Pennsylvania county pays $500,000 to recover data stolen by ransomware gang

After receiving the ransom the hackers helpfully advised officials to change passwords and update their Windows domain configuration

Delaware County in Pennsylvania has reportedly paid $500,000 ransom to hackers after becoming a victim of a serious ransomware attack last month.

According to Bleeping Computer, the attack was conducted by the DoppelPaymer gang, who instructed Delaware County to pay the ransom in bitcoin.

After receiving the ransom from the county, the gang advised officials to change passwords for all of their systems and to also modify their Windows domain configuration to protect the network from the open-source Mimikatz programme.

Mimikatz is one of the most favourite applications among hackers to steal Windows domain credentials from compromised networks.

Delaware County disclosed the security incident on Monday, stating that it recently discovered "a disruption to portions of its computer network".

Officials said IT teams immediately took parts of the network offline and also took various steps to mitigate the danger.

"We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event," they said. "We are working diligently to restore the functionality of our systems".

The County stated that the ransomware attack did not affect systems belonging to the Bureau of Elections or the County's Emergency Services Department, which were on a different network.

Local media reports claimed that the ransomware gang compromised many systems and encrypted files containing sensitive information, such as police reports, purchasing, payroll, etc.

6abc's Action News reported that the County was "in the process of paying the $500,000 ransom as it's insured for such attacks".

The DoppelPaymer group has a history of attacking large businesses using phishing techniques in order to gain entry into networks before deploying ransomware. The group is believed to have links with the gang behind Dridex and Magecart, which has launched several attacks on ecommerce website's payment pages.

The news comes on the heels of several other high-profile attacks on local government departments around the world within the past few months.

In August, Lafayette City, Colorado, said that it paid $45,000 to an unidentified group of hackers who were holding the city's data hostage. Local officials conducted a cost/benefit analysis of rebuilding the city's data versus paying the ransom, and then decided to pay $45,000 to retrieve the decryption key to unlock their data.

They said that "the ransom option far outweighed attempting to rebuild." The administration also took into consideration the inconvenience that residents would face due to lengthy service outage.

Last year, the City of Johannesburg was also hit by a ransomware attack by a gang named the 'Shadow Kill Hackers'.

The cyber criminals cracked the official website of Johannesburg City and threatened to release the financial and personal data of millions of citizens online unless they were paid four bitcoins (over $30,000 at the time).

Industrial automation company Advantech disclosed last week that it was victim of a ransomware attack that led to the theft of some confidential documents from its systems. Bleeping Computer said that Conti ransomware gang was behind the attack and was demanding $14 million ransom to decrypt affected systems.