Pennsylvania county shells out a $500K ransom to recover stolen data
Delaware County says election data remains securely tucked way on a separate network


Last week, hackers stole data from Delaware County, Pennsylvania and asked for a $500,000 ransom. New reports claim the county has buckled and will use its insurance coverage to pay the fee and restore the data.
The cyber attack led to the county taking parts of its network offline when it discovered the compromise.
"The County of Delaware recently discovered a disruption to portions of its computer network. We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems," said the county.
The county added that the Bureau of Elections and the County's Emergency Services Department were not impacted and were on separate computer networks from The County of Delaware.
“There is no evidence they were impacted by the disruption,” it added. “The County is working to resolve this issue as quickly as possible and will provide updates when they are available. Thank you for your patience as we work to restore the functionality of our systems.”
It is thought that the IP address for the Delaware County attack is tied to the Netherlands, but the attack could have originated elsewhere.
Chad Anderson, senior security researcher at DomainTools, told IT Pro that ransomware authors have increasingly gone after the double extortion attacks for the simple reason that this further encourages their victims to pay.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“When sitting on a treasure trove of sensitive personal information, attackers know that the looming threat of exposing it on hacking forums gives them more leverage to instigate a payment. This all comes of course with an increasing number of businesses paying, further incentivizing attackers to use this extra leverage,” he said.
Anderson added that governmental bodies and public entities are particularly attractive targets for cyber-crime gangs and nation-state actors because of the financially lucrative or politically sensitive information they hold.
“Government minsters, civil servants and anyone else involved in the process of government need to be especially vigilant to phishing emails – which remain the most popular entry vector for ransomware - and the security measures in place need to be the most stringent available, including user training on the risks and tell-tale signs of a phishing attack and email filtration systems,” said Anderson.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
If you use AI for your product video, I respect your company less
Opinion Synthetic product shots and presenter videos don’t just create a bad first impression – they toxify your entire brand
-
The FBI thinks it's nailed the notorious 'IntelBroker' threat actor
News A British man believed to be the notorious ‘IntelBroker’ hacker has been charged in the US following their arrest in France earlier this year.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
‘A huge national security risk’: Thousands of government laptops, tablets, and phones are missing and nowhere to be found
News A freedom of information disclosure shows more than 2,000 government-issued phones, tablets, and laptops have been lost or stolen, prompting huge cybersecurity concerns.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operators
News A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attack
News A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.