▲ Kevin Poe ▲

The Jackson County government paid online criminals about $400,000 this week following a cyber attack that crippled the county's computer system.

County officials are in the process of decrypting computers and servers a week after the first signs of an attack, said Jackson County Manager Kevin Poe on Friday.

The FBI is investigating the ransomware scheme. Ransomware refers to hackers who lock victims out of their computers and other internet-accessible devices and then demand a ransom in return for restored access, according to digital security software provider Avast.

"They demanded ransom," Poe said. "We had to make a determination on whether to pay. We could have literally been down months and months and spent as much or more money trying to get our system rebuilt."

To deal with the threat, the county hired a cyber-security response consultant with experience in negotiating with hackers, Poe said.

The consultants paid the ransom in bitcoins, an online currency, and the county reimbursed them, he said. The attackers wanted bitcoins, which are difficult to trace, according to Poe.

"In dealing with the FBI and cyber security experts, this is one of the most sophisticated attacks they have ever seen in the U.S.," Poe said.

The county's computer system went down sometime late March 1 or early the following day, he said.

"They've been in our system I guess a couple of weeks," Poe said. "They really plotted their attacks before they hit us. They totally crippled us."

The investigators haven't determined yet how they gained access into the computer system, but the FBI indicated the responsible group could be in eastern Europe, he said.

"We did verify before we paid them that we were dealing with the right people," he said, explaining the attackers provided a decryption file for them to test.

"We ran it one time and it came out 100 percent clean," he said. "... Basically, they encrypted the data and held it hostage and when we made the payment, they gave us the decryption file."

Poe described the virus that attacked the county's system as Ryunk Ransomware, which is "fairly new and a lot of anti-viruses are not used to it."

Many county offices had to start using paper while the system was down.

"All of our operations are still ongoing, but we're basically having to do it the old fashioned way," Poe said. "During this whole time we never lost our radios or phone service, so 911 was able to continue to operate. The emergency medical service was on a third party provider so it had minimal impact on EMS service."

Jackson County Sheriff Janis Mangum said Friday that experts are still cleaning their computers.

"We can book someone (in jail) without doing it on paper, but deputies are still doing paper reports," she said.

Mangum said she received a telephone call last Saturday from the Information Technology staff "wanting to know if we had an FBI contact they could reach. That's when I knew it was more serious than just being down," she said.