Montgomery County pays ransom, regains files held hostage in cyber attack

MONTGOMERY CO., AL (WSFA) - The ransomware attack that brought one of the largest counties in the state to a screeching halt has been resolved, both the cyber hacker and the county made good on their promises: the county paid more than $37,000 dollars in return, the files were returned.

"I hate to say this, but their reputation is that they do return stuff", said Lou Ialacci, Montgomery County's Chief IT Officer, a theory that changed from the first time we spoke to him, following the attack. "They think of themselves as modern day Robinhoods, they are here helping the masses. They are the good guys, they are going to come in, hack you and grab the files. If you pay them, that's your punishment for letting them in."

The payment was made in the form of internet currency called bitcoins, a value that changes daily like stocks. On Friday, the value of nine bitcoins was more than $37,000, Monday the value dropped to $32,837 dollars.

Ialacci said the department was in communication with the hackers through the dark web.

When questioned whether he was concerned about communicating with the hacker, Ialacci responded, "Only in the fact that we were dealing with an unknown that had our lives in their hands. Their communication was never threatening, they said you have a timeline and you have to meet it. If you pay us we will never hit you again."

Ialacci asked the hackers how they made it into the system, something they would only offer up for three more bitcoins.

"We didn't do that, we are going to try to figure it out", Ialacci stated.

The ransomware attack was a new variant of the SamSam ransomware attack that's wreaked havoc on governments and businesses across the globe. For all intents and purposes, the outlook for Montgomery's data on Friday was grim, dealing significant blows to the Montgomery County District Attorney's Office, essentially stopping criminal prosecutions.

Friday, the Montgomery County Commission called an emergency meeting to authorize funds to work through the attack, which included paying the ransom.  That move was triggered after the servers that Ialacci felt would save the county from this attack were not in fact backed up.

"We had two forms of backup, one is a replication, the other is a direct backup to storage off-site, the breakdown was in the storage off-site", Ialacci stated.

Ialacci called the issue a perfect storm, the week before the attack the backup servers were at 90 percent capacity and elected to wait until the new budget was passed to expand the server.

"When we went to retrieve the data, we had the vendor come in and try to get to that data", Ialacci explained.  "Their recommendation is to do a cleanup when we did the cleanup is when we lost the data."

Ialacci maintains all the files were returned to his knowledge, and no personal information was compromised. As for whether this sets a precedent for any government's future dealings with ransomware attackers, it's yet to be seen.

Now the work begins to strengthen the system, expand the server space and get the county back up and running.  Many of the departments are still offline.  The Probate Office hasn't issued tags, marriage, and business licenses in a week. County property taxes are due on October first.

"We are going to enhance backups", Ialacci stated. "We have a plan in place to clean up what we have.  We are going to start backups today, take precautionary measures, and be a lot more stringent than before."

No word when all county departments will be operational again.

Copyright 2017 WSFA 12 News. All rights reserved.