Feb 16, 2024 By Mike Jones 4 min read

Washington County sent nearly $350,000 in cryptocurrency to a Russian hacker last week in order to end the cyberattack that crippled the county’s government and courthouse.

County solicitor Gary Sweat read a lengthy statement during Thursday’s board of commissioners meeting in which he detailed aspects of the cyberattack and why officials thought they needed to hold an emergency meeting on Feb. 6 to pay the ransom.

“Foreign cybercriminals were able to seize control of the county’s network, basically paralyzing all of the county’s operations,” Sweat said. “The attack was unprecedented. I think it’s safe to say no one at this table has ever encountered or experienced such a cyber incident.”

Sweat said the county first detected the cyberattack on Jan. 19 and that it eventually “evolved into a ransomware attack” on Jan. 24 that caused major issues for its network and computers. The county’s information technology department worked closely with federal investigators and third-party cyber experts in an attempt to combat the hackers and contain the malware from spreading while trying to understand the scope of attack.

One of the digital forensic consultants, Sylint, confirmed to county officials on Feb. 5 that the hackers had “large amounts of data” from the county’s network that could be “injurious to the county and its residents” if released on the dark web, Sweat said. With a deadline to pay the ransom looming, Sweat said county officials gathered for a videoconference later that night to weigh their options. In addition to the sensitive data the hackers obtained, county officials worried it could take three to four months to rebuild their data in the network if they didn’t pay the ransom.

Sweat said he advised the commissioners on Feb. 6 to hold an emergency meeting after the hackers gave them a 3:30 p.m. deadline that day to pay the ransom. The commissioners voted 2-1 to authorize payment of up to $400,000 to DigitalMint of Chicago, a firm that specializes in selling cryptocurrency, to settle the cyberattack and help the county restore its computer server.

Sweat said within that payment was the ransom of $346,687, which was sent to the hackers in exchange for a “digital encryption key” to unlock the system with the understanding that no private information would be shared on the dark web. DigitalMint was also paid a fee of $19,313 for its work to facilitate the transfer.

Sweat said Thursday that the federal investigators urged officials not to make public statements because the “entire county campus was considered a crime scene” at the time and the hackers were monitoring media reports of the situation. He said most of the systems are now functioning normally again and they’re taking various steps to better protect the county’s computer network.

“While paying the ransom was not the county’s first choice, we decided that after weighing all factors, it was the best approach,” Sweat said.

The commissioners decided to vote again Thursday to ratify the motions from the Feb. 6 emergency meeting to confirm their legitimacy in case any questions arose over the Sunshine Law, although Sweat said he believed there was a “clear and present danger to life and property” that necessitated the last-minute meeting.

Commissioner Larry Maggi, who voted against the motions at the emergency meeting and did so again Thursday, said he understood why the county decided to pay the ransom, but that it was still “disconcerting” to him.

“I just have a lot of concerns with this,” Maggi said. “I just find this repugnant that we’re giving in to cybercriminals from another country. … We’re living in fear of criminals from Russia. The whole thing stinks (and) that’s why I’m voting no on this.”

Commission Chairman Nick Sherman said he agreed with Maggi’s assessment, but he didn’t think they had a choice in the matter, especially since sensitive information had been compromised, including some involving children who are supervised by the courts. Sherman added that he’s confident the hackers will “go away” now that the ransom has been paid.

“Nobody wanted to pay this. This isn’t something where you wake up in the morning and are excited to pay a cyber ransom,” Sherman said. “This is a very dangerous situation, and Washington County is a victim.”

Sherman and Commissioner Electra Janis then voted to ratify the two motions while Maggi voted against them, just as they had at last week’s emergency meeting.