Genesee
County under attack!
-Charles
Parker, II
There
are vast numbers of municipalities of various sizes adjacent to each other
throughout each state in the nation. Each of these obviously has a computer
network, of varying sizes, in place for the day to day operations. One of these
counties, in Michigan, also recently had an interesting issue. Genesee County
has had much written about it, as the city of Flint is at the center of the
media storm. In this county, there was recently a successful ransomware attack,
unfortunately.
Attack
Ransomware
has been over the last few years been exceptionally successful as an attack.
The trend continues, as published repeatedly across many industries. One of
these was the municipal offices of Genesee County, located in Michigan. The successful
attack used one of the ransomware tools. The Genesee County Clerk stated the
county servers were shut down due to this. The ransomware followed its standard
protocol and encrypted the files. There naturally was a demand for money with
this. Once received the attackers would provide the decrypt key. The initial
forensic work indicated no files were exfiltrated, which was a good thing.
What to do?
This
was a rather significant issue for the county. There were a few options for the
county to follow, given the parameters of the attack. They could pay the fee
and hope they would provide the decrypt key. The county would also have to hope
the attackers did not leave any malware or back doors in the network. As an
alternative, they could not pay the fee and use back-ups, which would require
time and accurate and viable back-ups being in place prior to the attack. As
the third option, do nothing and hope for the best.
The
county ended up not paying the ransom. This was the safest bet as long as the
county had up to date recent back-ups, which had been tested, in place.
Fortunately for the county and their general fund, and their insurance company,
there were adequate back-ups in place. The back-ups had been done the evening
before at midnight. This indicated the data replication would be minimal. There
would still be al mass amount of time, as the back-ups needed to be used to
replace the encrypted data and files.
Affected
The
attacks can vary in depth and width across the network, depending on the network
itself and the form of ransomware. This could affect one system or the complete
set of servers. In this case, nearly all of the networks in the system were
affected. The county had signs in the window of the offices that the computer
system was down, they were using manual systems, and the computer systems had
been down for several days. The one relatively pertinent system for payroll was
not, however, affected.
Forensic Work
This
was a rather large project. The county contacted and had been working with the
Michigan State Police and the FBI for their expertise. They may have been other
third-party contractors involved.
Lessons Learned
Ransomware
is a curious tool. While very devastating, it may also be viewed as being
modular, in that the malicious tool may be adjusted according to the end result
needed. All it takes is one employee in the wrong department to click on the
wrong link. This issue did, however, show the importance of back-ups and testing
them to ensure these really are backing up. This also shows there still is the
distinct need for the employees to be trained.
Resources
Acosta,
R. (2019, April 4). Ransomware computer virus hits county network. The Flint
Journal, A1.
Ciak,
M. (2019, April 4). Genesee county hacking incident ‘more extensive than
initially thought’. Retrieved from Genesee County hacking incident
'more extensive than initially thought'
Dissent.
(2019, April 3). Genesee county’s email system not functional after ransomware
attack. Retrieved from https://www.databreaches.net/genesee-countys-email-system-not-funcitonal-after-ransomware-hack/
Olenick,
D. (2019, April 5). Genesee county ransomware attack more severe than
originally thought. Retrieved from Genesee County ransomware attack
more severe than originally thought | SC Media
Pierret,
A. (2019, April 3). Genesee county’s email system not functional after
ransomware attack. Retrieved from Genesee County's email system not
functional after ransomware hack
Winant,
D. (2019, April 4). Servers in genesee county were hacked. Retrieved from https://www.wnem.com/news/breaking-servers-hacked-in-gen-co/
No comments:
Post a Comment