Chatham County, N.C., is continuing to slowly rebound from a late October cyberattack that shut down most of the county’s functions and temporarily cut off public access to government services.
(TNS) — Chatham County, N.C., is slowly rebounding from a late October cyberattack that shut down most county functions and temporarily cut off public access to services.
But officials still don't know what caused the
The shutdown didn't cause any serious data breaches and didn't affect 911 communications or the county's early voting operations. The
Like other governments, the county had a plan in place in case of an emergency, Montagne said.
"What would you do if you had to go seven days without any of your technology? How would you function?" he said. "That's nice and all, and it has absolutely nothing to do with reality, because you can't fathom how difficult it is until you really are without."
The county was forced to briefly suspend some services while employees had to turn to manual workarounds and paper records until new equipment and software were in place.
The day the cyberattack hit, staff responded as soon as they learned what was happening, hiring cybersecurity experts and posting new contacts and additional information online, LaMontagne said. Management and Information Systems staff started working with local, state and federal agencies to trace the attack and repair the damage.
The priority became ensuring minimal disruptions to public safety, public health and social services, Montagne said.
Regional and state partners, from
"We were getting laptops from everywhere," Montagne said "We had people from libraries drive to other counties to get laptops to bring back to emergency management. We've had people from other departments come to help the finance department enter timesheets, now that our financial software is back up."
Work in progress
Most services, including phones, have been restored, although Montagne said they can't always respond as quickly as they would like without the efficiency of technology. But email and voicemail is still in progress. Employees will have a .gov email domain when it's done, instead of the previous .org domain.
"We haven't heard a whole lot of frustration, but there's some frustration that we're not moving as quickly on things," he said. "But we still are moving. That's our main goal, is that the public is not impacted adversely by this, because this is our problem. It's not their problem."
There is no timeline for when the systems could be fully restored, he said, but there is progress.
Staff started getting new equipment last week, after relying on WiFi hotspots and personal laptops and email accounts for the last month. Human resources and finance staff, who had to pay bills and do payroll by hand for over 550 employees, just got new financial software.
Planning and the Register of Deeds office, which briefly suspended some services, is still rebuilding its online geographic information system after turning to paper records and manual procedures. A vendor provided an off-site system so the inspections staff could keep its busy schedule.
The county beefed up its security software and bought cybersecurity insurance a few years ago, because governments are "constantly under attack," he said.
The county also learned that some of its vendor contracts cover the cost of recovery. One such contract saved them $25,000 when a computer server had to be rebuilt, he said.
"It's just a matter of staying ahead of the bad guys on the technology," he said. "We think we've done pretty good, but the one thing I'm telling all of our IT staff and all of our staff is we will come out of this stronger than we went into it."
The Ryuk malware, which is known to attack local government entities, gained access through an email attachment and spread through computer networks. It affected at least 2,000 computers and workstations and 180 servers across the city and county government networks.
"You don't know what's going to happen, but you anticipate something's going to happen, so you try to plan for it," she said. "Obviously, we couldn't have predicted a pandemic and a malware attack running together, but I think we did pretty good."
County government "services are fully functional" now and are no longer negatively affecting county business, Chief Information Officer
The city of
The FBI may still be investigating that attack, spokesman
"We don't think it was ransomware," McGee said. "We got a ransom note, but we think that was because of the publicity around it. Somebody was trying to take advantage of the situation."
(c)2020 The Herald-Sun (Durham, N.C.). Distributed by Tribune Content Agency, LLC.
Never miss a story with the daily Govtech Today Newsletter.