San Bernardino County Pays Hackers $1.1 Million Ransom Following Cyber Attack

In April, a hacker caused a “network disruption” in the computer system of the San Bernardino County Sheriff’s Department. The county had to pay the hacker $1.1 million to get back into the network.

Officials from SBC announced the payment on Friday. They said that the hacker used ransomware to get into the sheriff’s department’s computer system.

SBC Sheriff Shannon Dicus said that one of the problems was that sheriff’s officials couldn’t get into a system that tells them if someone is wanted for crimes in other parts of the county.

County officials say that department officials found out about the incident on April 7. They said that they immediately locked down the network and were working with its IT staff and third-party forensic experts to find out what happened.

After the problem, county officials told other law enforcement agencies, like the FBI and the Department of Homeland Security, about what happened.

The U.S. Cybersecurity and Infrastructure Security Agency says that a ransomware attack happens when a hacker gets into a system, usually through bad software. The attacker then encrypts the server’s data and asks for something in exchange for being able to read it.

During the April problem, no one knew if it was a hack or some other kind of threat against the sheriff’s office.

County officials did not say when the hackers were paid the $1.1 million ransom, how long the system was unavailable to the department, or why they didn’t tell the public about the payment until now.

The Daily Press asked county officials a number of questions, such as if the paid ransom came with a promise that there wouldn’t be any more attacks and how the cash was paid.

David Wert, a spokesman for SBC, told the Daily Press on Friday that more information about the cyberattack could not be shared at this time because a criminal probe is still going on.

Why Was a Ransom Paid?

After “careful consideration,” the people in charge at SBC decided to pay the unknown hacker $1.1 million to get back control of their system. County officials said that SBC paid out $511,852 because of an insurance policy.

“The County had made sure it had the right insurance coverage in case something like this happened,” Wert said. “After talking with the person who did it, the insurance company and the County came to an agreement on a payment to fix the system and protect any data that was compromised. Most of the cost is paid for by insurance.”

The other $600,000 that paid the ransom was not talked about by county leaders.

The tweet below verifies the news:

Dicus said that the ransomware attack did not hurt the safety of the people. Investigators have not yet found out if any information was taken during the computer attack or if the hacker can be found.

The sheriff’s office is doing a forensic investigation to fully understand what happened. County officials say the results will be important for public agencies that want to stop similar acts.

Click on the following links for more news from the California Examiner:

Dallas is Also Hit by a Similar Computer Attack

This kind of high-tech crime doesn’t just happen in San Bernardino County. The Dallas Morning News said Thursday that a well-known group called Royal was behind a ransomware attack on the City of Dallas that “significantly affected” the cops and put other city services at risk.

City Manager T.C. Broadband said that since Wednesday morning, when the Information and Technology Services of the City of Dallas found a cyber threat, workers have been working hard to stop the problem and keep residents’ services running.

Melinda Urbina, a spokeswoman for the FBI’s Dallas office, said that the agency knows about the attack and is in touch with city leaders. She wouldn’t give any more information about the probe.

In a written statement, Dallas Police Chief Eddie Garcia said that the power loss had “significantly changed the way the department works.”

According to the chief, the hack also affected the Dallas Police Department’s website, internal share drives, and applications related to personnel issues.

Jim McDade, head of the Dallas Firefighters Association, said that because of the attack, Dallas Fire-Rescue had to go back to an old way of manually dispatching calls through radio.

In a recent joint warning, the FBI and the Cybersecurity and Federal Infrastructure Security Agency said that Royal uses encryption that was made just for them.

The group started around September 2022, and U.S. and foreign organizations have been hacked, according to the agencies.

Bhavani Thuraisingham, a professor of computer science at the University of Texas at Dallas, said that Royal is a clever “gang” that uses both old and new ways to get into victims’ systems.

Authorities say that phishing is how “threat actors” with Royal get into target networks about two-thirds of the time. Thuraisingham said that the group can also use tools for remote desktop control to get into a machine.

In the advisory, the FBI said that Royal promises to make the data public if the victim doesn’t pay the ransom. It wasn’t clear at first what Royal might have asked the city of Dallas to do.

It’s not clear if Royal is responsible for the ransomware attack on the computer system of the San Bernardino County Sheriff’s Department.

Get ahead of the curve by accessing breaking news and insightful articles on – start exploring today!

Scroll to Top