That moment when your entire network gets hit by a nasty ramsomware attack and you realise that your backup servers aren’t working, meaning you have 70 terabytes of useless, encrypted files to deal with.
That was a moment faced by the IT staff of Montgomery County in Alabama last week, who saw a ransomware strain infect their network, encrypting all of their files and leaving a ransom notice with instructions on how to get into contact with the criminals responsible.
Ransomware is a malicious type of malware that encrypts your files, rendering them useless. The only way of getting those files back – assuming there is no backup – is to pay for a decryption key from those responsible. But decryption keys are rarely cheap, and there is never a guarantee you’ll get it after you pay. You are, after all, dealing with criminals.
In the case of Montgomery County, the files encrypted on their network were worth an estimated $5 million, and included vital files needed to hand out business and marriage licenses as well as vehicle tags and registrations.
And this is the reason why Montgomery County officials made the decision to pay the ransom to try and get their files decrypted. Instructed to pay 9 Bitcoins (that’s $37,000) over the Dark Web, Chief IT Officer Lou Ialacci followed the criminals instructions and eventually all of the files were restored and back in place.
Speaking to media, Ialacci said “I hate to say this, but their reputation is that they do return stuff.”
That may be so in this case, but the reputation of ransomware criminals in general is far from reliable. In many cases, victims of ransomware that do pay up are not given a decryption key. Meaning they lose their files and the money they coughed up for the ransom.
In fact, experts have previously discovered ransomware strains that couldn’t possibly decrypt files, meaning the criminals would have never had any intention of restoring files from victims that paid the ransom. This is why most experts including the FBI don’t recommend paying the ransom.
Basically, Montgomery County got lucky that they were stung by criminals who kept their word and restored the files. That’s not always the case.
Remember, the best defense against ransomware is to be aware of how it spreads – most commonly through malicious email attachments, and to always have a recent backup offsite and not connected to your network.
We imagine staff at Montgomery County will be more aware of this going forward. Read everything you need to know including more tips to keep yourself safe from ransomware in our post here.