The county's IT department thwarted what could've been a major disaster -- finding and eliminating the malware before it spread.
(TNS) -- Reno County, Kan., Information Technology staff was able to isolate a ransomware virus that infected a courthouse computer last week before it got into the county’s network system.
IT Director Mike Mathews played down the work done by his staff, but county commissioners praised the department’s ability to isolate and eliminate the potentially devastating computer virus.
Staff discovered the “cryptowall” virus on a desktop computer of a court employee last Wednesday after it triggered and locked the employee out of the employee's hard drive.
Officials believe the computer picked up the virus while the employee was doing research on a website.
“There’s no way to pin down exactly how it occurred,” Mathews said. “But a common way to get this virus is visiting a website.”
The computer would not allow the user to do anything – except follow a link to PayPal to pay an undisclosed ransom to unlock the computer.
They did not determine the ransom amount, because that is only disclosed if you follow the link, said County Administrator Gary Meagher. The virus was traced back to Russia.
The computer was linked to the county’s network, but the employee was not on the network at the time. Staff removed the computer’s hard drive to be destroyed, a new hard drive was installed and the computer’s data restored to the point of its previous data save. In all, it took about three hours of IT staff time, Mathews said.
“The user had some files on the server, but it did not affect the server,” Mathews said. “We took some actions to keep it from spreading, and we also have security measures in place that don’t allow users to have full access to the whole network. We feel like we’re doing the best we can to prevent these things, and we’re always researching too. … It was all part of the job.”
©2015 The Hutchinson News (Hutchinson, Kan.) Distributed by Tribune Content Agency, LLC.