City of Valdez, Alaska admits to paying off ransomware infection

Officials from the city of Valdez, Alaska have admitted last week to paying £26,623.97 to hackers after the city’s IT network was crippled by a ransomware infection in July.

More security news

“Valdez Police Department […] reached out through our law enforcement channels for assistance with addressing the ransom demand,” said Bart Hinkle, Valdez police chief and operations section chief for the cyber incident response, in a press release last week. “Based on recommendations from several cyber-crimes specialists, the City engaged a specialty cyber-incident response and digital forensics firm based out of Virginia,” Hinkle added. “The firm anonymously contacted the attackers on the City’s behalf to investigate and possibly negotiate ransom terms.” City officials said that despite the ransomware having infected 27 servers and 170 computers, the third-party firm managed to negotiate the ransom payment down to 4 bitcoin, worth £26,623.97, at the time.

The city got off cheap, as ransomware groups usually tend to request between 0.2 and 1 bitcoin per infected system. “After consultation with the City legal team, our insurance carriers, and careful consideration of the best interests of the City, I authorized the third-party firm to negotiate and pay up to the amount of the ransom demand,” said Elke Doom, Valdez city manager and the incident commander for the cyber incident response. Doom also added that before purchasing the decryption key from the hacker group behind the ransomware infection, city officials and the third-party firm carried out tests to verify if the hacker group could, indeed, decrypt their data, or they were just bluffing.

Ever since paying the ransom over the summer, city officials say they’ve been slowing bringing the city’s IT systems back online, one after the other.

All decrypted files were put in read-only mode, so city employees could access the data, but they were left in quarantine as IT staff “scrubbed” the files for other malware that might have been injected and left behind by the hacker group. Valdez officials say that next year, in 2019, they plan to replace and rebuild all the IT systems that have been infected by the ransomware, just to be sure there’s no residual backdoor or hidden malware that hackers may use to reinfect the city’s IT network again. The city of Valdez, despite having a population of less than 4,000, made quite a few headlines over the summer.

Law enforcement said that several cities in Alaska reported ransomware infections at the end of July, leaving some experts to wonder about a possible new ransomware outbreak localized to the Alaska region. Things didn’t turn out to be so. Several of the ransomware notifications from Alaskan cities and private companies that came to light in July were actually for incidents that took place in previous months, and only the city of Valdez and Matanuska-Susitna (Mat-Su), a borough part of the Anchorage Metropolitan Area, suffered ransomware infections at the time.

In the end, it turned out that these two ransomware infections weren’t even related, as the Mat-Su borough IT network tied to the North Korean regime, and believed to be behind the Sony hack of 2016, the WannaCry ransomware outbreak, and various cyber-heists at banks across the world. In fact, Lazarus Group used the Hermes ransomware as a distraction to cover up the tracks of a cyber-heist at the Far Eastern International Bank (FEIB) in Taiwan.

It’s yet unclear if Lazarus Group created the Hermes ransomware, or they just hijacked its code from its true creators.

Related ransomware coverage:

You may also like...

       
Apps & Games Clothing Electronics & Photo Large Appliances
Baby Womens Apparel Garden Lighting
Beauty Mens Apparel Outdoors Luggage
Books Girls Apparel Health & Personal Care Pet Supplies
Car Boys Apparel Home Shoes & Bags
Motorbike Computers & Accessories Kitchen Equipment Sports & Outdoors
Fashion DIY & Tools Jewellery Toys & Games