Madison County servers for the city/county have been infected with ransom-ware and officials cannot access records.
Statements have indicated voter information is not at risk as this information is held on a separate system.
Police/fire/emergency services are all still operational, however they are having to do things the old fashioned way.
From the Herald Bulletin:
ANDERSON — The Madison County Commissioners met in emergency session Saturday afternoon to discuss paying a ransom after a ransomware attack on county government computers.
Ransomware is a type of malicious software designed to block access to a computer system and files until a sum of money is paid. The program encrypts files, thus allowing anyone without an encryption code from accessing them.
Though many county systems were locked out as a result of the attack, voting records and ballots are held on a separate system and were unaffected, said Lisa Cannon, director of technology at the Madison County Government Center.
The Madison County 911 system is also still in operation.
It does not appear any personal or payment information was released as a result of the attack, Cannon said, though the investigation is ongoing and the full implications of the hack will remain unknown until the information is unencrypted, either through defeating the malicious program or through payment of the ransom.
"We have no confirmation that any information was taken – there is no need to panic," Commissioner Steffanie Owens said at the emergency meeting.
The Indiana State Police are investigating the attack.
In a unanimous vote, the commissioners authorized paying the ransom; however, they hope to find ways to fight the attack instead of paying. They were given a deadline and a dollar amount, but the commissioners and State Police disclosed neither.
"By no way does this mean to pay this (ransom) today," Madison County Commissioner John Richwine said. "We are trying to do our best to not impact business."
Cannon was informed of the attack at 10:30 p.m. Friday and said her team informed both ISP and the FBI.
"We are still trying to identify the strain of the cryptovirus and that will let us know if other people have been affected with it and whether they paid the ransom and got their files back," she said.
Madison County does have cyber attack insurance, Richwine said, which should cover some or all of any ransom payment, if that were to happen. The commissioners and the insurance company are in talks on how best to handle the situation.
Neither the FBI nor ISP recommends paying a ransom, though many victims find paying up to be the only way to recover valuable files.
Joseph Myers, Indiana State Police detective with the cybercrimes unit, said this is the first time his department has been involved with a ransomware attack on this level of government.
"This is kind of a problem in the world we live in," he said Saturday. "These folks (the commissioners) have to be right 100 percent of the time; the bad guys only have to be right once."
Ransomware attacks are on the rise across the country, with a recent international study of 540 companies by the antivirus software company Malwarebytes showing 39 percent of organizations had been the victim of a ransomware attack. Of those, 40 percent opted to pay the ransom.
According to FBI statistics, hackers extracted $209 million in ransom payments in the first three months of 2016.
Sounds like something out of a sci-fi novel.
Wow....that is something. But, when we go computer, this is what we risk.
I wonder when Washington congressmen are going to make it a federal crime to hack plus hold computers for ransom or any other illegal use. I think the first thing is to establish a 20 year sentence with no parole and all property of that criminal person, business or corporation confinsated. :rant: The arm of the Secret Service would run the program and all methods used to catch them and prosecute them. :rant: I think at this time the FBI :007: is too crooked to run such a investigation. :angry: :mad: :mad: :mad:
I hope they had a good backup. That's about the only reliable defense against ransom-ware.
I would think and hope they would run some kind of virus scan on that. If not they need to invest in one.
Ransom-ware isn't a virus.
Quote from: Locutus on November 06, 2016, 01:00:22 PM
Ransom-ware isn't a virus.
l
Okay, the ransom ware I was thinking of was or I am thinking of something else.
You're thinking of something else. Ransom-ware isn't a virus of any sort.
Quote from: Locutus on November 06, 2016, 01:51:02 PM
You're thinking of something else. Ransom-ware isn't a virus of any sort.
Okay
Quote from: The Troll on November 06, 2016, 11:31:45 AM
I wonder when Washington congressmen are going to make it a federal crime to hack plus hold computers for ransom or any other illegal use. I think the first thing is to establish a 20 year sentence with no parole and all property of that criminal person, business or corporation confinsated. :rant: The arm of the Secret Service would run the program and all methods used to catch them and prosecute them. :rant: I think at this time the FBI :007: is too crooked to run such a investigation. :angry: :mad: :mad: :mad:
It is a federal offense already. They just haven't got real good at tracking them down until lately. Still it is a labyrinth of ISP's, IP's, routers, etc. that they must navigate in order to find the perps. . . :mad:
Quote from: Locutus on November 06, 2016, 12:02:33 PM
I hope they had a good backup. That's about the only reliable defense against ransom-ware.
