« "Ind. Courts - More on: "ACLU, Planned Parenthood Challenge New Ultrasound Requirements" [Corrected] | Main | Ind. Courts - "Planned Parenthood fights 18-hour ultrasound rule" »

Wednesday, November 09, 2016

Ind. Gov't. - More on "Hackers seize Madison County government servers, demand ransom"

An update on this worrysome story from Nov. 7th.

The heading to the Nov. 9th critical commentary at NetworkWorld: "Ransomware hammers Madison County, Indiana: Madison County Commissioners unanimously agreed to pay the ransom>" Some quotes from the comprehensive report:

[T]here are conflicting reports about the details of the ransomware attack. For example, after the attack reportedly occurred on Friday Nov. 4, locking the county out from accessing records, Fox59 asked Madison County IT Director Lisa Cannon, how could this happen “to an entire county’s computer system?” In return, “Cannon explained that the IT department took all the security measures they could have, but hackers found a way in.”

Wouldn’t taking all the security measures possible have included having offline backups, or at least some backups? Cannon told TheHeraldBulletin, “We’re in the process of adding a backup system.” Unfortunately, that’s too little too late.

Employee awareness might also need a bit of work; or perhaps it was simply sound advice when an Indiana State Police spokesman advised people that it is “critical to back up pictures, files, records - everything either in the cloud or a on a hard drive. Also, avoid clicking on any links you're not familiar with.”

Cannon claimed, “County officials are confident that no personal information from local residents was compromised.” However, she also added, “We’re checking to determine if any information was harvested through the attack.”

There was no mention of the ransomware variant that hit the county. Several articles reference a specific quote on Fox59 that is no longer a part of the article. That missing quote was allegedly a statement by Madison County Sheriff Scott Mellinger: “There are so many unknowns here because even the investigators that had a lot of experience in this area are telling us they have not dealt with this specific virus before.”

Umm, that is doubtful but not impossible. However, now the article quotes Sheriff Mellinger as saying, “They are calling this a very significant event and that means whoever is behind it absolutely knows what they are doing and it is going to be extremely difficult for us to gain access of our servers on our own.”

Additionally, there have been only vague references to the ransom amount demanded. WTHR claimed the ransom was “thousands of dollars.” Cannon refused to reveal the actual amount, but told Fox59 that it was a “large sum.” Yet Madison County Commissioner John Richwin claimed the ransom “was for an amount less than most county residents would have anticipated.”

According to StateScoop, during an emergency meeting on Saturday, county commissioners were told “they had seven days to pay the ransom. Commissioners unanimously agreed to pay the ransom.”

Madison County was covered by Travelers Insurance, which will reimburse a portion of the cost, less the county’s deductible. * * *

As for the county commissioners meeting and voting to pay the ransom on Saturday, did paying the ransom work? As of Monday, it was reported that Madison County was not expected to be up and running until today. StateScoop said earlier today that “services are still being brought online.”

This long story today from the Washington Times-Herald includes:
ANDERSON — On the advice of their insurance company Madison County officials are moving forward to pay the ransom demands by a unknown group that attacked the county’s computer system.

Madison County was hit by a ransomware attack over the weekend that prevented access to county records.

The malware attack has not affected the election where the voting registration records are maintained on a separate computer server.

County officials are hoping the problem will be resolved by Wednesday once the encryption code is received from the hackers.

“We’re following the directions of our insurance carrier,” Madison County Commissioner John Richwine said Monday.

The amount of the ransom is not being provided by the commissioners, but Travelers Insurance, the county’s insurance carrier, will reimburse a portion of the cost, less the county’s deductible.

If you read the whole story, you will see why NetworkWorld raised concerns.

Posted by Marcia Oddi on November 9, 2016 04:12 PM
Posted to Indiana Government