Almost one year after a ransomware attack struck the city of Cartersville, Ga., municipal officials revealed that they paid a ransom of $380,000 to regain access to their files.
The news was made known after the local Daily Tribune News filed a Freedom of Information Act request, which disclosed the payment to mitigate the May 4, 2019 attack. The Daily Tribune found that the initial ransom demand was for $2.8 million, payable in bitcoin, and that the city’s insurance paid the majority of the cost.
The attackers did deliver the decryptor keys necessary to regain access about 48 hours after the payment was made and all systems were operational soon thereafter.
The FOIA showed city officials learned the attackers used Ryuk ransomware and that police and other emergency services were impacted.
The city does not believe any information was removed, but there is no way to know if ransomware attackers have taken data.
If an organization pays the ransom, that does not mean the bad guys will comply and not make further use of the stolen information. The people behind ransomware attacks are criminals and not to be trusted, which is one of the primary reasons law enforcement officials typically take a stance against paying a ransom. It guarantees nothing.
“Stealing data simply gives them additional leverage to extort payment and, perhaps, other options for monetization – selling the data to other criminal groups or competitors, for example,” said Brett Callow, a threat analyst with Emsisoft.