San Bernardino County, California, officials announced on Friday that they paid $1.1 million to a hacker who caused a disruption within the County Sheriff's Department.
The attacker managed to upload ransomware into the department's information technology system, which resulted in the department's operations being affected. This included temporarily shutting down some computer systems, including email, in-car computers, and some law enforcement databases that deputies use for background checks.
According to the Los Angeles Times, the County had been quiet about the incident for weeks, reportedly discovering the attack in early April 2023. Officials only referred to the incident as a "network disruption" until they finally acknowledged that a ransomware attack had taken place.
After much deliberation, the decision was made to pay the $1.1 million ransom demand to regain control of their IT system. Fortunately, the County had secured adequate insurance coverage, which resulted in a payment of $511,852.
After negotiations between the insurance carrier and the responsible party, an agreement was reached to restore the system's full functionality and secure any data involved in the breach. While most of the payment was covered by insurance, County officials did not disclose the details of the remaining $600,000 paid to the hacker.
Did San Bernardino County make the right decision?
On one hand, paying the ransom is a quick and easy way to regain access to encrypted files—albeit no guarantee. But on the other hand, it incentivizes hackers to continue their attacks and extort money from more victims.
By paying the ransom, San Bernardino County is essentially funding the operations of cybercriminals, which can lead to an increase in ransomware attacks in the future.
Though the attack did not impact public safety, it did affect how sheriff's deputies were able to conduct their usual business. An investigation is currently ongoing to determine whether any information was stolen and whether the attack can be traced back to the hacker.
In light of this attack, it's clear that organizations need to be more vigilant than ever when it comes to protecting their IT systems. Ransomware attacks continue to stay on the rise, and they can cause significant disruptions to business operations, as well as result in costly ransom payments.
This case also adds to an already interesting discussion related to ransomware and cyber insurance. Should ransom payments be flat out banned? Should organizations be required to have cyber insurance?
These are important questions the cybersecurity community will continue to debate in the coming years. What do you think should be done to prevent ransom payments to cybercriminals? Let us know in the comments below.
Follow SecureWorld News for more stories related to cybersecurity.