Weeks after a cyberattack crippled the San Bernardino County Sheriff’s Department computer systems, county officials confirmed that the hackers had been paid a $1.1-million ransom.

The ransomware attack, discovered in early April, forced the department to temporarily shut down some of its computer systems, including email, in-car computers and some law enforcement databases, including a system that deputies use for background checks.

After negotiating with the hackers, San Bernardino County paid slightly less than half the total — $511,852 — and its insurance carrier covered the rest, said county spokesman David Wert.

“On balance, and consistent with how other agencies have handled these types of situations, this was determined to be the responsible course,” Wert said.

Ransomware attacks on public institutions such as cities, school districts and hospitals have risen sharply in the U.S. in recent years. Government computer networks can contain troves of sensitive data and often have less robust protections than those of major companies.

During a ransomware attack, hackers steal or block access to key files or data, then demand payment in exchange for returning or restoring them. Such attacks can also involve threats that sensitive information, such as Social Security and credit card numbers, will be exposed if the victim doesn’t pay.

The FBI says it does not pay ransom in such attacks and advises victims not to either.

It’s exceedingly rare for ransoms to be paid for hacks involving law enforcement agencies, in part because of who could be on the receiving end of the transaction, said Clifford Neuman, the director of USC’s Center for Computer Systems Security.

“If you’re paying through cryptocurrency, you don’t know who you’re paying it to,” Neuman said. “It could be a sanctioned entity, whether it’s Iran, whether it’s North Korea, whether it’s a terrorist organization.”

Story continues

And,…