Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack

Microsoft was paid $703,697 to help Pennsylvania Senate Democrats rebuild IT systems after 2017 ransomware incident.
Written by Catalin Cimpanu, Contributor

The Pennsylvania Senate Democratic Caucus paid $703,697 to Microsoft to rebuild its IT infrastructure after suffering a ransomware infection in March 2017.

The incident took place on March 3, 2017, when the organization's entire IT systems, including its web servers, went down at the hands of a yet-to-be-revealed ransomware strain.

Also: 7 tips for SMBs to improve data security TechRepublic

The ransomware encrypted files and requested payment of 28 bitcoins for the decryption key to unlock the ransomed data.

The ransom demand was worth nearly $30,000, based on the Bitcoin-to-US dollar exchange rate at the time, but officials declined to pay, opting to restore some of the data from backups and rebuilding its entire IT systems from scratch.

That decision resulted in a $700,000 invoice from Microsoft, according to information obtained via a Right-to-Know request by local reporters from TribLive.

But this has been a trend among ransomware victims in the past year. Pennsylvania Senate Democrats aren't the only ones who opted to rebuild their entire IT systems rather than pay a ransom demand.

The city of Atlanta was the victim of a similar attack earlier this year, in March, when the SamSam ransomware infected a large number of the city government's computers. While initial IT rebuilding costs were estimated at $2.6 million, that sum quickly rose to $9.5 million, and the final bill is now expected to reach a whopping $17 million.

Similarly, after getting hit by the SamSam ransomware twice in February and March, this year, the Colorado Department of Transportation also chose to rebuild its IT systems, which ended up costing the agency $1.5 million, so far.

Also: Best Home Security Devices for 2018 CNET

But the biggest confirmed post-ransomware IT rebuilding bill was reported by the Erie County Medical Center in Buffalo. The healthcare org told local press that after falling victim to a ransomware infection in the summer of 2017, they chose to pay $10 million for a brand new IT infrastructure instead of paying the smaller $30,000 ransom demand.

The reasons why all these organizations choose to rebuild their IT systems are because they'd have to do it anyway, regardless if they pay the ransom to recover data or not.

Some of these ransomware infections were the work of organized cybercrime groups that don't rely on spam email to infect organizations via careless employees, but on weak points in the IT infrastructure, such as insufficiently protected RDP endpoints, Java-based web apps, and more. These are targeted attacks that can be exploited repeatedly until system administrators deploy proper fixes.

Some organizations simply choose to rebuild and avoid future headaches, which in hindsight, is a much better idea, albeit costly in the short term.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Five computer security questions you must be able to answer right now

If you can't answer these basic questions, your security could be at risk.

Critical infrastructure will have to operate if there's malware on it or not

Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.

Ordinary Wi-Fi devices can be used to detect suspicious luggage, bombs, weapons

Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.

Related stories:

Editorial standards