Update: After five days of battling to get systems back up and running, Madison County has paid the ransom demands to regain access. Herald Bulletin reported, the county was encouraged to pay the ransom amount by their insurance provider, who paid the $28,000 demand. The county was left paying the insurance deductible, along with $17,500 to bring in professional services to bring their servers back online. Lisa Cannon, Director of IT, reported this ransomware attack infected 600 personal computers and 75 servers. The county is continuing to evaluate best practice options for disaster recovery, as well as how to prevent future attacks.
Update 12/08/2016: CSO Online is reporting that Madison County has now spent approximately $220,000 to recover from this ransomware attack. The county signed three contracts worth $198,180 to work with service providers to implement off-site data backups, a backup court system, and prevent future attacks. The IT department head is also not satisfied with the current budget her department has after it was cut by 56% saying, “We can’t be expected to operate as large as General Motors on a gas station budget. We need help and it’s going to take funds.” According to reports, during the infection county police officers were forced to use pen and paper when processing inmate information as computers were not functional.
Ransomware has struck another county office. The computers associated with the Madison County offices, located in Indiana, have been infected with ransomware. According to WTHR News, the County’s systems have been completely shut down, making the information within the systems inaccessible.
It has been reported that the County’s operations are continuing. However, with the systems down, they have reverted back to the manual process of doing everything with a pen and paper. It is not believed any personal information within the systems has been compromised. The County is also confident, all voter data has remained secure.
The ransomware variant that infiltrated the systems is not being disclosed at this time. The County has not released the ransom demand, or if they plan to pay in order to get their systems back up and running as usual. As always, PC Matic does not encourage any ransomware victims to pay the ransom amount. By doing so, it only reinforces the hackers to continue with these attacks. It is encouraged businesses and home users back up their data daily, to an external storage device. This will provide a copy of all user information, files, pictures, etc. in case a ransomware attack were to infect your PC. Also, if you have been hit with ransomware, it is clear your security solution has failed to keep you secure. PC Matic encourages users to implement a security solution with application whitelisting technology to prevent future attacks.
Ransomware Attacks of 2016
To see a full list of ransomware attacks that have taken place, you can click here. We have also created a ransomware map, see below, of the ransomware attacks that have taken place in the U.S. this year.