San Bernardino County Pays $1.1m Ransomware

Sunday, 7 May 2023
san-bernardino.jpg

Hackers not only successfully infiltrated the computer network of the San Bernardino County's Sheriff Department, but also successfully extorted the county for $1.1 million dollars. The county carries insurance for such attacks, and the insurance share of the ransom came out to just over $511,000.

The county initially became aware of an infiltration on April 7, and began shutting down segments of its network while developing workarounds to access the data. Email systems were taken offline, and patrol units were forced to radio dispatch for background checks, rather than being able to use the computers in their own vehicles.

A month has passed since the intrusion was first detected, and investigations are still ongoing. However, the disruption to the network is deemed so severe that the county has agreed to pay the ransom. "The decision whether to render payment was the subject of careful consideration," the county said.

While no company wants to give money to hackers, sometimes their data is just too valuable for them to risk losing. "The cost is pretty brutal, not just to financial - but in the case of law enforcement - it's the agency, the people they are serving," said Vivek Bhandari of cybersecurity company Tanium. "In the hospitals, sometimes it can impact patient care, and we've seen that."

In addition to the financial loss often associated with ransomware, another potential issue with ransomware payments is that the payments draw attention to the poor cybersecurity practices of the victims. Other hacker groups quickly get word of the payment, and often target the same organisation in a secondary attack. As such, organisations need to ensure that they guard against even a single incident from occurring.

In this instance, hackers were able to infiltrate the network because a county staff member clicked on a malicious link. "Phishing attacks are very common ways for attackers to get in. You get a user to open a file, because, hey, here's a picture of your kid, or a picture from the get-together last week. Something that will get someone to open an attachment or click on a link is a common technique," Bhandari said.

Enjoyed this article? Please consider donating!
Donate
* Alpha Safe journalism is funded exclusively by your donations. We care about your online safety, so we will never display ads, as they could serve you malicious content. We also believe journalism should be available for all, and will never hide our articles behind a paywall. As such, your donation would be very much appreciated.

Most Recent

31 July 2023

Hell Pizza Suffers Credential Stuffing Attack

14 July 2023

Wellington City Council Data Breach

8 July 2023

Event Secretary Data Breach

2 July 2023

TSMC Data Breach; Hackers Demand $70m Ransom

27 June 2023

Suncor Energy hit by Giant Cyberattack

21 June 2023

Kiwis Losing $2M Every Month To Cybercriminals

18 June 2023

Eftpos Provider Smartpay Suffers Ransomware Attack

17 June 2023

Colossal Louisiana Driver Licencing Data Breach

14 June 2023

Russian Hackers Breach Ulez Database

9 June 2023

Thousands of Companies' Data Stolen Through MOVEit Flaw