🟠 High | Source: The Register — Security
An unnamed US county, believed to be in Ohio, paid a $1 million extortion demand to cybercriminals following what appears to be a ransomware or data extortion attack. Details have emerged through leaked negotiation transcripts, shedding light on how local government entities handle such incidents. The case highlights the continued targeting of under-resourced public sector organisations and the real-world financial impact of extortion-driven attacks.
Security Architect’s Take: Review your organisation’s incident response and crisis negotiation playbooks now — ensure you have pre-agreed escalation paths, legal counsel on retainer, and offline backups tested for recovery, so payment is never the default option under pressure.
Original advisory: An unnamed US county – perhaps in Ohio – paid $1M extortion demand to cybercriminals