The payment of a $21,000 ransom to attackers following the Madison County ransomware attack that disabled a large number of the county’s computer systems in November 2016 was necessitated as a viable backup of the data concerned did not exist. In accordance with the County’s insurance company’s advice, the ransom was paid. It has been confirmed that Madison County will not have to foot the entire cost of the ransom, but rather the insurance deductible. Nonetheless, a ransomware attack normally costs significantly more to rectify than the cost of the ransom demand to obtain the necessary keys to unlock the encryption. The overall costs have continued to escalate ever since the ransomware attack which occurred on the 4th November 2016.
Initially Madison County was obliged to pay a company to restore the files that had been encrypted in the attack. It was agreed that U.S. Signal would be paid $17,500 to undertake this work. More recently, the County has invested some $198,180 to fund a new ransomware defense system in order to avoid future attacks and guarantee that it will be possible to recover files in the event that malicious software be installed on its systems once again.
Those defensive measures shall include a system of off-site data storage – which in itself will cost some $6,400 per month – and a new backup especially for the Madison County court system. The court system put out of action as a direct consequence of the November 2016 ransomware attack. Further defenses have also been implemented to defend against ransomware and other malware, however information regarding those defenses is undisclosed.
More details have now been made public concerning the scope of the November ransomware attack. Given than 75 servers and 600 end points were affected, this was one of the most severe ransomware attacks of 2016. In light of the extent of the attack, Madison County – and its insurance company – were rather lucky that they did not have to pay a significantly higher ransom demand.
Similarly to numerous County governments, Madison County has, over the last few years, experienced significant budgetary restrictions. Funding has been reduced which has inevitably impacted on the resources that can be made available to the IT department in order to pay for its own security systems.
The Herald Bulletin reported than Lisa Cannon, who is the director of the Madison County IT Department, told a November 2016 Council meeting that her department could not be operated “on a shoestring budget.”
It is evident that funding for the ransomware protections will have to be found somewhere. Money was spent on up dated defenses that did not form part of the following month’s budget. Nonetheless, the new defenses were clearly a necessity. Should another ransomware attack be experienced, the attackers would be very unlikely to settle for such a small ransom payment. Some gangs have been known to demand ransom payments well over $500 for each infected device. A second attack of a similar scale has the potential to cost several hundred thousand dollars to rectify– Significantly more than the $220,000 that has just been approved to pay for a new ransomware defense system.