Hope so too, but I highly doubt it. . .
Most corporations have an off site backup system of some type, but I highly doubt Madison County had the money to pay for it if they even looked at it.
They're pretty fucked then unless they ante up the money...payable in bitcoins. :wink:
Quote from: Locutus on November 06, 2016, 03:15:46 PM
They're pretty fucked then unless they ante up the money...payable in bitcoins. :wink:
:yes:
And I'm betting there will be another utility rate increase to pay for the insurance rate increase too. :rolleyes:
What most people don't know is that this type of ransomware is publicly available for download on the dark web. People write it, and then launch it into the public domain so that any old common criminal can use it without even remotely possessing the coding skills to craft it.
I heard that a lot of times they don't release anything even after the ransom is paid and you're out the money and the files.
Quote from: me on November 06, 2016, 07:31:57 PM
I heard that a lot of times they don't release anything even after the ransom is paid and you're out the money and the files.
I suspect that is exactly what will happen if they pay the ransom in this case. :yes:
Quote from: me on November 06, 2016, 07:31:57 PM
I heard that a lot of times they don't release anything even after the ransom is paid and you're out the money and the files.
That's absolutely true. It's part of the ugly underbelly of the Internet.
Wonder if I'll have to go up there to pay my utility bill, I usually pay online. Gonna give it a try either later tonight or tomorrow but if I have to go up and pay it I guess I will. I'd rather do that than buy stamps.....
Paid my utility bill just fine so it must not have affected the web site. Now whether it gets credited properly is another thing. :yes:
Quote from: me on November 07, 2016, 12:11:25 PM
Paid my utility bill just fine so it must not have affected the web site. Now whether it gets credited properly is another thing. :yes:
Umm yeah. . . They don't have access to the online system. In fact all computers are shut off at the utility office. My guess is you just paid the software which they cannot access; and may have paid the kidnappers!
They were handing out written receipts today. . .
Their external websites are probably hosted on the servers of other service providers and not stored on the servers with the ransomware. That's probably why your payment was processed.
Quote from: Palehorse on November 07, 2016, 05:09:20 PM
Umm yeah. . . They don't have access to the online system. In fact all computers are shut off at the utility office. My guess is you just paid the software which they cannot access; and may have paid the kidnappers!
They were handing out written receipts today. . .
As long as I have my reciept that shows I paid it I'm good and I did print it out.
Quote from: me on November 07, 2016, 05:33:35 PM
As long as I have my reciept that shows I paid it I'm good and I did print it out.
You better hope so.
My money is on a double bill next cycle and a shut off notification to boot! :spooked:
Quote from: Palehorse on November 07, 2016, 05:37:49 PM
You better hope so.
My money is on a double bill next cycle and a shut off notification to boot! :spooked:
Wow, that's unreal. Is your meter in a place where you can easily read it yourself?
Quote from: me on November 07, 2016, 05:39:20 PM
Wow, that's unreal. Is your meter in a place where you can easily read it yourself?
Yep. And I will do so. . .
Next months cycle will probably all be estimated bills too. Watch. . . Probably won't go back to the automated system until after the new year.
Quote from: Palehorse on November 07, 2016, 05:44:14 PM
Yep. And I will do so. . .
Next months cycle will probably all be estimated bills too. Watch. . . Probably won't go back to the automated system until after the new year.
It's been a few years since I've had any problems with them and learned to read my own meter when I had an experience similar to yours before they went to the automated read. Fortunately I came out the victor and didn't have to pay the high bill, wasn't as high as yours but still high, but I've kept my eye on things since.
Having seen some interviews about this on different news channels, I'll lay money you won't get all the facts about this from local .gov under any circumstances.
It certainly appeared the spokesperson was trying to BS her way through without committing any information.
What was she saying about it?
Looks like they decided to pay the ransom. I hope that works out for them, because there's really no guarantee the data will be unscrambled even after the ransom is paid.
It also appears that they didn't have a backup. ;D
http://www.heraldbulletin.com/news/local_news/county-to-pay-ransom-in-computer-system-hacking-case/article_0a4497a8-a516-11e6-8455-2b7f0dd5bd9a.html
That's some of it there.
She was saying the insurance company was forcing them to pay the ransom.
She was avoiding talking about backups. Can't have the public knowing they're not doing their due diligence in protecting and safekeeping important records, now can we? :rolleyes:
Maybe Pariann can head over there and offer her services. ;D
Sounds like they could use her.
