Georgia County Pays a Hefty $400k to Ransomware Actors who Locked Down their IT Systems

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Officials in Jackson County, Georgia, had reverted to using pen and paper for their operations during this past week, filling out reports and arrest bookings in the way they used to do when there was no IT infrastructure. All of the IT systems in the local government went offline, following a widespread ransomware infection (most probably Ryuk) that only left the 911 emergency system operational. As the Jackson County official Facebook page announced: “At this time all County email services are down. If you need to reach county offices, please call them by phone. You can visit our website at www.jacksoncountygov.com where you can find phone numbers listed at the page for each department by clicking on Government and then the listing for the department you need to talk to.”

The local government has immediately notified the FBI and hired a cybersecurity consultant who could negotiate with the malicious actors so that the systems are freed from the ransomware infection. To get the valuable decryption key, Georgia county has paid a whopping $400k, out of the public treasury. Right now, the IT team is in the process of decrypting the files, and all systems will be back online soon, but the damage has been significant.

Ryuk remains one hard nut to crack for cybersecurity researchers, and organizations that are engaged in critical fields such as the public services cannot just wait for a decrypter to be released. While the Georgia county government still managed to operate “manually”, every one of their processes crawled and became impractically cumbersome. This means that the option of continuing on “handwriting mode” would not be a feasible one. Also, while $400k is a large sum, the Jackson County manager Kevin Poe, told the public that the other choice would be the rebuilt their IT network, something that would cost them a lot more than the ransoms.

Considering that the attack was directed against the public interest, FBI is bound to hunt the actors down, in the same way, that they did in last year’s ransomware attacks against Atlanta’s government. It is believed that actors who target such neuralgic organizations are based on the other side of the Atlantic, but not much can be said about them yet. The investigators haven’t even figured out how the attack started, as a definitive trace of malware has not been located yet. As the investigation moves forward, and as more details about the attack surface, we will update this post, or get back with a follow-up.

Do you believe that IT infrastructure companies should be held liable for damages against public systems? Share your thoughts in the comments section beneath, and visit our socials on Facebook and Twitter, where more tech news are posted continually.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: