Almost a year since the City of Cartersville had been hit by a ransomware attack, the local government admitted earlier this week that it had paid ransomware operators with $380,000 to unlock its systems at the time.
The report, which was first publicized The Daily Tribune News on Saturday, follows after the news outlet filed an Open Records Request to know about what happened in last year’s ransomware attack. From there, the documents confirmed that the City of Cartersville did pay the ransomware operators with $380,000 in non-tradable Bitcoins and “an additional $7,755.65 paid for transaction fees and negotiators.”
According to the report, the ransom that has been paid came short to what the operators have originally demanded, which, according to Cartersville Assistant City Attorney Keith Lovell, initially scored at $2.8 million.
“That came out of our property and casualty insurance line item,” explained Cartersville City Manager Tamara Brock. “That is an internal service fund, so it’s just a rollover amount every year that we have budgeted in all the departments.”
In May of 2019, the City of Cartersville notified its residents that its systems had been infected by Ryuk ransomware, a type of crypto-ransomware that infiltrates the system and encrypts data stored until a ransom is paid. Since its discovery, the ransomware-type virus has gained notoriety for being used in launching cyberattacks against government and state institutions.
As written in the documents obtained by The Daily Tribune News, last year’s ransomware attack has impacted a total of 3 terabytes of data, including “very intensive operating files” from the local government’s system. The city, however, has been able to recover within a week after paying a ransom to the hackers.
During the attack, the City Manager Brock revealed that utility services of the local government continued to operate, with the iCloud payments as the only exception. On May 6, employees were immediately alerted about the attack and were warned about a potential data breach.
“We changed all employee passwords at that time, and we wanted to make sure police and fire were changed first so they still had access to GCIC and other files within the State that they needed to get to and use,” Brock recounted.
The discovery makes the City of Cartersville the latest institution to succumb to the ransom demanded by cyberattacks in exchange for data recovery. In July last year, the U.S. Conference of Mayors has unanimously decided to no longer respond to any ransom demand from hackers, following a chain of cyberattacks that have bagged millions from city governments.
