Pennsylvania Senate Democrats paid more than $700,000 to recover from ransomware attack

The March 2017 attack blocked senators and their staffs from accessing their email and other computer systems.

Damage from a March 2017 ransomware attack against Democratic members of the Pennsylvania State Senate and their staffs cost more than $700,000 to repair, according to a news report.

The Senate Democrats paid Microsoft $703,697 to recover from the attack but did not pay any ransom money, the Pittsburgh Tribune-Review reported Saturday. The unspecified malware locked down email and other computer systems and asked for a ransom of about $30,000.

Although the ransomware incident was publicized not long after it was detected last year, few details are known other than the price tag. One lawmaker had said earlier this year that it was “six figures.”

At the time, senators and their employees went through what’s become a fairly typical experience for ransomware victims: Locked out of their computer systems, they resorted to conducting business on landline telephones and pen-and-paper documents. Democratic Leader Jay Costa told reporters at the time that the caucus had a “pretty strong back-up system” that had not been compromised, while the FBI took over the investigation of the attack.


Officials have not disclosed the steps Microsoft took to recover the computer systems, or even the strain of ransomware that caused the lockout. A source familiar with the attack told StateScoop said the caucus was following the FBI’s instructions not to disclose any details of the situation, suggesting it could leave a “road map” for a future cyberattack.

Pennsylvania’s experience is typical for government entities that have been hit by ransomware. The recovery process is often many times more expensive than the proposed ransom. The FBI advises against paying up, in part because there’s no guarantee attackers will free up the affected network.

“They were offering to give back our files, but the system was already violated and that was useless,” the source familiar with the Pennsylvania Senate attack said.

To pay or not to pay

Some smaller government entities have paid off their attackers. Last October, the small town of Yarrow Point, Washington, wired nearly $10,000 in bitcoin to a hacker who delivered a ransomware virus onto municipal networks. In December 2016, the district attorney’s office in Allegheny County, Pennsylvania, paid a $1,400 ransom .


Repair and recovery costs can reach seven figures. The Colorado Department of Transportation, which was hit in February by the SamSam ransomware variant, spent as much as $1.5 million to undo the damage to nearly 2,000 computers. Mecklenburg County, North Carolina, estimated it wound up costing slightly less than $1 million to recover from a December 2017 attack, though officials later confessed they briefly considered paying a $23,000 ransom.

Atlanta, meanwhile, has already spent more than $5 million recovering from a SamSam attack in March that knocked out hundreds of internal and public-facing computer systems, and expects to spend up to another $9.5 million . Those hackers demanded just $51,000.

Atlanta’s recovery bill might be rivaled only the one at Erie County Medical Center in Buffalo, New York, which laid out nearly $10 million to recover from an April 2017 attack that shut down many of the hospital’s computer systems for weeks.

In a statement to StateScoop, Costa said the Pennsylvania Senate Democrats did not consider paying their ransom.

“After consulting with law enforcement agencies and cybersecurity experts, we agreed not to give into the demands of the cyber terrorists,” Costa said.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts