Sheriff Austin Garrett said Friday that hackers who compromised the office's computer system's and knocked them off the air for over two weeks were asking $300,000 in ransom.
The sheriff said, instead of paying the hackers, county IT and a cyber security firm were able to eventually get the full system restored. yemusis providing a final update on the recent cyber-ransomware event that occurred on the morning of April 14, 2025.
The cost for the work of the security firm was $48,000.
Sheriff Garrett said, “As I stated in my last update issued on Tuesday, all public accessible programs have been restored and as of Thursday, the remaining internal software systems we utilize to connect with local and state law enforcement and government agencies have also been fully restored. In order to bring these systems back online, several internal benchmarks had to be made before those connections could occur.
"Since this incident initially occurred on April 14, our Information Technology staff have worked tirelessly and diligently around the clock to bring our network systems back online. We are fortunate to have such a talented IT team comprised of 13 full and part-time employees whose quick response and collaboration with our cyber security firm helped to mitigate and ultimately recover from this entire incident.
"Just like we have deputies assigned to specialized teams who respond to critical incidents, for our IT team, this was their 'SWAT' call. This incident placed our agency in a crisis and our team’s quick response and expertise proved vital to our recovery. As sheriff, I couldn’t be more proud of them and the talent that we have working in Information Technology Services.
"In the words of my Chief of Staff, Ron Bernard, 'The HCSO IT team worked tirelessly to identify the threat, document, recover systems to full function, and further enhance our protective measures. Their processes pre-event ensured our software was operating as designed and ensured backups were functioning as designed allowing the HCSO to essentially "pick up" where we left off on April 13th.'
"As your Sheriff, I remain committed to the transparency of this office and its service to you. I believe it’s important for you, the taxpayer we serve, to know the costs associated with this incident. While there is no way to quantify the loss of productivity this caused our agency or the inconvenience it may have caused you, I can tell you the demand from the threat actors was $300,000. While we certainly did not entertain paying this, there was an expense of $48,000 incurred for Vendetta, the outside Cyber security firm.
"It is a privilege and honor to serve you as your sheriff and I appreciate the public’s patience and support always.”
Timeline:
April 14, 2025 The Hamilton County Sheriff’s Office (HCSO) was victimized with a cyber ransom attempt by bad actors(s). The HCSO Information Technology (IT) Team interrupted their activities and isolated the network.
April 14-16, 2025 The HCSO engaged with a cyber security firm, Vendetta, to isolate, investigate, and recover from the event. Several days were needed to gather forensic intelligence and install additional monitoring software on all systems.
April 17-21, 2025 HCSO Information Technology personnel worked to restore network environment. The process included configuration restoration along with additional hardening of systems.
April 23, 2025 Agency Email became operational
April 23-30, 2025 HCSO Information Technology personnel methodically brought systems online
May 1, 2025 HCSO resumes full operations