By Lee White
Life is getting back to normal in Butler County government after a ransomware attack essentially shut it down for the better part of last week. Although the damage the attack caused in lost productivity, inconvenience to citizens, and to the county’s image can never be fully remedied, the attack could have been much worse had it occurred during tax season or a natural or man-made disaster.
County Administrator Will Johnson briefed commissioners on the ransomware attack during Tuesday’s meeting. Click here for the El Dorado Leader’s story. Among the revelations:
- The attack began between 2 p.m. and 3 p.m. on Saturday, September 9 and was first noticed in the 911 dispatch center.
- The county had an offsite backup, but recovery took so long because of the amount of data stored there.
- Johnson said he doesn’t know whether the ransom was paid, but county officials had instructions on breaking the ransomware’s encryption by the evening of Tuesday, September 12.
- If all data was backed up offsite, why was it necessary to crack the ransomware encryption?
- How much was the ransom and was it paid?
- Could the county have moved faster in the early stages of the attack? For example, should an emergency have been declared and county commissioners called into session prior to their regularly-scheduled meeting on Tuesday, September 12?
Indeed, there will be much Monday morning quarterbacking inside and outside county government. That is as it should be. These are, after all, the people’s computers.
It is a testament to the excellent training of 911 dispatchers that the loss of their computer-aided dispatch system apparently resulted in no injury or loss of life to citizens or emergency personnel in the field. Computer-aided dispatch systems not only record dispatchers’ notes about calls, they help the dispatcher choose which responders to send and guide them to the location of the call. To go from 2017 to 1990 in the blink of an eye is difficult and dangerous. That nobody got hurt this time should not lull the county into complacency about next time.
It is imperative that county officials look at ways to prevent a future attack from infecting these vital dispatch computers. Impartial outside consultants should be hired to look into this aspect of computer security and others.
Save for a deductible and possible premium increases, it appears as if taxpayers won’t be on the hook for the ransom paid, if any, or for the law firm that its insurer recommended hiring. This is good news.
As to the question of whether the ransom was paid, I believe it almost certainly was. The amount is in question, but messages and comments to the Watchdog Facebook page fairly consistently peg it at $30,000. It is understandable that the county wouldn’t want to acknowledge paying the ransom. That only encourages crooks to try again. Nonetheless, I don’t think most folks believe the narrative that nobody at the county knew whether the ransom was paid.
Now is a good time to take stock of one’s own cybersecurity. Even individuals can be hit with ransomware. It’s far more profitable to go after a business or government, but such attacks can and do target individuals. Using a paid or free cloud backup system (e.g. Google Drive) is a good way to make sure one can access files in the event of a ransomware attack. Using an online e-mail service such as Gmail, setting up security software to scan e-mail attachments before downloading, and never clicking on links unless one is sure they came from a reputable source are other ways to prevent an infection.
Nameless, faceless cyber criminals brought county government to a standstill and cost its insurer and taxpayers money. It could have been worse, however, and it’ll be up to county commissioners and the people who elect them to ensure that future attacks, if any, are swiftly contained by supporting common-sense upgrades to computer systems and personnel.