County in Pennsylvania Pays Russian Hackers $346,000 to End Cyberattack

Officials in Washington County, Pennsylvania, paid Russian hackers a $346,000 ransom to restore systems and data following a crippling cyberattack.

In January, the feds warned several US states, including the state of Pennsylvania, of a wave of targeted attacks. But for Washington County, it was too late – hackers had already crippled its systems with malware and pilfered sensitive data.

“Foreign cybercriminals were able to seize control of the county’s network, basically paralyzing all of the county’s operations,” County solicitor Gary Sweat told the Observer-Reporter. “The attack was unprecedented. I think it’s safe to say no one at this table has ever encountered or experienced such a cyber incident.”

The county’s IT people worked closely with federal investigators and cybersecurity experts trying to stop the spread of the malware and understand the scope of the attack.

But it soon became evident that the attackers, allegedly of Russian origin, had already pilfered “large amounts of data” from the county’s network that could be “injurious to the county and its residents” if released on the dark web, Sweat told the newspaper.

Sweat called an emergency meeting after the hackers gave them a tight deadline to pay the ransom.

“The commissioners voted 2-1 to authorize payment of up to $400,000 to DigitalMint of Chicago, a firm that specializes in selling cryptocurrency, to settle the cyberattack and help the county restore its computer server.”

The exact ransom paid was $346,687, while DigitalMint retained a $19,000 fee “for its work to facilitate the transfer,” according to the paper.

In exchange for the payment, the attackers promised to hand over the decryption key and refrain from sharing the stolen information on the dark web.

“While paying the ransom was not the county’s first choice, we decided that after weighing all factors, it was the best approach,” Sweat said.

Commissioner Larry Maggi, who voted against the motions at the emergency meeting, was extremely vocal about the situation, telling reporters he finds it “repugnant” that the US is giving in to foreign criminals.

The FBI has consistently advised against paying ransom to hackers as doing so emboldens them. Moreover, paying ransom doesn’t guarantee the attackers will hand over the decryption key or delete the stolen data.

In related news, International police have been systematically taking down LockBit ransomware operations as part of a law enforcement action code-named Operation Cronos.

Lockbit ransomware operators, mostly Russian speakers, have reportedly carried out over 2,000 attacks worldwide since January 2020. LockBit attacks have amassed ransom payments of over $144 million, according to the U.S. Department of State.