:biggrin:
Oh but they couldn't have a local showing them up for their incompetence!
Well I hope the encryption key works for them. Like I said before, there's no real guarantee that it will. Then they'll really be up shit creek without a paddle.
It's long been my opinion that they need several redundant systems to safeguard those important records - up to and including paper records.
Well if I were on the county commission, I'd be looking for that IT director's head on a platter. :yes:
LOL! Ya' think? :biggrin:
Trouble is in this incestuous county it's prolly some bigwig's relation.
Quote from: Y on November 08, 2016, 12:46:36 PM
LOL! Ya' think? :biggrin:
Trouble is in this incestuous county it's prolly some bigwig's relation.
Until after the election and if the current mayor loses, then the next mayor will choose his relations.
:rolleyes:
The mayoral election happened last May, nitwit.
Thomas Broderick Jr. was elected to a four year term, and the next mayoral election won't be until 2020.
Besides, we're talking about Madison Co. government so the Anderson mayor doesn't have anything to do with it.
Quote from: Y on November 08, 2016, 02:07:31 PM
:rolleyes:
The mayoral election happened last May, nitwit.
Thomas Broderick Jr. was elected to a four year term, and the next mayoral election won't be until 2020.
Besides, we're talking about Madison Co. government so the Anderson mayor doesn't have anything to do with it.
Hey Tubby.....I was using an example of how those in government switch after elections not THIS election. And it happens in Anderson as much as Madison County.
You sure are full of yourself which given how little you have to offer is kinda sad.
Went by the utility office this evening after hours, and saw several desktops and error messages were all over them. . . :spooked:
Quote from: Palehorse on November 08, 2016, 07:04:29 PM
Went by the utility office this evening after hours, and saw several desktops and error messages were all over them. . . :spooked:
Wonderful.
I hope that paying the ransom works. There's really no guarantee.
The best defense against this sort of thing is a robust backup strategy. They obviously didn't have that.
Quote from: Locutus on November 08, 2016, 07:26:04 PM
I hope that paying the ransom works. There's really no guarantee.
The best defense against this sort of thing is a robust backup strategy. They obviously didn't have that.
I would say in all likelyhood there will be no key given and the money will just be gone.
Well there are different approaches to this problem. Typically, the folks who are holding the data hostage will cough up the key. If they get a reputation as not providing the key once the ransom is paid, they won't be able to successfully extort money going forward.
Obviously no guarantees though.
Any update on this story? Are the servers back and operational?
Quote from: Locutus on November 09, 2016, 08:45:17 PM
Any update on this story? Are the servers back and operational?
No updates today. Pushed to the back burner, way back burner, by the election caterwauling. :mad:
Found this:
ANDERSON – Madison County officials are in the process of removing the ransomware attack from the county's computer servers after payment of a ransom to the hackers.
Lisa Cannon, director of the IT Department, said Wednesday that the county has obtained the keys to remove the encryption from the servers so that officials can have access to data.
She said her staff is working on taxes and billing and public safety.
"It's a slow process," Cannon said. "There are a lot of variables involved."
Informed county sources, who didn't want to be named, indicated the ransom paid by Madison County was $28,000. It was paid on the advice of the county's insurance carrier, Travelers Insurance.
Cannon informed the Madison County Council at Wednesday's meeting that she will be spending money that is not in her budget over the next month.
"It has been a devastating last few days," she said. "We can't do without any longer."
Cannon said the council eliminated six positions in the department in 2012 and reduced the budget by 56 percent.
"We can't be expected to operate as large as General Motors on a gas station budget," she said. "We need help and it's going to take funds."
Cannon said it will cost the county $17,500 to bring in a support company to bring the two largest computer servers back online and to make best practices recommendations.
"This is a drastic situation and we need a council that will support us, so we can serve the employees so they can serve the public," she said.
One of the options being considered is to store the county's computer data off-site to protect the county from future attacks.
Cannon said the ransomware attack affected 600 personal computers and up to 75 servers.
"We can't wait to take action," she said. "We have to have bodies and finances. We can't operate the IT Department on a shoestring budget."
Council President Fred Reese asked Cannon to bring a plan to the council at the December meeting.
Indiana State Police Capt. Dave Bursten said the investigation is ongoing.
"Investigations of this nature are complicated, are rarely solved, and typically involve criminal actors from foreign countries," he said.
