There are vast numbers of municipalities of various sizes adjacent to each other throughout each state in the nation. Each of these obviously has a computer network, of varying sizes, in place for the day to day operations. One of these counties, in Michigan, also recently had an interesting issue. Genesee County has had much written about it, as the city of Flint is at the center of the media storm. In this county, there was recently a successful ransomware attack, unfortunately.
Ransomware has been over the last few years been exceptionally successful as an attack. The trend continues, as published repeatedly across many industries. One of these was the municipal offices of Genesee County, located in Michigan. The successful attack used one of the ransomware tools. The Genesee County Clerk stated the county servers were shut down due to this. The ransomware followed its standard protocol and encrypted the files. There naturally was a demand for money with this. Once received the attackers would provide the decrypt key. The initial forensic work indicated no files were exfiltrated, which was a good thing.
What to do?
This was a rather significant issue for the county. There were a few options for the county to follow, given the parameters of the attack. They could pay the fee and hope they would provide the decrypt key. The county would also have to hope the attackers did not leave any malware or back doors in the network. As an alternative, they could not pay the fee and use back-ups, which would require time and accurate and viable back-ups being in place prior to the attack. As the third option, do nothing and hope for the best.
The county ended up not paying the ransom. This was the safest bet as long as the county had up to date recent back-ups, which had been tested, in place. Fortunately for the county and their general fund, and their insurance company, there were adequate back-ups in place. The back-ups had been done the evening before at midnight. This indicated the data replication would be minimal. There would still be al mass amount of time, as the back-ups needed to be used to replace the encrypted data and files.
The attacks can vary in depth and width across the network, depending on the network itself and the form of ransomware. This could affect one system or the complete set of servers. In this case, nearly all of the networks in the system were affected. The county had signs in the window of the offices that the computer system was down, they were using manual systems, and the computer systems had been down for several days. The one relatively pertinent system for payroll was not, however, affected.
This was a rather large project. The county contacted and had been working with the Michigan State Police and the FBI for their expertise. They may have been other third-party contractors involved.
Ransomware is a curious tool. While very devastating, it may also be viewed as being modular, in that the malicious tool may be adjusted according to the end result needed. All it takes is one employee in the wrong department to click on the wrong link. This issue did, however, show the importance of back-ups and testing them to ensure these really are backing up. This also shows there still is the distinct need for the employees to be trained.
Acosta, R. (2019, April 4). Ransomware computer virus hits county network. The Flint Journal, A1.
Ciak, M. (2019, April 4). Genesee county hacking incident ‘more extensive than initially thought’. Retrieved from Genesee County hacking incident 'more extensive than initially thought'
Dissent. (2019, April 3). Genesee county’s email system not functional after ransomware attack. Retrieved from https://www.databreaches.net/genesee-countys-email-system-not-funcitonal-after-ransomware-hack/
Olenick, D. (2019, April 5). Genesee county ransomware attack more severe than originally thought. Retrieved from Genesee County ransomware attack more severe than originally thought | SC Media
Pierret, A. (2019, April 3). Genesee county’s email system not functional after ransomware attack. Retrieved from Genesee County's email system not functional after ransomware hack
Winant, D. (2019, April 4). Servers in genesee county were hacked. Retrieved from https://www.wnem.com/news/breaking-servers-hacked-in-gen-co/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!