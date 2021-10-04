Hackers who gained control of Pottawatomie County computers Sept. 17 demanded a ransom of $1 million, according to County Administrator Chad Kinsley, who released the information Monday afternoon, though the county ultimately paid far less than that.
“Following a successful negotiation, the ransom paid included $71,250 to the threat actor and $356.25 in exchange fees to facilitate the cyber currency payment,” he said in the prepared statement. “This was paid from the general fund, and a substantial portion will be refunded by our self-insurance pool.”
The statement also noted the county spent $5,000 to purchase the enhanced decryption software needed to unlock the files the hackers had encrypted.
The county released the information after The Manhattan Mercury requested it under the Kansas Open Records Act, and commissioners had an extended executive session at Monday’s meeting.
Before that, county officials had declined to comment on the amount involved. News of the hacking was not released until the Sept. 27 commission meeting, when County Treasurer Lisa Wright reported her department was still having computer issues.
Kinsley’s statement goes on to note that, according to cyber security experts, “threat actors have created a lucrative model for getting ransom payments from government entities by threatening to make private data public (rather than selling it on the dark web).
“In this case, the hackers demonstrated that they had seen some private data. We paid the ransom to protect our constituents and prevent that data from being made public,” Kinsley said. “It is important to note that we are not the only county that has experienced a cyber attack.
“We hardened system defenses while negotiating with the hackers,” Kinsley continued. “We believe that now we are much less vulnerable.”
The release also says county officials are confident the accessed data has been deleted from the attackers’ computers because hackers know if they release information after payment, future victims will refuse to pay.
The county is, however, continuing to scan the compromised data to determine how much the hackers may have seen. “Once we know the extent of the personal information involved, we will be able to take appropriate steps to protect our citizens,” he said. “It’s a time-consuming process but we are committed to taking the time needed to do this right.”
According to information released on Friday, the attack encrypted several servers, but the sheriff’s office and emergency response systems were not affected. As of Monday, most services had been restored, though the county email system was still down.