Almost a
year after getting infected with ransomware, the City of Cartersville in the U.S.
State of Georgia this week admitted to paying ransomware operators $380,000 to
unlock its systems.
Cartersville reportedly got infected in early May last year when it saw “3 terabytes worth of data” vanish from city computers and servers. The city recovered within a week, but only after paying their cyber-aggressors to the tune of $380,000 in non-tradable Bitcoins, “with an additional $7,755.65 paid for transaction fees and negotiators,” according to the documents obtained by The Daily Tribune News.
The incident
was made public this week after the news outlet filed an Open Records Request. Records
obtained in the wake of such a request are documents that are supposed to be
made available to members of the public on request. Each of the fifty states
has its own set of laws governing which documents are considered public.
The payout
is reportedly much lower than the amount demanded by the attackers. According
to Assistant City Attorney Keith Lovell, the sum sought by the hackers was
initially $2.8 million. The cybercrooks reportedly used Ryuk ransomware in the
attack on Cartersville, a ransomware strain notoriously used in attacks on government
and state institutions, and sometimes on critical infrastructures, including
oil pipelines and hospitals.
City Manager
Tamara Brock couldn’t confirm exactly how the attackers breached city systems.
However, all signs point to a negligent city employee clicking on a malicious
file in an email.
“What we
basically have kind of narrowed it down to is it started as an email string,
most likely, and came in when a file was clicked on,” Brock said.
The case is
under investigation by the FBI.
Studies consistently show that employees are the most vulnerable link in a cyberattack. And according to a study commissioned by Bitdefender in 2019, companies placing more emphasis on cyber-training their employees are proportionally better at detecting and stopping an unfolding attack.
Fittingly,
Cartersville is now regularly testing employees with intentional phishing
emails to teach them how to recognize those for training purposes. The City has
also migrated to a new email filtering provider, added monitoring software, and
implemented a new protocol to help personnel “weed out malicious emails from
their inboxes,” according to the report.