Officials with the Lansing Board of Water & Light (BWL) publicly acknowledged on Tuesday that the utility paid a cybercriminal operation $25,000 to regain control of its accounting and email systems in the days following an April 25 ransomware attack, according to a report by the Lansing State Journal.
“Paying the ransom was distasteful and disgusting, but sadly necessary,” said BWL GM Dick Peffley during a meeting of the BWL Board of Commissioners' Committee of the Whole, the Journal reported. The attack also forced the utility to shut down its phone lines, including one used for customer account inquiries, and took about a week to recover from, the report continued.
The $25,000 represented a small portion of the $2.4 million in costs BWL incurred due to the incident, all but $500,000 of which was covered by insurances. The costs went toward deploying an emergency response team, crisis management, mitigation efforts, cybersecurity personnel and improved technologies.