Welcome Guest ( Log In | Register )

Reply to this topicStart new topic
> The municipal scourge of RANSOMWARE
post Aug 21 2019, 12:11 PM
Post #1

Really Comfortable

Group: Members
Posts: 1,148
Joined: 19-November 09
Member No.: 969

Malware attack on county computers

LP County website, government email servers out of operation


La PORTE – All La Porte County government emails, and the county website, remained out of commission late Tuesday following a malware virus attack that affected the system on Saturday morning.

La Porte County Board of Commissioners President Dr. Vidya Kora said Sunday evening the system will be inoperable as authorities respond to a “malicious malware attack that has disabled our computer and email systems.”

County Attorney Shaw Friedman confirmed Tuesday that county government computers were "impacted by a sophisticated ransomware virus" early Saturday morning.

“Fortunately, our IT team reacted quickly and shut down much of the system, even though it was a weekend," Friedman said. "Less than 7 percent of our laptops have been infected, however, it did hit our two domain controllers, which means no server can access network services."

An insurance policy taken out last year will help the county recover, Kora said,

“Fortunately, our county liability agent of record, John Jones, last year recommended a cybersecurity insurance policy which the county commissioners authorized from Travelers Insurance" he said.

"We informed Travelers Insurance late Saturday of the malware attack and they immediately referred us to the Wayne, Pennsylvania, incident-response law firm of Mullen Coughlin LLC that specializes in responses to such cyber-attacks and coordinates system repairs and protection of our computers from further such virus infections," Kora said.

The forensic investigation firm has been retained to determine the nature and scope of the incident, including how the county could have been infected, Friedman said.

Several county officials, including Kora, Council President Randy Novak, along with the auditor, county attorney and IT Department took part in a conference call Sunday with the incident response team assembled by Mullen Coughlin, Kora said.

The call was "to develop a game plan to respond to the attack and come up with an approach to repair our systems and protect them from further damage."

The county's IT Department has been working long hours to try and get things operational, including spending Sunday to ensure that the Courts and Prosecutor's office remained functional, Friedman said.

"This particular ransomware variant – known as RYUK – is especially insidious as it seeks to delete or encrypt system backups. We are exhausting all possibilities, including tapping the FBI cybersecurity unit and reviewing all 'workarounds' in order to determine how to restore the county to a full operational status.”

Staff from Mullen Coughlin arrived in La Porte on Sunday night to assist, Kora said. They will also help prepare documentation to report the attack to the FBI and other appropriate law enforcement agencies.

Kora and Friedman praised the efforts of the IT Department.

"I commend our IT Director Darlene Hale and her team for shutting down our systems Saturday afternoon as soon as the malware virus was detected," he said. "Unfortunately, at least half our servers have been infected and it will take some time to fully restore service. I ask for patience from the public as we seek to become fully operational again.”

Friedman echoed that sentiment.

"Darlene Hale and her team have been working 15 hour days since this virus hit to try to restore portions of our system that can be restored," he said. "We ask for patience from all concerned.”

"Texas is the latest state to be hit with a cyberattack, with state officials confirming this week that computer systems in 22 municipalities have been infiltrated by hackers demanding a ransom. A mayor of one of those cities said the attackers are asking for $2.5 million to unlock the files."


User is offlineProfile CardPM
Go to the top of the page
+Quote Post
post Aug 24 2019, 05:51 AM
Post #2

Really Comfortable

Group: Members
Posts: 1,148
Joined: 19-November 09
Member No.: 969

Cyber attack forces emergency shutdown of Lake County government servers, IT working through weekend to purge system

Will Rack

CROWN POINT — Lake County has been hit with a cyber attack that forced the shutdown of email service and several internal applications throughout county government, officials said Friday.

The breach came in the form of ransomware, a type of malicious software that denies access to computer systems until a ransom is paid to the attacker.

As of Thursday afternoon, the county's IT staff was installing cyber security software on 3,000 individual employee laptops, Mark Pearman, director of county's information technology office, said. They are also working through installing cyber security to clear the ransomware on 40 county servers.

"We are making progress," Pearman said. "We are going slow because we don't want to miss anything that could cause problems in the future or re-infect the system."

