Another public administration in the U.S. surrenders cybercriminal demands as La Porte County, Indiana, pays $130,000 to recover data on computer systems impacted by ransomware.

The attack occurred on Saturday, July 6 and was spotted before it propagated to all the computer on the network. The IT department reacted was able to confine it to less than 7% of the laptops.

Despite this response, two domain controllers were impacted so network services became unavailable. Three days later, the government emails and the county website were still not working, The News Dispatch reported.

A forensic investigation firm and the FBI were involved but attempts to recover the data encrypted by the malware without paying the ransom were fruitless.

Insurance covers part of the cost

The cybercriminals got about $130,000 in Bitcoin from this attack, with $100,000 being covered by insurance. The impact may not be immediate but it does create some ripples in the long run.

"Fortunately, our county liability agent of record, John Jones, last year recommended a cybersecurity insurance policy which the county commissioners authorized from Travelers Insurance" - Dr. Vidya Kora, La Porte County Board of Commissioners President, told The News Dispatch.

The decision to pay the cybercriminals came after seeing that the decryption keys from the FBI could not restore the encrypted files.

Blame it on Ryuk

According to WSBT, the county had backup servers but the malware infected them.

The news publication says that the ransomware affecting La Porte County's systems is Ryuk, the same one that attacked the City of Lake City on June 10 in what the municipality called a "triple threat" because it came from an Emotet infection that delivered Trickbot trojan, which then deployed Ryuk.

In the case of Ryuk, antivirus maker Emsisoft states that they have between 3% and 5% chances of success to decrypt the files. The odds are poor, but they are better than nothing.

Paying is a short-term solution

The infosec community and the law enforcement agencies consider bad practice to pay the criminals for the decryption key. This only enforces the idea that a successful attack will yield a profit and embolden crooks to deploy more of these attacks. Moreover, there is no sure way to know that the attackers will keep their promise once the money gets to them.

In lack of decryption keys, the method that works best to protect data from being encrypted by ransomware is to set up a backup system that runs regularly and stores copies in a safe place, isolated from the network.

La Porte County is not the only administration to pay for getting their files back. Attackers collected over $1 million (107 Bitcoins) in June from just two municipalities in Florida, Lake City and Riviera Beach.

However, there is a concerted effort to fight this type of attacks. Mayors in the US adopted a resolution not to pay cybercriminals after ransomware infections, in order to discourage them.