San Bernardino County has acknowledged that it has paid a $1.1 million ransom to a hacker who uploaded malware to the Sheriff’s Department’s computer system.
In a ransomware attack, a criminal enters a system and encrypts the data, leaving the owner unable to access it. If a ransom is paid, usually in cryptocurrency, the criminal will provide a decryption key to unlock the data.
For weeks, the county said little publicly about the hack, other than to call it a “network disruption.”
County spokesman David Wert said the county had anticipated such a computer invasion and had taken out insurance. He said that of the $1.1 million payout, the county’s share was $511,852 and the insurance company paid the rest.
Sheriff Shannon Dicus said the cyber attack did not compromise public safety, but workarounds were required for certain tasks. For instance, he said, deputies could not access the California Law Enforcement Telecommunications System (CLETS), which can tell deputies when a person is wanted for crimes elsewhere in the country. So deputies would ask other agencies to check the CLETS records.
It was unclear whether any information was stolen. The department is still going through its systems to learn what has been affected. Those that have been determined to be safe and functioning are being turned back on, said Mara Rodriguez, a sheriff’s spokeswoman.
No other county department computer systems were affected, Wert said.
“The decision whether to render payment was the subject of careful consideration,” Wert said. “On balance, and consistent with how other agencies have handled these types of situations, this was determined to be the responsible course.”
The Sheriff’s Department is conducting a forensic examination of the hack, “the findings of which will benefit all public agencies looking to avoid a similar occurrence,” Wert said. The FBI was also investigating, the county has said.
(c)2023 the San Bernardino County Sun. Distributed by Tribune Content Agency, LLC.