Cyber Incident Victim: La Porte County
Date:
Jul 2019
Location:
United States of America
Summary
A ransomware attack encrypted data on computer systems at La Porte County, Indiana, prompting a $130,000 Bitcoin payment to Ryuk operators after decryption efforts involving the FBI and forensic experts failed. The intrusion was partially contained to under 7% of laptops but compromised two domain controllers, causing extended network outages that disrupted government emails and the county website for multiple days. Insurance covered $100,000 of the ransom, which followed unsuccessful recovery attempts. The Ryuk malware, linked to prior attacks on other municipalities through Emotet and Trickbot infections, rendered critical systems inaccessible until payment. This incident occurred amid broader trends of local governments facing ransomware demands, with some opting to pay despite law enforcement discouragement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 6, 2019, La Porte County, Indiana, experienced a Ryuk ransomware attack that disrupted county operations. The intrusion was detected before it could spread to all networked computers, with the IT department successfully containing the infection to fewer than 7% of laptops. Despite this containment, critical infrastructure was compromised when two domain controllers fell victim to the ransomware, rendering network services inoperable. Government email systems and the county’s public website remained non-functional three days after the initial attack, significantly impairing administrative communications and public service delivery. Forensic investigators and the Federal Bureau of Investigation (FBI) collaborated on recovery efforts but were unable to restore files encrypted by Ryuk without the attackers’ decryption keys. The ransomware’s impact extended beyond immediate service disruptions, forcing county officials to evaluate irreversible data loss against financial concessions to the threat actors.
After determining that decryption methods provided by the FBI could not recover the encrypted data, La Porte County authorized a $130,000 Bitcoin ransom payment to the attackers. Insurance coverage through Travelers Insurance offset $100,000 of this cost, a policy secured the prior year on the recommendation of the county’s liability agent. The Ryuk variant involved in the attack had previously targeted other municipalities, including Lake City, Florida, in June 2019, where it was deployed via a multi-stage infection chain involving Emotet and Trickbot malware. Emsisoft, an antivirus firm, noted Ryuk’s decryption success rates ranged between 3% and 5%, leaving limited alternatives for data recovery. This incident followed a pattern of ransomware payments by local governments, including two Florida municipalities that collectively paid over $1 million to attackers in June 2019. Concurrently, U.S. mayors adopted a resolution opposing ransom payments to discourage future attacks, reflecting broader debates over the ethics and consequences of funding cybercriminal operations.