He said there has been no evidence of date theft from county servers and communications, calling the attack a "lock out." It will be an all-weekend project to restore all systems and more information will be known by Monday.

Systems administrators first noticed the ransomware on some county computers Thursday afternoon. To prevent the virus from spreading, IT staff began taking encrypted and unencrypted servers off the network “out of an abundance of caution,” he said.

The IT department is working with Crowdstrike, the county’s cybersecurity contractor, to conduct a damage assessment, which involves scanning all county servers and roughly 3,000 computers to determine which have been corrupted.

“Our main effort right now is to mitigate the issue,” Pearman told The Times, adding that a preliminary investigation indicates the ransomware was hidden on county systems earlier this month and “sat there until now.”

Pearman said in his 45 years of working with Lake County, nothing like this has ever happened. However, the reality is that more and more instances of ransomware attacks are becoming more common.

"It's becoming more prevalent," Pearman said. "More counties and cities having been dealing with this issue."

The attack against Lake County computers comes about a month after LaPorte County suffered a similar breach. In that case, LaPorte paid a ransom of $132,000 worth of Bitcoin to the attackers to restore access to their affected systems.

Lake County maintains insurance coverage against various cyber contingencies, according Commissioner Mike Repay, D-Hammond. Repay said the Board of Commissioners has not decided if it will end up paying whoever launched the attack, because the ransomware only included a "request for communication" and the county has yet to respond.

As of Friday afternoon Pearman said no dollar amount had been requested and the county has not answered the cyber attackers' request for communication.

Meanwhile, email service on the county domain remains suspended, meaning messages cannot be sent from or received by addresses ending in lakecountyin.org, according to Pearman. County employees still have internet access and have been asked to conduct business using their personal emails, if necessary.

Lake County’s critical public safety agencies appear to have been spared from the ransomware attack. Systems at Lake County 911 and the Sheriff’s Department remain online, so “law enforcement was not affected,” Pearman said.

At this time, Crowdstrike is still investigating the source of the attack. He said because the FBI was involved in the LaPorte cyber attack, it is likely they will also be involved in this investigation down the road. Any leading information Crowdstrike finds will be passed to law enforcement agencies.

"All ransomware attack motives are always for money and sadly that's the word we live in," Pearman said. "We can only do what we have to in order to prevent it. Still, there's no 100 percent guarantee to prevent such attacks from happening."

User is offlineProfile CardPM
Go to the top of the page
+Quote Post
post Sep 22 2019, 07:46 AM
Post #3

Really Comfortable

Group: Members
Posts: 1,148
Joined: 19-November 09
Member No.: 969

Payouts from insurance policies may fuel ransomware attacks

Kathleen Foody Associated Press

CHICAGO — The call came on a Saturday in July delivering grim news: Many of the computer systems serving the government of LaPorte County had been taken hostage with ransomware. The hackers demanded $250,000.

No way, thought County Commission President Vidya Kora. But less than a week later, officials in the county southeast of Chicago agreed to pay a $132,000 ransom, partially covered by $100,000 from their insurance provider.

"It was basically an economic decision," Kora said. "How long do you keep all these employees sitting, doing nothing? Whereas if you pay this, we can be back up and running."

That's precisely the calculation hackers count on. Now some cybersecurity professionals are concerned that insurance policies designed to limit the damage of ransomware attacks might be encouraging hackers, who see insurers covering increasingly large ransoms and choose to target the type of institutions likely to have coverage.

"Once a cybercriminal finds a formula that works for them, they're going to stick to it," said Tyler Moore, a cyber security professor at the University of Tulsa. "If you're a company or a city that has this coverage, the decision of whether to pay is quite clear. It gets more difficult when you take a step back and look at the societal view."

This year alone, the average ransom payment climbed from $12,762 at the end of March to $36,295 by the end of June — a 184% jump — according to Coveware, a firm that negotiates on behalf of ransomware victims.

Officials have cited insurers' help paying ransoms in recent high-profile hacks, including those in several Florida cities that paid six-figure ransoms. Elected officials reassured the public that taxpayers were only accountable for a deductible.

The mayor of New Bedford, Massachusetts, acknowledged this month that city officials offered to pay $400,000 after ransomware locked up 158 city computers in July. The hackers had demanded $5.3 million.