Bursten said the best defense to malware attacks is daily backups to segregated backup sources or to third party backup vendors not on the same system. He said internal backups that are not segregated offer no protection to ransomware attacks
Concerning the payment of a ransom, Bursten said ISP concentrates on the criminal aspect of the investigation and makes no recommendation related to the payment or non-payment of ransom.
"Decisions to pay or not pay a ransom are business decisions," he said.
Ransomware is a type of malicious software that prevents access to computers by its rightful users through file encryption until a specified amount of money is paid.
I'm glad to know they at least got the keys.
Did they ever get things restored?
Quote from: Locutus on November 14, 2016, 06:14:55 PM
Did they ever get things restored?
Unknown. They coughed up 20k to get the key(s) though.
That's a lot of money. Most of the time, at least in instances I've seen, it's only been a few hundred dollars.
Last I heard on the television news is that they paid 30k ransom. Also, obviously, the rumor about Jeff Hardin tracking them down and arresting them was NOT true.
LOL!!
Who is Jeff Hardin?
A Madison County Commissioner - he was running for re-election - and former APD officer and MCSD deputy.
He's also a somewhat noted bluegrass musician.
Well those ransomware people are usually international, use TOR for masking their IPs, and are paid in bitcoins. It would be very difficult for some local yokel LEO to track them down. ;D
Of course it is, but that's how rumors go in this podunk town. It wouldn't surprise me if that rumor wasn't started to sway an election. :wink:
At least the FBI wasn't involved in this rumor. :biggrin:
Quote from: Y on November 18, 2016, 12:18:05 PM
Last I heard on the television news is that they paid 30k ransom. Also, obviously, the rumor about Jeff Hardin tracking them down and arresting them was NOT true.
Actually, the amount I hear they actually paid was 28k. . . And my source is a city council-member. . .
Quote from: Y on November 18, 2016, 12:18:05 PM
Last I heard on the television news is that they paid 30k ransom. Also, obviously, the rumor about Jeff Hardin tracking them down and arresting them was NOT true.
I didn't think so but it was, after all, his daughter who posted that.... :wink:
http://www.wthr.com/article/central-indiana-county-restoring-hacked-computer-system (http://www.wthr.com/article/central-indiana-county-restoring-hacked-computer-system)
Apparently they are STILL working on restoring the systems despite having the keys and paying the ransom for them.
Quote from: Palehorse on November 27, 2016, 03:05:20 PM
http://www.wthr.com/article/central-indiana-county-restoring-hacked-computer-system (http://www.wthr.com/article/central-indiana-county-restoring-hacked-computer-system)
Apparently they are STILL working on restoring the systems despite having the keys and paying the ransom for them.
And the costs keep mounting over this incident, with an article in todays paper Indicating that the town has spent $200k thus far over it; and they still aren't back to normal yet! :mad:
Quote from: Palehorse on December 06, 2016, 06:51:18 PM
And the costs keep mounting over this incident, with an article in todays paper Indicating that the town has spent $200k thus far over it; and they still aren't back to normal yet! :mad:
Where are the excess dollars outside of the dollars spent on the ransom going?
Quote from: Locutus on December 06, 2016, 06:56:10 PM
Where are the excess dollars outside of the dollars spent on the ransom going?
I don't really know. I assume for OT for techs to try to recover files and software or programs to eliminate a repeat?
I cannot read the story because the fish wrap wants me to pay for a subscription to read it. And I won't pay for the hard copy so why would I pay for an electronic copy? :rolleyes:
ANDERSON, Ind. (AP) - A computer hack demanding a ransom is ending up costing Madison County nearly $200,000.
The (Anderson) Herald Bulletin reports that commissioners on Tuesday approved contracts providing for off-site data storage, firewall protection and a backup court system. County officials say those three contracts is $198,180. That's in addition to a $21,000 ransom paid to obtain encryption keys and get control of the county computers from the hackers.
Lisa Cannon, director of the IT Department, said the ransomware attack affected 600 personal computers and up to 75 servers. Workers spent weeks restoring the central Indiana county's government computer system after the Nov. 4 hack. They had to restore links between the computer software and county files that were broken.
I'm surprised the commissioners didn't come after the IT director's head. It doesn't sound like they had even basic backup systems in place prior to the attack.
Quote from: Locutus on December 07, 2016, 02:54:00 PM
I'm surprised the commissioners didn't come after the IT director's head. It doesn't sound like they had even basic backup systems in place prior to the attack.
In Madison County, that IT guy was someone's father, son, uncle, brother....it's grossly corrupt in this county.
