Gov't Staff Revert to Typewriters After Ransomware Attack
Staff of a local government in Alaska have switched to typewriters after a ransomware attack crippled their computer network. Officials are currently rebuilding the system from scratch.
The attack hit Matanuska-Susitna Borough, which covers the region just north of Anchorage. The problems began on July 24, though officials believe the malware may have been on the system for several weeks before activating.
IT staff spotted the ransomware attack thanks to antivirus software, but had to start manually removing some of the more sophisticated elements. They also reset all passwords as a security precaution. However, these responses appear to have triggered the next step (either automatically or as a response from the attackers), which started encrypting files to the point that computers stopped working.
73 Buildings Affected
The attack was particularly devastating, with around 650 computers across 73 buildings put out of action, along with the phone system used within the local government. As servers had to be taken off-line, staff have been unable to use email since the attack. (Source: bleepingcomputer.com)
Things could have been even worse. The government buildings in the area use a swipe card system on doors for security: although the data on that system has been encrypted, the cards continue to unlock the doors. The government website is still active as it's hosted elsewhere, while all payment card data from payments received by the government is stored by third party service providers.
The damage is still serious enough that officials have declared a disaster situation. That's largely a procedural point that affects insurance claims, though it could also mean accessing relief funding from the federal government. (Source: matsugov.us)
Pen And Paper Among Solutions
Staff are getting by with makeshift solutions, including retrieving typewriters from storage and either typing or handwriting transactions such as fees for government services and library loans.
Some data was recovered from ransomware attack thanks to backups, though in some cases this is up to a year old. Parts of the backups themselves were hit by the ransomware because they were not stored offline, and it appears the email archives may be completely lost.
Staff have begun completely wiping computers and rebuilding the network from scratch, though they've kept some of the encrypted data in the hope that it helps an FBI investigation.
What's Your Opinion?
Is using typewriters a creative response or a sign of how bad things went? Should the government have done a better job of keeping back-ups isolated? Should malware attacks that cause such trouble be treated in the same way to somebody causing physical damage?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
All it takes is a way in
All it takes to get infected with ransomware is to allow cyber criminals a way in, and they can take down your entire network - whether it's due to not patching your operating system regularly (which leaves security holes in the OS), or using an outdated operating system that is no longer supported (such as Windows XP and Vista and soon to be Windows 7).
One of my client's entire network was infected with ransomware because a remote access program (VNC) was enabled, which allowed incoming connections from anywhere in the world. A much better solution would have been to enable the remote access using a VPN to limit the attack vector, where only users on the VPN could access the VNC connection (instead of having the VNC connection open to the entire world). At any rate, I suspect the VNC password was cracked, which then allowed hackers full access to the entire network, where they planted multiple ransomware executables. The entire process took over a month and was not cheap to fix.
Back doors
If this sort of damage can be inflicted by ransomware, imagine what could happen if there were backdoors built in to encryption methods and the bad guys got in. All the stupid politicians crying out for the facility should take a step backwards and listen to the people who REALLY know what they're talking about!