Madison County Servers - HELD RANSOM

[Palehorse]

Madison County servers for the city/county have been infected with ransom-ware and officials cannot access records.

Statements have indicated voter information is not at risk as this information is held on a separate system.

Police/fire/emergency services are all still operational, however they are having to do things the old fashioned way.


From the Herald Bulletin:

ANDERSON — The Madison County Commissioners met in emergency session Saturday afternoon to discuss paying a ransom after a ransomware attack on county government computers.

Ransomware is a type of malicious software designed to block access to a computer system and files until a sum of money is paid. The program encrypts files, thus allowing anyone without an encryption code from accessing them.

Though many county systems were locked out as a result of the attack, voting records and ballots are held on a separate system and were unaffected, said Lisa Cannon, director of technology at the Madison County Government Center.

The Madison County 911 system is also still in operation.

It does not appear any personal or payment information was released as a result of the attack, Cannon said, though the investigation is ongoing and the full implications of the hack will remain unknown until the information is unencrypted, either through defeating the malicious program or through payment of the ransom.

"We have no confirmation that any information was taken – there is no need to panic," Commissioner Steffanie Owens said at the emergency meeting.

The Indiana State Police are investigating the attack.

In a unanimous vote, the commissioners authorized paying the ransom; however, they hope to find ways to fight the attack instead of paying. They were given a deadline and a dollar amount, but the commissioners and State Police disclosed neither.

"By no way does this mean to pay this (ransom) today," Madison County Commissioner John Richwine said. "We are trying to do our best to not impact business."

Cannon was informed of the attack at 10:30 p.m. Friday and said her team informed both ISP and the FBI.

"We are still trying to identify the strain of the cryptovirus and that will let us know if other people have been affected with it and whether they paid the ransom and got their files back," she said.

Madison County does have cyber attack insurance, Richwine said, which should cover some or all of any ransom payment, if that were to happen. The commissioners and the insurance company are in talks on how best to handle the situation.

Neither the FBI nor ISP recommends paying a ransom, though many victims find paying up to be the only way to recover valuable files.

Joseph Myers, Indiana State Police detective with the cybercrimes unit, said this is the first time his department has been involved with a ransomware attack on this level of government.

"This is kind of a problem in the world we live in," he said Saturday. "These folks (the commissioners) have to be right 100 percent of the time; the bad guys only have to be right once."

Ransomware attacks are on the rise across the country, with a recent international study of 540 companies by the antivirus software company Malwarebytes showing 39 percent of organizations had been the victim of a ransomware attack. Of those, 40 percent opted to pay the ransom.

According to FBI statistics, hackers extracted $209 million in ransom payments in the first three months of 2016.

[parkerdivine]

Sounds like something out of a sci-fi novel.

Wow....that is something. But, when we go computer, this is what we risk. 

[The Troll]

  I wonder when Washington congressmen are going to make it a federal crime to hack plus hold computers for ransom or any other illegal use.  I think the first thing is to establish a 20 year sentence with no parole and all property of that criminal person, business or corporation confinsated.     The arm of the Secret Service would run the program and all methods used to catch them and prosecute them.     I think at this time the FBI is too crooked to run such a investigation.   

[Locutus]

I hope they had a good backup.  That's about the only reliable defense against ransom-ware. 

[Purplelady1040]

I would think and hope they would run some kind of virus scan on that. If not they need to invest in one.

[Locutus]

Ransom-ware isn't a virus. 

[Purplelady1040]

Ransom-ware isn't a virus.

l
Okay, the ransom  ware I was thinking of was or I am thinking of something else.

[Locutus]

You're thinking of something else.  Ransom-ware isn't a virus of any sort. 

[Purplelady1040]

You're thinking of something else.  Ransom-ware isn't a virus of any sort.

Okay

[Palehorse]

  I wonder when Washington congressmen are going to make it a federal crime to hack plus hold computers for ransom or any other illegal use.  I think the first thing is to establish a 20 year sentence with no parole and all property of that criminal person, business or corporation confinsated.     The arm of the Secret Service would run the program and all methods used to catch them and prosecute them.     I think at this time the FBI is too crooked to run such a investigation.   

It is a federal offense already. They just haven't got real good at tracking them down until lately. Still it is a labyrinth of ISP's, IP's, routers, etc. that they must navigate in order to find the perps. . . 

[Palehorse]

I hope they had a good backup.  That's about the only reliable defense against ransom-ware.

Hope so too, but I highly doubt it. . .

Most corporations have an off site backup system of some type, but I highly doubt Madison County had the money to pay for it if they even looked at it.

[Locutus]

They're pretty fucked then unless they ante up the money...payable in bitcoins. 

[Palehorse]

They're pretty fucked then unless they ante up the money...payable in bitcoins. 

 

And I'm betting there will be another utility rate increase to pay for the insurance rate increase too. 

[Locutus]

What most people don't know is that this type of ransomware is publicly available for download on the dark web.  People write it, and then launch it into the public domain so that any old common criminal can use it without even remotely possessing the coding skills to craft it. 

[me]

I heard that a lot of times they don't release anything even after the ransom is paid and you're out the money and the files.