Well that's probably why they survived the debacle. ;D
Quote from: Locutus on December 07, 2016, 04:36:24 PM
Well that's probably why they survived the debacle. ;D
;D :yes: ;)
Quote from: Locutus on December 07, 2016, 02:54:00 PM
I'm surprised the commissioners didn't come after the IT director's head. It doesn't sound like they had even basic backup systems in place prior to the attack.
Oh they had back up alright. Internal servers were used and those were held ransom along with everything else they broke the links to.
Fact is this county has not budgeted for external backup in the annual budget because it is too busy trying to figure out how to keep their respective pet projects funded and still give themselves a raise with a dwindling tax base.
That is likely why the IT Director kept her job. I'd bet she was squalling over the risk it represented for as long as she has been in the position, and it fell on deaf ears. They fire her she'll just let the media know all about it and watch the feds take them to court over her unjust separation. (Costing even more tax dollars).
They're going to hike the trash fees again to pay for it. And maybe the sewer charges as well. . . :mad:
Quote from: Palehorse on December 07, 2016, 02:22:29 PM
Lisa Cannon, director of the IT Department
Yeah, here's the IT director. :rolleyes:
http://www.heraldbulletin.com/news/local_news/county-council-member-charged-with-owi/article_4b737893-e7d5-56a8-9386-ad00e8ffbf1d.html
County Council member charged with OWI
By Ken de la Bastide
The Herald Bulletin Aug 11, 2014 Phillips-Cannon, 48, of Anderson was arrested by the Alexandria Police Department on Sunday morning on charges of operating while intoxicated endangering another person and operating a vehicle while intoxicated. She was released from the Madison County Detention Center 13 hours later after posting a $5,000 bond.
Phillips-Cannon, a Republican, was elected to an at-large position on the Madison County Council in 2012.
Phillips-Cannon was arrested by the Madison County Sheriff's Department in March 2010 on a misdemeanor charge of operating a vehicle while intoxicated.
Madison County Prosecutor Rodney Cummings said Phillips-Cannon went through a deferral program. He said she went through a treatment program in lieu of a criminal charge.
He said the most current arrest is considered her first offense.
Phillips-Cannon has worked for Madison County since 1987, first in the Madison County assessor's office and currently as the network administrator for the county's technology department.And the last I heard on the news is that Madison County tried to hide the fact of the payment(s).
Quote from: Y on January 20, 2017, 02:24:18 PM
Yeah, here's the IT director. :rolleyes:
http://www.heraldbulletin.com/news/local_news/county-council-member-charged-with-owi/article_4b737893-e7d5-56a8-9386-ad00e8ffbf1d.html
County Council member charged with OWI
By Ken de la Bastide
The Herald Bulletin Aug 11, 2014
Phillips-Cannon, 48, of Anderson was arrested by the Alexandria Police Department on Sunday morning on charges of operating while intoxicated endangering another person and operating a vehicle while intoxicated. She was released from the Madison County Detention Center 13 hours later after posting a $5,000 bond.
Phillips-Cannon, a Republican, was elected to an at-large position on the Madison County Council in 2012.
Phillips-Cannon was arrested by the Madison County Sheriff's Department in March 2010 on a misdemeanor charge of operating a vehicle while intoxicated.
Madison County Prosecutor Rodney Cummings said Phillips-Cannon went through a deferral program. He said she went through a treatment program in lieu of a criminal charge.
He said the most current arrest is considered her first offense.
Phillips-Cannon has worked for Madison County since 1987, first in the Madison County assessor's office and currently as the network administrator for the county's technology department.
And the last I heard on the news is that Madison County tried to hide the fact of the payment(s).
Well, well,well. . . :rolleyes:
Yup, and notice she's a Repug and was an elected county official at the time, and was allowed a deferral on her first charge so that her last charge was 'considered a first offense' from a Repug prosecutor.
I haven't been able to track it down, but there was a local member of the so-called 'Tennessee Mafia' - one Cal Cannon - who was in the 'amusement' business (locals know what that implies - gambling), and I've wondered if there are matrimonial ties.
Some interesting reading involving Cal and son Larry and many others:
http://law.justia.com/cases/indiana/court-of-appeals/1993/27a04-9112-cv-412-7.html
Holy hell. . . :spooked:
That's the type of corruption we've repeatedly dealt with around here.
Quote from: Y on January 20, 2017, 04:53:10 PM
That's the type of corruption we've repeatedly dealt with around here.
And continue to. . . :mad: