Alabama county officials paid ransom for stolen data

Alabama county officials paid ransom for stolen data
© Getty

Officials in Montgomery County, Alabama, paid thousands of dollars in ransom to hackers in order to recover stolen government data. 

The county’s computer systems were first hit by ransomware a week ago, locking officials out of their government computers. On Monday, a spokesperson for the Montgomery County Commission confirmed that officials paid nine bitcoins — amounting to between $40,000 and $50,000 — to hackers in order to recover between 60 and 70 terabytes of data. 

ADVERTISEMENT

Typically, law enforcement agencies advise individuals against paying ransoms in ransomware campaigns, warning that it could incentivize future attacks. 

“Please don’t pay a ransom without talking to law enforcement," then-FBI director James Comey said during remarks at the Aspen Security Forum in April 2016. "We have a problem in the United States, an entity was locked up with ransomware, not only paid the ransom, for reasons that aren’t clear to me, publicized it." 

“Well, you know what happens then. Lots and lots of other places in that same industry are getting hit,” Comey said. 

Hackers gave local officials a week to pay the ransom before they threatened to erase the data. County security officials were working to try to restore the systems last week.

Lou Ialacci, Montgomery's chief IT officer, said "his team worked to do all it could to retrieve data but ultimately had to pay the ransom," according to the country spokesperson. Montgomery County officials were also reportedly engaging with the FBI on the matter. 

The local WSFA 12 News reported that the data was retrieved after the payment. 

“You don’t think about these things till they happen,” Montgomery County commission chair Elton Dean told the Montgomery Advertiser. “When you are talking about losing about $5 million worth of files, that's kind of like an emergency situation.”

The threat of ransomware has been in the spotlight in the wake of the "WannaCry" ransomware outbreak, which crippled Britain's national health system as well as other organizations and companies across the globe. 

This post was updated at 4:17 p.m.