Washington, United States | In March 2020, Tillamook County, Oregon, agreed to pay $ 300,000 to recover data encrypted by hackers. Like many victims of hackers, it preferred to give in to the ransom demand, which some experts advise.
“We no longer have a phone or the Internet or a computer system,” Bill Bertlin, the head of this rural area of 26,000 near Portland, which is famous for its cheese, said during a webinar.
He said that the authorities had investigated whether the system could be opened without payment, but “we decided that maybe it could not be done.”
Negotiations with the hackers, who he said came from Russia, continued for several weeks, and the city finally paid off, with the help of a computer security company.
“We think this only happens to others,” he commented. “Well, it happened to us and it could happen to anyone.”
In total, the case cost Tillamook $ 525,000, including fees and statutory commissions, but it was still less than a million that it would have had to spend to restore the entire system, a process that would have lasted between one to two years, according to Bertlin.
Four months later, the University of Utah was paying nearly $ 460,000 to recover student and staff data encrypted by hackers, despite the “risk” of cybercriminals failing to “comply” with the terms of the contract. Negotiation. “
To pressure their victim, hackers sometimes leak a piece of data.
This is what happened to Washington police, who were attacked by the Babuk cybercriminals group, which seized the administrative and personal files of police officers in the American capital.
A police spokeswoman confirmed that hackers released the encrypted files of about 20 officers on Tuesday.
“The negotiations have reached a dead end, and the amount offered to us does not suit us,” the group said in a message, threatening to reveal all the stolen files with a decryption key.
The cost-benefit ratio
They relate to psychological assessments, professional interviews, social security numbers, addresses and phone numbers of agents, or their electronic signatures, according to specialized media. Data that can then be used by other cyber criminals.
Other attacks, such as those targeting critical infrastructure, have economic ramifications.
The breach of the Colonial Pipeline, the operator of a major pipeline network in the United States, last week caused a halt to operations, and thousands of motorists panicked and rushed to gas stations off the East Coast, causing gasoline shortages in several areas.
The colonial pipeline announced on Wednesday that it had “begun” to resume operations on its pipeline. But the group said it would take “several days” before it would return to normal.
After this major new attack, US President Joe Biden Wednesday signed an Executive Order to improve US cybersecurity.
In particular, the presidential decree aims to require companies to communicate in the event of computer breaches. It also calls for cybersecurity standards for state and federal agencies and the creation of a national cybersecurity office.
Ann Neuberger, senior White House cybersecurity adviser, said Monday that companies “should take into account the cost-benefit ratio” of a ransom.
Federal Police and some experts advise against paying a ransom.
“It also encourages criminals to target new victims and encourages others to engage in this type of illegal activity,” the FBI said on its website devoted to data theft.
According to the Danish computer security firm Heimdal, half of the hackers’ victims have never recovered their data. And even if it is recovered, there is no guarantee that it has not actually been resold on the Dark Web.
Finally, for US companies, paying the ransom may be illegal in certain situations, Heimdall points out.
In October 2020, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) reported that entities that paid ransoms could be investigated and fined, even if they went through an intermediary such as an insurance company, to fund a criminal group subject to Washington’s sanctions.