year after a ransomware attack struck the city of Cartersville, Ga., municipal
officials revealed that they paid a ransom of $380,000 to regain access to
The news was made known after the local Daily Tribune News filed a Freedom of Information Act request, which disclosed the payment to mitigate the May 4, 2019 attack. The Daily Tribune found that the initial ransom demand was for $2.8 million, payable in bitcoin, and that the city’s insurance paid the majority of the cost.
did deliver the decryptor keys necessary to regain access about 48 hours after
the payment was made and all systems were operational soon thereafter.
The FOIA showed
city officials learned the attackers used Ryuk ransomware and that police and
other emergency services were impacted.
does not believe any information was removed, but there is no way to know if ransomware
attackers have taken data.
If an organization pays the ransom, that does not mean the bad guys will comply and not make further use of the stolen information. The people behind ransomware attacks are criminals and not to be trusted, which is one of the primary reasons law enforcement officials typically take a stance against paying a ransom. It guarantees nothing.
data simply gives them additional leverage to extort payment and, perhaps,
other options for monetization – selling the data to other criminal groups or
competitors, for example,” said Brett Callow, a threat analyst with Emsisoft.