SAN BERNARDINO — The network distribution that hit the Sheriff’s Department in April was a ransomware attack, San Bernardino County officials have confirmed. The county and its insurance agency paid over $1 million to stop the attack.
Ransomware is a type of malware whose sender threatens to publish the victim’s personal data or permanently block access unless a ransom is paid. In this instance, the malware infected portions of the sheriff’s information technology system.
Sheriff’s Department workers became aware of a network disruption that affected some of their systems April 7.
After negotiating with the responsible party, the county’s insurance carrier and the county agreed to a payment to restore the system’s full functions and secure any data exposed in the breach.
“The county had prepared for the possibility of such an incident by securing appropriate insurance coverage,” said county spokesman David Wert in a public statement.
Insurance covered most of the payment, he said. The county paid $511,852.
“The decision whether to render payment was the subject of careful consideration,” Wert said. “On balance, and consistent with how other agencies have handled these types of situations, this was determined to be the responsible course.”
As part of its criminal investigation, the Sheriff’s Department is conducting a forensic examination to achieve a full understanding of the incident.
It is unclear exactly what part of sheriff’s network was affected by the attack, but all of their systems were initially taken off line as a precaution. The sheriff’s calls provided to the public and some of their other systems are still off line.
“When we learned of the ransomware, we immediately shut down our network and are slowly bringing it back online after careful vetting,” said Sheriff’s Department spokeswoman Gloria Huerta.
Huerta said it is not clear where the activity originated.
She said the Sheriff’s Department will not disclose any more information because the criminal investigation in ongoing.