MiTCON serves 85 non-profit organizations and small businesses with 800 computers in the Midland area. It is a wholly-owned subsidiary of the Midland Business Alliance.
On Monday, Midland Police Department Community Relations Officer Brennon Warren told the Daily News that the cyberattack was reported to the police on Thursday. The investigation is in its "infancy stages."
Warren said the perpetrator of the ransomware attack did not demand a specific amount of money. Once the MiTCON network is restored to full operation, the organization will turn over the relevant data that investigators need for the ransomware investigation.
The investigation will take a long time, Warren said.
"It will be a very complex situation," he said. "We have only so many resources. The extent of this (case) is pretty large."
Warren said this is the first ransomware case that has been reported to the Midland Police Department at least since the beginning of 2022.
Investigators don't know what general areas the hackers are located and probably won't know "for quite some time."
Warren said if charges are filed in the case, they would be for fraud and computer hacking/invasion and would be felony charges.
Midland Business Alliance President and CEO Tony Stamas told the Daily News that he expects phone and Internet service to be restored to all MiTCON partners by Monday night. Service had been restored for most partners as of 2 p.m. Monday.
"The email server will take more time to mediate and restore to ensure it is safe to use," Stamas added. "Those with Office 365 have access to their email now."
Stamas also emailed the following statement to the Daily News early Monday afternoon:
" MiTCON, an IT service provider primarily serving nonprofit organizations in the Great Lakes Bay Region that is a wholly owned subsidiary of the Midland Business Alliance, was the victim of a ransomware attack on Oct. 20. This affected its clients' internet and email services as well as phone lines. The MiTCON team quickly contained the threat and has been working diligently to bring back services for its clients.
"At this point, there has been no determination that client records or the personal information of their clients/patrons has been compromised, but the investigation is ongoing. Anyone concerned about their data should closely monitor their financial information and notify their bank/credit card company of any suspicious activity."
The following message was posted on the MiTCON Facebook page on Thursday, which read in part:
" MITCON's servers received malware/ransomware attacks this morning. Our software detected and quarantined two of the attempted threats; unfortunately one virus got through the system. MITCON staff is working diligently with our software vendor, Malwarebytes, to extract and eradicate the current and any future threats. We are investigating the attack and its implications.
Fortunately, we have a complete back-up of data from our centers as of Wednesday night, before the attack occurred.
Here's what we recommend our customers do immediately:
1. If you have been approached or messaged regarding paying a ransom — please do not pay.
2. As a precautionary measure, we are instructing all clients to power down and disconnect equipment from the network until we are sure all systems are clear."
One of MiTCON's many partners, The Legacy Center for Community Success, had Internet access restored but still no phone or email access as of Monday morning, Legacy Center President & CEO Kathryn Tate told the Daily News.
"We are incredibly grateful for MiTCON. They have been working all weekend (to restore lines of communication)," Tate said.
Since The Legacy Center is in the gradual process of moving to a new building in Midland, Tate said the non-profit has been using the time of interrupted communications to work on the moving process.
"This is one of those things that happens sometimes. We just pivot," Tate said.
© 2022 the Midland Daily News (Midland, Mich.). Distributed by Tribune Content Agency, LLC.