Yuba County systems were recently targeted by a cyberattack that forced IT staff to isolate affected computers to stop the malware. Officials say critical systems had backups and were successfully recovered.
(TNS) — Yuba County was recently the subject of a ransomware cyberattack, which infected some of the county computer systems with malware, according to county spokesperson Russ Brown.
The malware encrypted the affected systems and the attacker demanded payment from the county in order to obtain a decryption key. The county did not make any payment to the attacker, according to Brown.
"The county took immediate steps to isolate any computers that were impacted, while also working to maintain services to our residents," Brown said in an email. "Most critical servers had recoverable backups that the county used to recover those servers and services."
The county engaged a cybersecurity firm and began investigating the incident. Since the attack, staff has kept services available for residents by working directly with state agencies and using resources offered by other counties.
"The county continues to work to bring all systems and services back to full operation," Brown said. "At this time, most county-provided computer services have been restored, and the remainder will be restored soon."
With so many more people and businesses working from home, the threat of cyberattacks like the one Yuba County suffered is increased.
Chayney Pascua is with information technology and computer services company Adept Solutions based in Yuba City. She said ransomware has become a lucrative business for cybercriminals. Unpatched security updates provide hackers an open door into one's system.
"I would say we have seen an increase in email scams," said Steven Claus of Adept's technical services team. "As users are relying more on email to convey things and are less likely to meet in person or run into each other in the halls, malicious attackers are using this to impersonate or inject themselves into conversations."
Christopher Lewis with IT service company Alliant Networking Services, Inc. said there's been an increase in ransomware attacks in recent years that has been accelerated by the pandemic. In the area Alliant services, there have been a number of recent attacks on small businesses, a medical group and a local government agency, according to Lewis.
"As businesses had to quickly prepare their traditional office staff to working from home, shortcuts were inevitably taken," Lewis said in an email. "This is not to say that ransomware would not be a problem without the transition to working from home, however, it did give attackers a new vector into business networks."
Pascua said people are the weakest links in most hacks through phishing.
"Social engineering threats manipulate users with the ultimate purpose of getting them to disclose confidential information and exposing internal data," Pascua said in an email.
Other threats include passwords being obtained through phishing and vendors and contractors causing significant breaches. Lewis said the riskiest scenario for a business is having an employee use a personal computer for business-related activities.
Some suggestions from Adept and Alliant for businesses include providing company devices, having a strong firewall with active monitoring, outsource to computer network security specialists, implement a remote work policy, implement an acceptable use policy, keep work data separate from employee's personal data, create reporting procedures for when a breach happens, keep files and applications cloud based and use additional backups, require system security awareness training, and limit privileges to need-to-know access.
"When talking about protecting business continuity as it is related to computer and network functionality, it must be broken down into two parts: How to protect yourself from being compromised and how to recover after being compromised," Lewis said.
When it comes to what individuals can do, the experts said password protect and enable automatic screen lock on all devices, keep systems updated with most recent security updates, install security applications, use an encrypted email and use encryption on hard drives, use strong passwords and password managers, enable multi-factor authentication, be diligent in confirming emails are from who they are, and increase communication and collaboration through programs like Microsoft Teams, OneDrive and Sharepoint.
"The most common misconception I witness is businesses' not valuing IT and just view it as a cost," Lewis said. "...When focusing on just getting everything working, you overlook the fact that computers and their functions are constantly evolving, which also means that attackers are also evolving."
Lewis said other misconceptions include that small businesses don't need to worry as much as large companies and having anti-virus software is good enough.
"The security of your organization's IT infrastructure is a team effort," Lewis said. "While IT may be the ones putting systems in place and safeguarding the network, the end user needs to feel a sense of responsibility over their computer habits."
©2021 the Appeal-Democrat, Distributed by Tribune Content Agency, LLC.
Never miss a story with the daily Govtech Today Newsletter.