Westmoreland, Kan—The cyberattack investigation of Pottawatomie County IT systems continues, and all County offices are open and serving the public, according to a media release.
The original ransom demand was one million dollars. Following a successful negotiation, the ransom paid included $71,250.00 to the threat actor and $356.25 in exchange fees to facilitate the cyber currency payment. This was paid from the General Fund and a substantial portion will be refunded by our self-insurance pool.
The County also spent $5,000.00 to purchase enhanced decryption software needed to unlock the files that the hackers had encrypted.
Chad Kinsley, County Administrator, said, “We hardened system defenses while negotiating with the hackers. We believe that now we are much less vulnerable to any subsequent attack.”
According to cyber security experts, threat actors have created a lucrative model for getting ransom payments from government entities by threatening to make private data public (rather than selling it on the dark web). “In this case, the hackers demonstrated that they had seen some private data. We paid the ransom to protect our constituents and prevent that data from being made public,” said Kinsley. It is important to note that “we are not the only county that has experienced a cyberattack,” said Kinsley.
Experts say that hackers know that if they release information following a ransom payment, future victims will refuse to pay. It is for this reason that county officials are confident that the accessed data have been deleted from hackers’ computers.
IT staff along with expert advisors continue to scan compromised data to determine how much private data the hackers may have seen. “Once we know the extent of personal information involved, we will be able to take appropriate steps to protect our citizens. It is a timeconsuming process, but we are committed to taking the time needed to do this right,” added Kinsley.