The City of Cartersville, Georgia submitted a $380,000 payment in non-tradeable Bitcoins to hackers, along "with an additional $7,755.65 paid for transaction fees and negotiators," according to The Daily Tribune News. The payment came after the city experienced a Ryuk ransomware attack in May 2019.
Cartersville officials regained access to internal files affected by the ransomware attack within about 48 hours after the Bitcoin payment was made, City Manager Tamara Brock told the Daily Tribune News. The city's IT systems also were fully operational within six days of the attack.
A Closer Look at the Cartersville Ransomware Attack
Text messages between Cartersville city officials indicated that the ransomware attack occurred May 4, 2019, the Daily Tribune News reported. Approximately 3 TB of data were impacted by the cyberattack, and cybercriminals initially demanded a $2.8 million ransom.
No city employee or customer information was compromised in the ransomware attack, Brock stated. In addition, Cartersville utility services continued to operate during the ransomware attack, and no vulnerability in the city's cyber infrastructure was exploited by cybercriminals.
The FBI is investigating the Cartersville ransomware attack, and no arrests have been made in connection with the incident, Brock said. The cybersecurity breach also has not resulted in any employee terminations or disciplinary actions.
Cybercriminals use Ryuk to target organizations via email-based malware, endpoint protection platform provider CrowdStrike told the Daily Tribune News. To date, they have launched Ryuk attacks against hospitals, libraries, energy companies and other organizations across a wide range of industries.
Ransomware Attacks Multiple Georgia Towns, Cities
Multiple Georgia municipalities have suffered ransomware attacks in the past year or so.
Victims include:
- The Georgia Administrative Office of the Courts (AOC)
- Jackson County, Georgia officials paid cybercriminals $400,000 after hackers used a ransomware attack in March 2019 to deactivate the county’s computer systems.
- Atlanta suffered a March 2018 ransomware attack. The total cleanup cost is likely around $17 million.
The UK National Cyber Security Centre (NCSC) in 2019 issued a warning about Ryuk ransomware attacks, too. NCSC also has provided organizations with tips to help them combat Ryuk ransomware attacks.
The U.S. Conference of Mayors in July 2019 unanimously resolved to no longer pay any ransom to hackers, following a series of cyber shakedowns that have extorted millions from city governments.