Georgia county paid $400K to ransomware hackers

The county was hit by the Ryuk virus, one of the most costly varieties of ransomware.
Getty Images

Just days after informing residents that its computer systems were severely crippled by a ransomware attack, the government of Jackson County, Georgia, paid hackers $400,000 to regain access to its files.

The payment, one of the largest recent sums to pay off a ransomware scheme, was first reported by the Athens Banner-Herald.

County officials said last week that a ransomware attack locked agencies out of nearly all their systems, forcing many, including the sheriff’s office, to resort to carrying out operations on paper.

“We are doing our bookings the way we used to do it before computers,” Sheriff Janis Mangum told StateScoop.


The Banner-Herald reported that County Manager Kevin Poe made the decision to pay the ransom after speaking with cybersecurity consultants, who advised him that rebuilding networks from scratch — as other ransomware victims, like Atlanta, have done — could be a long and costly process for the 60,000-person county.

“We had to make a determination on whether to pay,” Poe told the Banner-Herald. “We could have literally been down months and months and spent as much or more money trying to get our system rebuilt.”

After paying, the hackers sent a decryption key that allowed county workers back into their computer systems.  The county is also working with the FBI, which tells ransomware victims not to pay up.

Poe also said the ransomware that took down Jackson County’s systems has been identified as the Ryuk virus, which demands far higher payments than other strains. Research published last month by McAfee and Coveware found that the hackers behind Ryuk typically ask for 100 bitcoin — equal to about $384,000 as of this writing. Ryuk is now believed to have originated in Eastern Europe or Russia, contradicting earlier reports of origin in North Korea.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts