loader gif

City of Valdez got hit by the Hermes ransomware and ended up paying $26,000

  • The ransomware attack, which occurred in July 2018, crippled 27 servers and 170 computers.
  • In order to unlock the infected systems, the attackers demanded $26,000 in bitcoins.

The City of Valdez, Alaska, admitted that it paid hackers to recover from a ransomware attack that occurred in July 2018. The city was hit by the Hermes ransomware, which crippled 27 servers and 170 computers. In order to unlock the infected systems, the attackers demanded $26,000 in bitcoins.

With no option left to restore the affected systems, the city officials reportedly negotiated with the hackers to fulfill their demands.

"Based on recommendations from several cyber-crimes specialists, the City engaged a specialty cyber-incident response and digital forensics firm based out of Virginia. The firm anonymously contacted the attackers on the City's behalf to investigate and possibly negotiate ransom terms," Bart Hinkle, Valdez police chief and operations section chief for the cyber incident response, said in a statement, ZDNet reported.

Before purchasing the decryption key from the ransomware operators, the city officials, along with a third-party firm, verified whether the hackers that launched the attack could, indeed, decrypt the data.

"After consultation with the City legal team, our insurance carriers, and careful consideration of the best interests of the City, I authorized the third-party firm to negotiate and pay up to the amount of the ransom demand," said Elke Doom, city manager and incident commander for the cyber incident response of Valdez.

Once the ransom was paid, city officials confirmed that they have been slowly able to bring the city’s IT systems back online. All the decrypted files have been changed to read-only mode over concerns that hackers may have injected malware into these files, before returning them.

In addition, Valdez officials plan to rebuild the city’s IT systems and boost the security system in 2019 to prevent such attacks in the future.

loader gif