Key Employee System Restored as Recovery Continues
Published on June 14, 2022
Over the Easter holiday weekend, the Unified Government detected a cybersecurity attack during routine maintenance of its systems. As previously shared, federal, state and local authorities were notified, and the situation immediately escalated to stop the spread of the attack and contain any damage.
“Due to the professional, fast, and tireless response of our team,” said Director of Technology Services Kevin Bibbs, “we were able to quickly identify the ransomware, isolate it by shutting down any impacted servers, and immediately begin an investigation to assess our systems and data.”
The Unified Government has confirmed that the attack was ransomware, which is one of the most prevalent types of cybersecurity attack. It is a malicious software that gains access to files or systems and blocks user access. Once encrypted, the files can then be held hostage until payment or ransom is paid. According to Governing Magazine, more than 70 percent of all ransomware attacks in the United States target state and local government. The average ransomware payment in the first half of 2021, according to security training company KnowBe4, was $570,000, while the average ransom amount demanded by cybercriminals was $5.3 million.
Unified Government did not pay any ransom as most services are supported by software as a service and cloud-based applications and all servers are routinely backed up. Several state and local services provided by the Unified Government were temporarily impacted when servers were shut down to ensure the incident remained isolated. Paying ransom does not necessarily mean that the Unified Government would have received access to all encrypted data.
Since then, the Department of Technology Services (DOTS) has been actively assessing and recovering any encrypted data from back-up. Last week, an internal service, the Employee Self-Service portal, was restored and most departments are now fully operational. The technology team continues to work to restore specific file access, and is focused on preventing the next attack. “We must continue to work to ensure our systems and data are secure and that we minimize risk wherever possible,” said Mr. Bibbs.
Following an investigation by both Microsoft and Sophos, the Unified Government will continue its effort to harden its systems, leverage more secure cloud-based solutions, advance end-point user protection, and implement a comprehensive training program for staff for our overall cybersecurity. “With technology playing a key role in our customer service and efficiency,” said Interim County Administration Cheryl Harrison-Lee, “understanding our vulnerabilities and supporting our staff is a top priority as a 21st century organization. We are committed to rethinking how our staff receive training and continue to implement best practices to ensure any future attacks are dealt with as swiftly and effectively as this most recent incident.”
The latest cybersecurity updates can be found on our website wycokck.org.