Kansas county pays hackers reduced ransom: 'No way we could even come close to meeting their demand'

Jason Tidd
Topeka Capital-Journal
Cybercrime is a national security issue, as cybercriminals continually expand their reach in both the public and private sectors.

Government officials in a Kansas county have paid hackers a reduced ransom after a cyberattack crippled computer systems for about two weeks.

Pottawatomie County authorities announced Friday that computer systems and machines are being restored after a ransomware attack encrypted several servers on Sept. 17.

"The ransom was reduced by more than 90 percent from hackers’ original demand, an almost unheard-of outcome, every saved dollar of which is taxpayer revenue the county keeps to serve our citizens," County Administrator Chad Kinsley said in a news release.

County officials declined to release the amount of the original ransom request and the final cost to taxpayers.

"The County’s insurance carrier paid most of the ransom, and the County covered the rest," spokesperson Becky Ryan told the Capital-Journal in an email. "Due to the ongoing investigation, I am unable to share more details at this time."

While the sheriff's office and emergency response systems weren't compromised, local officials "did not share many details about the attack because that is the right thing to do to protect the County from further attacks," the news release said. Law enforcement started investigating the cyberattack as county representatives negotiated with the hackers.

More:A Kansas county is recovering from a cyberattack 13 days ago. Local governments are at risk, experts say.

Ransomware cybercrime events have become more common across the country. Hackers lock computer systems and demand payment. Refusal often means losing data forever, which can be more costly in the long run.

The Federal Bureau of Investigation discourages paying ransoms because it doesn't guarantee you will get your data back and it encourages further attacks.

County officials said the resolution was "extraordinary" due to the lowered ransom and the relative speed with which the attack ended. Some cyberattacks can take several weeks or months to resolve.

"We are a small county with small resources," Kinsley said. "With the extraordinary demands that the COVID-19 pandemic has placed on local governments like ours, we wanted to make sure that the hackers understood that there was no way we could even come close to meeting their demand.

"We were focused on protecting taxpayers and doing everything we could to resolve the issue with as little as possible. We believe we succeeded at that."

The IT team and expert advisers have now installed additional sensors on servers to detect and prevent additional attacks. Forensic analysis is underway to determine how the hackers gained access. That process can be time-consuming, taking up to eight hours per computer and 150 desktops and laptops to go through.

All Pottawatomie County offices are open and serving the public, though certain business may take more time while computers are being fully restored. Email and driver's license systems are still down.