The attack was first reported
But in a presentation late Wednesday at county council's meeting, chief information officer
Over the next few weeks, he said, the hackers used their access to the system to identify and steal sensitive data. On
The county contacted the company through which it holds cybersecurity insurance, as well as the FBI, and both began an investigation, Bilotta said. The investigation is ongoing, he said, and that limited the amount of detail the county could share. It was unclear whether the hack was a foreign or domestic threat.
Eventually, the county agreed to pay the hackers $25,000, which was covered by the deductible on its insurance policy. The county was then given a code that allowed it to have control of the system again, and a list of files that had been stolen by the hackers.
Council President
"We had to balance [making the payment] with the costs to the county if we didn't pay the ransom, and those costs would've been high for manpower and womanpower and downtime for all of the departments," he said. "It's tough to measure the economic consequence to that, but I know it would've been a more profoundly disturbing incident if we hadn't taken the actions we had taken."
Councilmember Christine Reuther echoed those comments, saying that paying the ransom and restoring access to the system allowed the county to avoid missing a payroll cycle for its employees, and ensured that it could pay all of its vendors, who were struggling financially due to COVID-19 restrictions, on time.
"To put their cash flow at risk, to put payroll at risk, to put other things at risk, it really wasn't an option and it was also a decision we didn't make in a vacuum," Reuther said.
In the coming weeks, county officials are working to upgrade the network's security software, which they noted was inadequate, and better staff the county's IT department.
He said the $25,000 paid in this instance was "getting off cheap, especially for a government entity."
"There is honor among thieves, so when you pay, they're giving the decryption keys," he said. "They're living up to their end of the deal, because if they don't, at the next attack, they're not going to get the payday. The company is going to say, 'You know what, it's not worth the risk.'"
(c)2021 The Philadelphia Inquirer. Distributed by Tribune Content Agency, LLC.