After suffering a cyberattack that compromised as many as 70 servers Feb. 16, county commissioners and IT leaders are struggling to return to normal.
(TNS) — THOMASVILLE, N.C. — Davidson County agencies are still suffering the after effects of a Feb. 16 cyber attack that shut down county networks, crippling operations of multiple government agencies.
Davidson County Commissioners held an emergency meeting Friday to determine the extent of the damage, as well as the best methods to recover from it. During the meeting invocation Steve Jarvis prayed for help to navigate the current challenges, as well as retribution for the individuals who brought it down on the county’s agencies.
In addition to the county commissioners, the meeting was attended by representatives of Davidson County agencies including law enforcement, emergency services, health department, and even senior services who struggled to operate throughout the day without access to county internet, email and telephone shut down.
Davidson County Chief Information Officer Joel Hartley described a timeline in which officials were contacted around 2 a.m. Friday asking for an undisclosed amount of bitcoin, a cyber currency, in order to obtain access to their systems. Using a ransomware known as Samas, hackers were able to encrypt the county’s systems in a method similar to the cyber attack that shut down Mecklenburg County’s systems in December 2017.
As soon as IT staff reported in Friday morning they discovered the scope of the compromise that affected 70 servers, plus an undisclosed number of desktops and laptops.
County Manager Zeb Hanner said he had been in contact with Internet consultants from Mecklenburg County, which did not opt to pay the ransom demanded.
Hartley told commissioners that manually cleaning devices has proven to be time-consuming.
“We have a good number of the desktops that are going to have to be cleaned and re-deployed, re-built from scratch,” Hartley said. “It takes us on average about four hours, from start to finish, to establish a working machine.”
“Would it be possible to have a mirror software that would make a quicker recovery possible?” asked Commissioner Steve Jarvis.
“Still you have got to get the machine configured for our environment,” Hartley replied. “That is what takes the most time.”
Commissioner Steve Shell instructed Hartley, who had seven staff working to resolve the issue, to give priority to emergency services.
“What kind of manpower do we need,” asked Commissioner Todd Yates,“'Cause it sounds like you got a tough job ahead of you.”
Offers for assistance came in from Lexington City and Rowan County.
According to Commissioner Fred McClure offers for help were also extended by the North Carolina Association of County Commissioners.
Hanner assured commissioners no data was released or taken for the purposes of identity theft. He added that he did not believe someone deliberately targeted Davidson County. He believes that cyber hackers broadcast emails with malicious attachment packages over the Internet which someone inadvertently opened, triggering the download of the encryption ransomware.
Commissioner Don Truell wanted assurance that a similar issue would not happen in the future, a promise Hartley was not able to give.
“We have tools in place to help prevent this stuff,” Hartley said. “Our greatest risk is these phishing emails that come in. Even with all the education that we do, still there is, with this incident here, evidence that it happens."
Davidson County has insurance that covers cyber attacks. According to Hanner the insurers have agreed to pay the ransom or pay for restoring county networks and devices.
Hartley told the commissioners unless the county’s technology is decrypted with the tools from the ransomware each server and device will have to be de-bugged individually - a process that would take weeks, if not months.
Said Hanner, “We are in full battle mode.”
©2018 The High Point Enterprise (High Point, N.C.) Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.