The Madison County ransomware attack that took out many of the county’s computer systems last month could only be resolved by paying a $21,000 ransom as no viable backup existed. On the advice of the County’s insurance company, the ransom was paid. Madison County will not be required to cover the cost of the ransom, only the deductible. However, a ransomware attack costs considerably more to resolve than the cost of the ransom to obtain keys to unlock the encryption. The costs have continued to rack up since the November 4, ransomware attack.
Madison County first had to pay a company to restore the files that had been encrypted. U.S. Signal was contracted to complete the task and was paid $17,500. Now, the County has committed a further $198,180 to pay for a new ransomware defense system to prevent future attacks and ensure that files can be recovered should malicious software be installed on its systems again.
Those defenses include off-site data storage – at a cost of $6,400 per month – and a new backup court system. The court system was taken out of action as a result of the ransomware attack last month. Additional defenses have also been implemented to protect against ransomware and other forms of malware, although details of those defenses have not been disclosed.
Further details have now been released on the extent of the November ransomware attack. 75 servers were affected and 600 end points, making this one of the most severe ransomware attacks in recent months. Given the extent of the attack, Madison County – and its insurer – were fortunate not to have to pay a much higher ransom demand.
As is the case with many County governments, Madison County has been experiencing severe budgetary restrictions in recent years. Funding has been cut and that has naturally had an impact on the funds available to the IT department to pay for security protections.
Lisa Cannon, director of the IT Department, said in a November Council meeting, “We have to have bodies and finances. We can’t operate the IT Department on a shoestring budget,” according to a recent report in the Herald Bulletin.
As it is, the cost of the ransomware protections have had to come from somewhere. Money has been spent on new defenses that is not in next month’s budget. However, the new defenses were essential. If a second ransomware attack is experienced, the attackers would be unlikely to settle for such a low ransom payment. Some ransomware gangs demand a ransom payment well in excess of $500 per infected device. Another attack on the same scale could potentially cost hundreds of thousands of dollars to resolve – Considerably more than $220,000 that has just been committed to a new ransomware defense system.