Fool me once, shame on you. Fool me twice…:
On the morning July 7, Alabama’s Chilton County employees notified the local IT team that their computers were running sluggish and some of the applications looked different. In an effort to shut down a suspected ransomware data breach, the county closed its doors to the public last Wednesday, July 8.
The county’s Tag Division is still closed and the online system is still deactivated because of the breach. The State of Alabama is issuing no penalties on tag renewals and purchases between March and July until at least July 31.
Chilton County Tag Division’s commission chairman, Joseph Parnell, released this statement:
“On Tuesday, July 7, 2020 Chilton County officials and their information technology team detected a Ransomware cyber incident on the County’s information system. The incident has caused a temporary disruption to the County’s computer records systems including the tag office and probate court records. Persons needing services provided by our various departments should check with the clerks in the particular department before coming to the courthouse to ensure that needed records are accessible.
The County Commission sincerely apologizes for any inconvenience this disruption may cause but it must take appropriate measures to protect the County’s information and data before restoring the computers to normal service.
This incident is being thoroughly investigated by the County’s legal counsel and technology experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins. Investigations are ongoing to understand if any specific data was targeted.
The County has contacted the relevant regulatory authorities and the data protection authorities including the Alabama Attorney General’s Office and the FBI.”
Parnell later told the Clanton Advisorthat the county does have a cyber policy in place and has hired a New York firm to assess the IT system. This situation is ongoing. According to the State of Email Security Report by Mimecast, 32% of the public sector says ransomware has impacted their operations in the past 12 months. Two to three days is the average length of downtime, with 9% of those attacked suffering from downtimes a week or longer.
Interestingly, on June 10, Florence, Alabama was also hit with a ransomware attack. After hiring a security firm to negotiate the ransom, the ask was dropped from 38 bitcoin to 30 bitcoin—or about $291,000. The ransom was paid. Whether or not to pay a ransom can be a tricky call to make.