In a statement released two months later, Mayor Jon Mitchell said he was initially reluctant to negotiate, but he eventually concluded that it would be "irresponsible" to dismiss "the possibility of obtaining the decryption key if insurance coverage could cover the full cost of the ransom payment."

New Bedford never received a counteroffer from its hackers. Insurance coverage through AIG is expected to help with the cost of recovering lost files and upgrading security, Mitchell has said.

The earliest use of ransomware came in the late 1980s. Attackers often launch their assaults via email containing malicious links or attachments. Once they have access, they encrypt files, databases and entire computer networks until the ransom is paid.

In recent years, ransomware has become much more common, fueled by cryptocurrency that makes it easier for hackers to receive and then spend the payouts. Twenty-two local governments in Texas were hit in August . Businesses aiming to thwart hackers or repair their damage have grown rapidly in response, including insurance providers offering policies that cover ransom payments.

Insurers do not release detailed information about clients' experience with ransomware, so it's difficult to know how often victims agree to pay. One 2016 study by the nonprofit Cloud Security Alliance found that companies with insurance were more likely to pay a ransom to hackers threatening to release sensitive information — 28% compared with 22% for companies without insurance.

La Porte County officials purchased a cyber security policy in 2018, months before they got hit, Kora said. The insurance company, Travelers, sent a law firm and a cybersecurity team to try to restore the computer systems and simultaneously negotiate with the hackers. The county also reported the ransomware to the FBI.

No one was able to free the encrypted information, Kora said. For days, the county's criminal and civil courts stalled without access to records, databases and payment systems. Employees in other county offices had no access to email or electronic records.

LaPorte County's policy covered up to $100,000 toward a ransom payment. Feeling trapped, county commissioners decided to cover the remaining $32,000.

Texas officials have released little information on the ransomware that hit local governments, including the hackers' specific demands. The Texas Department of Information Resources said in a statement released Sept. 5 that it was not aware of any community paying a ransom.

According to the FBI, more than 1,400 instances of ransomware were reported last year, and victims reported paying $3.6 million. But former officials said that's undoubtedly a fraction of the true picture because many victims don't report, fearing damage to shareholders and loss of customers' trust.

Government agencies often don't have the option to keep quiet.

Cindy Pfeifer, clerk and treasurer of the Wisconsin village of Nashotah, was facing deadlines for property tax collections, budget preparations and completion of employees' tax documents when she began a late November workday. But her computer was useless. It had been locked by hackers demanding $10,000.

"My stomach still clenches when I think about it," Pfeifer said.

Technology staff for the village of 1,357 residents negotiated the hackers down to about $2,500. Officials paid, fearing that rebuilding records would cost much more.

Josephine Wolff, a professor of cybersecurity policy at Tufts University, fears that insurance coverage of ransom payouts gives victims distance from the ripple effect of their decision.

"By saying, 'Oh, this is just something my insurance covers,' they're forgetting that is contributing direct financial resources to future criminal operations," Wolff said.

That effect has kept some targets from making ransom payments. After hackers locked systems for vendor and employee payments at the Colorado Department of Transportation, state officials resolved not to give in. Restoring the systems cost up to $1.5 million.

"We don't know what that ransom payment is going to fund," said Brandi Simmons, a spokeswoman for the governor's office of technology. "As a state government, we don't want to be in a position of funding cyberterrorists."

Insurers said the decision about paying a ransom is ultimately the victim's and not dictated by the terms of a policy, but it does require consideration of practical questions, said Michael Tanenbaum, head of the Cyber North America division for Chubb insurance.

How long can they operate without access to the data? Do they have functioning backups to use while experts try to get the data back? What if the stolen data can't be recovered?

Executives of a multinational company that makes $10 million a day may not blink at paying $10,000 to get data back. A $10 million ransom, though, would take more thought, said Howard Marshall, a former deputy assistant director of the FBI's cyber division, who now leads the cyber threat intelligence team at the consulting firm Accenture.

"The time for that thought process is well in advance," he said, "not when the attacker's clock is ticking."
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


Lo-Fi Version Time is now: 2nd July 2020 - 05:36 AM

Skin Designed By: neo at www.neonetweb.com