected computers and networks get encrypted, or locked down.
The $25,000 paid in this instance was “getting off cheap, especially for a government entity.”
It's at this point that the attackers make their demands.
To pay or not to pay?
At this point, the network is locked down. The county was at risk of missing payroll. Many critical government services could cease.
Alongside their hefty ransom demand, the hackers remind the County of all the sensitive data they've stolen,
This leaves County officials in a very tricky situation...
If they pay the ransom, they support criminal activity.
If they don't pay the ransom, they have to hope that they can restore the network from backups, assuming those aren't corrupted.
Either way, they pray that the County's data is not released.
In deciding whether or not to pay, a County official said they balanced making the payment "with the costs to the county if we didn’t pay the ransom, and those costs would’ve been high."
Oh, there's also this pesky US Treasury rule against paying most ransoms...
Once the County decided to pony up, the negotiation begins. There often is room to negotiate with these Ransomware hackers.
This is where the County got lucky...
In a rare move, the cybercriminals agreed to a $25,000 Bitcoin payment. And yes, just $25k is a steep discount to other recent hacks!
The good news for us is that these attacks can be prevented!
The first step is training your team to avoid the initial Phishing email, like the one that the government employee clicked on here.
Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.
Start with a quick quote - hit us