Share this article on:
The San Bernardino County Sheriff’s Department in the US has revealed that it paid a US$1.1 million ransom to an unidentified threat actor.
The Sheriff’s Department had previously announced that it had detected a “network disruption” in April 2022. At the time, forensics specialists and IT staff were looking into the incident, and the department had alerted both the FBI and the Department of Homeland Security.
The investigation is ongoing, and there are hopes the payment can be traced back to the hackers in order to identify them. At the moment, it is believed that the threat actors are based in eastern Europe and may have ties to more widespread Russian hacking groups.
The initial attack forced the department to shut down many of its systems, including some of its databases, as well as email and in-car computers. The full extent of the possible data breach, however, remains unclear.
The department itself paid US$511,852, with the rest being covered by insurance.
“The decision whether to render payment was the subject of careful consideration,” said county spokesperson David Wert. “On balance, and consistent with how other agencies have handled these types of situations, this was determined to be the responsible course.”
The FBI, however, has stated that victims of ransomware attacks should not pay their attackers, as it encourages further cyber attacks.
“San Bernardino County handed >$1 million to cybercriminals,” said Emsisoft threat analyst Brett Callow on Twitter.
“The County – or, more accurately, taxpayers – paid $511,852 with insurance (which is also paid for by taxpayers) paying the rest. This is why #ransomwware attacks keep on happening.”
While it’s never a good look for any business to pay such a ransom, it’s a particularly poor outcome when it comes to law enforcement agencies that should be able to protect themselves, as well as the public.
The notion of withholding ransom payments is an ongoing debate closer to home, as well. Latitude Financial recently announced that it would not pay a ransom following a data breach that saw millions of customer records compromised, and Cyber Security and Home Affairs Minister Clare O’Neil has also floated the idea of outlawing such payments.
“Cyber criminals cheat, lie and steal. Paying them only fuels the ransomware business model,” Minister O’Neil said in a Twitter post in April. “They commit to undertaking actions in return for payment, but so often re-victimise companies and individuals.”
The Australian Cyber Security Centre (ACSC) also recommends that ransoms should never be paid, as there is no guarantee that hackers will stick to their end of the deal and delete the data, rather than return or decrypt it.
However, paying a ransom is still legal and can be covered under insurance, posing little financial threat to organisations.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.