IPB

Welcome Guest ( Log In | Register )

> The municipal scourge of RANSOMWARE
diggler
post Aug 21 2019, 12:11 PM
Post #1


Really Comfortable
*****

Group: Members
Posts: 1,177
Joined: 19-November 09
Member No.: 969



Malware attack on county computers

LP County website, government email servers out of operation

STAFF REPORTS

La PORTE – All La Porte County government emails, and the county website, remained out of commission late Tuesday following a malware virus attack that affected the system on Saturday morning.

La Porte County Board of Commissioners President Dr. Vidya Kora said Sunday evening the system will be inoperable as authorities respond to a “malicious malware attack that has disabled our computer and email systems.”

County Attorney Shaw Friedman confirmed Tuesday that county government computers were "impacted by a sophisticated ransomware virus" early Saturday morning.

“Fortunately, our IT team reacted quickly and shut down much of the system, even though it was a weekend," Friedman said. "Less than 7 percent of our laptops have been infected, however, it did hit our two domain controllers, which means no server can access network services."

An insurance policy taken out last year will help the county recover, Kora said,

“Fortunately, our county liability agent of record, John Jones, last year recommended a cybersecurity insurance policy which the county commissioners authorized from Travelers Insurance" he said.

"We informed Travelers Insurance late Saturday of the malware attack and they immediately referred us to the Wayne, Pennsylvania, incident-response law firm of Mullen Coughlin LLC that specializes in responses to such cyber-attacks and coordinates system repairs and protection of our computers from further such virus infections," Kora said.

The forensic investigation firm has been retained to determine the nature and scope of the incident, including how the county could have been infected, Friedman said.

Several county officials, including Kora, Council President Randy Novak, along with the auditor, county attorney and IT Department took part in a conference call Sunday with the incident response team assembled by Mullen Coughlin, Kora said.

The call was "to develop a game plan to respond to the attack and come up with an approach to repair our systems and protect them from further damage."

The county's IT Department has been working long hours to try and get things operational, including spending Sunday to ensure that the Courts and Prosecutor's office remained functional, Friedman said.

"This particular ransomware variant – known as RYUK – is especially insidious as it seeks to delete or encrypt system backups. We are exhausting all possibilities, including tapping the FBI cybersecurity unit and reviewing all 'workarounds' in order to determine how to restore the county to a full operational status.”

Staff from Mullen Coughlin arrived in La Porte on Sunday night to assist, Kora said. They will also help prepare documentation to report the attack to the FBI and other appropriate law enforcement agencies.

Kora and Friedman praised the efforts of the IT Department.

"I commend our IT Director Darlene Hale and her team for shutting down our systems Saturday afternoon as soon as the malware virus was detected," he said. "Unfortunately, at least half our servers have been infected and it will take some time to fully restore service. I ask for patience from the public as we seek to become fully operational again.”

Friedman echoed that sentiment.

"Darlene Hale and her team have been working 15 hour days since this virus hit to try to restore portions of our system that can be restored," he said. "We ask for patience from all concerned.”

"Texas is the latest state to be hit with a cyberattack, with state officials confirming this week that computer systems in 22 municipalities have been infiltrated by hackers demanding a ransom. A mayor of one of those cities said the attackers are asking for $2.5 million to unlock the files."

https://www.npr.org/2019/08/20/752695554/23...of-cyberassault



https://www.crowdstrike.com/blog/big-game-h...ted-ransomware/
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
 
Reply to this topicStart new topic
Replies
diggler
post Aug 24 2019, 05:51 AM
Post #2


Really Comfortable
*****

Group: Members
Posts: 1,177
Joined: 19-November 09
Member No.: 969



Cyber attack forces emergency shutdown of Lake County government servers, IT working through weekend to purge system

Will Rack

CROWN POINT — Lake County has been hit with a cyber attack that forced the shutdown of email service and several internal applications throughout county government, officials said Friday.

The breach came in the form of ransomware, a type of malicious software that denies access to computer systems until a ransom is paid to the attacker.

As of Thursday afternoon, the county's IT staff was installing cyber security software on 3,000 individual employee laptops, Mark Pearman, director of county's information technology office, said. They are also working through installing cyber security to clear the ransomware on 40 county servers.

"We are making progress," Pearman said. "We are going slow because we don't want to miss anything that could cause problems in the future or re-infect the system."

He said there has been no evidence of date theft from county servers and communications, calling the attack a "lock out." It will be an all-weekend project to restore all systems and more information will be known by Monday.

Systems administrators first noticed the ransomware on some county computers Thursday afternoon. To prevent the virus from spreading, IT staff began taking encrypted and unencrypted servers off the network “out of an abundance of caution,” he said.

The IT department is working with Crowdstrike, the county’s cybersecurity contractor, to conduct a damage assessment, which involves scanning all county servers and roughly 3,000 computers to determine which have been corrupted.

“Our main effort right now is to mitigate the issue,” Pearman told The Times, adding that a preliminary investigation indicates the ransomware was hidden on county systems earlier this month and “sat there until now.”

Pearman said in his 45 years of working with Lake County, nothing like this has ever happened. However, the reality is that more and more instances of ransomware attacks are becoming more common.

"It's becoming more prevalent," Pearman said. "More counties and cities having been dealing with this issue."

The attack against Lake County computers comes about a month after LaPorte County suffered a similar breach. In that case, LaPorte paid a ransom of $132,000 worth of Bitcoin to the attackers to restore access to their affected systems.

Lake County maintains insurance coverage against various cyber contingencies, according Commissioner Mike Repay, D-Hammond. Repay said the Board of Commissioners has not decided if it will end up paying whoever launched the attack, because the ransomware only included a "request for communication" and the county has yet to respond.

As of Friday afternoon Pearman said no dollar amount had been requested and the county has not answered the cyber attackers' request for communication.

Meanwhile, email service on the county domain remains suspended, meaning messages cannot be sent from or received by addresses ending in lakecountyin.org, according to Pearman. County employees still have internet access and have been asked to conduct business using their personal emails, if necessary.

Lake County’s critical public safety agencies appear to have been spared from the ransomware attack. Systems at Lake County 911 and the Sheriff’s Department remain online, so “law enforcement was not affected,” Pearman said.

At this time, Crowdstrike is still investigating the source of the attack. He said because the FBI was involved in the LaPorte cyber attack, it is likely they will also be involved in this investigation down the road. Any leading information Crowdstrike finds will be passed to law enforcement agencies.

"All ransomware attack motives are always for money and sadly that's the word we live in," Pearman said. "We can only do what we have to in order to prevent it. Still, there's no 100 percent guarantee to prevent such attacks from happening."

User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Posts in this topic


Reply to this topicStart new topic
4 User(s) are reading this topic (4 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 28th March 2024 - 03:01 PM

Skin Designed By: neo at www.neonetweb.com