Feb 26, 2016

Park County government hit and disrupted by ‘ransomware’

A form of malicious software known as “ransomware” forced the Park County government to shut off all its computers for much of Tuesday. The shutdown disrupted the county’s business, but taking that precaution helped snuff out the virus before it could spread very far or deal any actual damage.

“Things like that happening, you just deal with them. That’s all you can do, because in today’s technology, it’s an everyday occurrence someplace,” Park County Chief Information Officer Mike Conners said Wednesday. “We’re just glad we were prepared for it.”

The ransomware apparently got onto a county computer sometime Monday night, likely through either an attachment to an email or through a visit to an infected website, Conners said.

It was discovered Tuesday morning, when a county staffer tried opening some files and was instead confronted with message saying the data had been encrypted. Pay a ransom, said the message, and the data would be made usable again.

Park County computers infected with the ransomware displayed this screen.
Conners and other IT staffers immediately went from office to office, asking them to shut down all their machines before it spread further.

“At first I didn’t know what was going on; I thought I was getting arrested,” quipped County Assessor Pat Meyer of the apparent urgency.

IT staff swept each computer before rebooting them all back up. The process lasted into the night and was generally finished up by Wednesday.

Dispatchers at the Park County Law Enforcement Center were given the highest priority, but even they had to go without their computers for about five hours on Tuesday, getting their computers back around 3:30 p.m.

“Our phones and radios never went out, so we simply went back to paper and pencil for dispatching services,” explained Park County Sheriff’s Office spokesman Lance Mathess.

No emergency services were disrupted, Conners said, and “all in all, we actually turned out pretty well.”

His department’s investigation into the infection indicates it was a variant of the ransomware TeslaCrypt. The virus searches the computer it’s on — and any computers it can connect to — for files such as Word, Excel and PDF documents. It then locks them up with an effectively unbreakable layer of encryption.

This “really nasty” variant of TeslaCrypt has been created to avoid detection, Conners said.

“They even wrote the thing so it’s slow,” he said. “It doesn’t reach out and just start hammering away, they wrote it so it really slowly, methodically goes out and starts to encrypt files and it hides in all your other (computer) processes so you can’t even see (it).”

Despite being relatively slow, and only getting into a small fraction of the county’s network, the virus still managed to comb through around 67,000 different file folders and directories, Conners said. (The county’s security measures prevented the malware from actually affecting files in all of those folders.)

“It’s an intelligently written virus. And these guys are getting good at it because they’re making lots of money,” Conners said.

Criminals profit when the people or companies whose files have been encrypted pay the demanded ransom to have the files decrypted. (Authorities advise against paying up, so as not to encourage the developers.)

 “It’s an intelligently written virus. And these guys are getting good at it because they’re making lots of money,” Conners said.

While ransomware has been around for years, the FBI said in January that there’s been “a definite uptick lately in its use by cyber criminals.” The bureau has said a different version of ransomware, called CryptoWall, caused reported losses totaling more than $18 million between April 2014 and June 2015. Ransomware made national headlines earlier this month, when a Los Angeles-area hospital paid roughly $17,000 to restore access to their encrypted medical records.

Paying the demanded ransom was never a big concern for Park County, because it backs up its terabytes of data every night — and keeps back ups of the back ups, Conners said. Because the virus was caught fairly quickly, the county actually had to restore only a fairly small number of files and few files were lost, he said.

The main harm to the county was the lost time, both for IT staff and for those who had to temporarily go without their computers.

Treasurer Barb Poley said her office was put “at a standstill.”

When folks came in to renew their license plates or pay property taxes, clerks had to take their phone number and pledge to call as soon as the computers were up and running again, Poley said.

At times, “truthfully, we (were) staring at each other,” she said.

Departments generally tried to catch up on off-line projects during the lull.

County commissioners’ executive assistant, Shaunna Romero, took the opportunity to do some filing and reconsider how she does some things.

“It makes you re-think, because we are so electronic-device dependent,” she said.

0 comments:

Post a Comment

Copyright © Cody News Company | Powered by Blogger

Design by Anders Noren | Blogger Theme by NewBloggerThemes.com