Officials with the San Bernadino County Sheriff’s Department in California has confirmed that the department paid a $1.1 million ransom to cyber criminals following a cyberattack that crippled police and County computer systems.
The ransomware attack, discovered in early April, resulted in the temporary shutdown of several computer systems, such as emails, in-car computers and law enforcement databases. A system used by deputies to conduct background checks was among those affected.
After negotiations with the hackers, San Bernardino County decided to pay slightly under half of the total ransom, amounting to $511,852, while the remaining amount was covered by the County’s insurance carrier.
According to County spokesman David Wert, the decision to pay the ransom was the most responsible course of action and “consistent with how other agencies have handled these types of situations.”
Ransomware attacks involve criminals infiltrating a system and encrypting the data with malware, rendering it inaccessible to the owner. The victim then typically pays a ransom in cryptocurrency, which is difficult to trace, in exchange for a decryption key to unlock the data.
Initially, the County provided minimal public information about the hack, referring to it as a “network disruption.”
Despite the attack, Sheriff Shannon Dicus confirmed that public safety was not compromised and officers were able to fulfil their duties, even though deputies had to adopt alternative methods for certain tasks.
For instance, access to the California Law Enforcement Telecommunications System (CLETS), which alerts deputies about individuals wanted for crimes outside the county, was unavailable, so deputies had to request other agencies to check CLETS records instead.
The investigation is still ongoing to determine whether any information was stolen or the ransom payment can be traced to identify the hackers. Gloria Huerta, a spokesperson for the Sheriff’s Department, stated that the department is still assessing the extent of the impact on their systems. Functioning and secure systems are being restored gradually.
According to cybersecurity experts, paying ransoms sets a precedent and emboldens criminals.
Georgetown University Professor Chuck Brooks and others argue against paying ransomware demands. “Generally, businesses should not pay for ransomware as they will likely be hit over and over again as it will be shared and sold by criminal hackers on the dark web,” he explained.
Numerous municipalities and organizations have paid ransoms in the past, including Jackson County in Georgia, Delaware County in Pennsylvania and Montgomery County in Alabama. However, Suffolk County in New York spent $17 million to restore its network after refusing to pay a $2.5 million ransom.
Law enforcement agencies rarely pay ransoms due to several factors. One concern is the anonymity of cryptocurrency transactions, as it is challenging to verify the recipient’s identity. This raises the possibility of payments reaching sanctioned entities like Iran and North Korea or terrorist organizations.
Additionally, paying ransoms can have significant reputational consequences, particularly for police agencies, which are expected to uphold public safety rather than engage in transactions with criminals.
In the case of San Bernadino County, experts say the attack on such a high-profile agency was embarrassing.
Law enforcement sources indicate that the hackers responsible for the San Bernardino County Sheriff’s Department attack likely operated out of Eastern Europe. These hackers are affiliated with a broader network of Russian hacking operations known for targeting U.S. entities and extorting untraceable payouts.
The Sheriff’s Department is conducting a forensic examination of the cyberattack, with the findings intended to assist other public agencies in preventing similar incidents. The Federal Bureau of Investigation is also involved in the investigation.
Ransomware attacks on public institutions such as cities, school districts and hospitals have spiked in recent years.
Experts say that government computer networks are usually attacked because they often store sensitive data but tend to have fewer robust protections compared to major private companies.
The FBI advises against paying ransoms in such attacks and does not engage in such transactions. However, according to a survey by Sophos, nearly half of state and local governments affected by ransomware attacks paid the hackers, making governments the second-highest industry to pay ransoms, surpassed only by K–12 schools.
Recent notable ransomware victims include the UC San Francisco Medical School, which was forced to pay $1.14 million (or 116 in bitcoin) to restore access to its data; the Azusa Police Department, which was hit twice within a span of three years; and the City of Baltimore in 2019. The city spent $18 million in recovery costs, according to the L.A. Times.