Paducah Pays $30K to Ransomware Attacker
By West Kentucky Star Staff
PADUCAH - The City of Paducah says it has regained access to servers and records impacted by a recent ransomware attack, after paying hackers $30,000.

In a statement released Friday morning, City Manager Jim Arndt says city IT systems and file storage are back online and operating securely, and a security team has found and fixed the point of entry used for unauthorized access. Arndt says multiple security scans by outside experts did not detect any active malicious activity within the network.

A forensic analysis didn't find any evidence that any information has been misused as a result of this incident, according to Arndt.  

"We treated this incident with the highest priority and appreciate everyone’s patience as we worked through a complex, sensitive, and time-consuming process to confirm system security and resume normal operations.  We have now reached a point where we are able to provide a more thorough explanation of what happened and the steps we have taken in response to this incident." Arndt said. "On Saturday, February 1, we became aware of an unauthorized intrusion into our IT network by an unknown third-party who used malicious software to compromise our systems and encrypt numerous data files. The threat actor subsequently contacted the city demanding a payment in exchange for decryption keys to restore access."

Arndt said that after considering all options, the city decided to rebuild some of its systems from scratch and unlock others by purchasing decryption keys from the hackers for approximately $30,000. 

"This was a carefully considered decision that we determined to be in the best interest of our citizens and our ongoing data security," Arndt said. "Decryption not only was the most expeditious and cost-effective way to restore access to our technology and important records but also enabled the most thorough forensic review of our systems, so that we could best understand the impact of this incident." 

Arndt said the city has now implemented measures to enhance security – including system password resets and use of advanced active threat detection. He says the city is also replacing some older computer equipment.

Published 10:06 AM, Friday Feb. 21, 2020
Updated 09:37 AM, Saturday Feb. 22, 2020



Most Commented Stories