IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Indiana County Suffers Service-Crippling Ransomware Attack

Lake County, Ind., was hit by a cyberattack that forced email service and several internal applications to go offline last week. Systems administrators first noticed problems on some county computers Thursday afternoon.

(TNS) — Lake County has been hit with a cyberattack that forced the shutdown of email service and several internal applications throughout county government, officials said Friday.

The breach came in the form of ransomware, a type of malicious software that denies access to computer systems until a ransom is paid to the attacker.

As of Thursday afternoon, the county's IT staff was installing cybersecurity software on 3,000 individual employee laptops, Mark Pearman, director of county's information technology office, said. They are also working through installing cybersecurity to clear the ransomware on 40 county servers.

"We are making progress," Pearman said. "We are going slow because we don't want to miss anything that could cause problems in the future or re-infect the system."

He said there has been no evidence of date theft from county servers and communications, calling the attack a "lock out." It will be an all-weekend project to restore all systems and more information will be known by Monday.

Systems administrators first noticed the ransomware on some county computers Thursday afternoon. To prevent the virus from spreading, IT staff began taking encrypted and unencrypted servers off the network “out of an abundance of caution,” he said.

The IT department is working with Crowdstrike, the county’s cybersecurity contractor, to conduct a damage assessment, which involves scanning all county servers and roughly 3,000 computers to determine which have been corrupted.

“Our main effort right now is to mitigate the issue,” Pearman told The Times, adding that a preliminary investigation indicates the ransomware was hidden on county systems earlier this month and “sat there until now.”

Pearman said in his 45 years of working with Lake County, nothing like this has ever happened. However, the reality is that more and more instances of ransomware attacks are becoming more common.

"It's becoming more prevalent," Pearman said. "More counties and cities having been dealing with this issue."

The attack against Lake County computers comes about a month after LaPorte County suffered a similar breach. In that case, LaPorte paid a ransom of $132,000 worth of Bitcoin to the attackers to restore access to their affected systems.

Lake County maintains insurance coverage against various cybercontingencies, according Commissioner Mike Repay, D-Hammond. Repay said the Board of Commissioners has not decided if it will end up paying whoever launched the attack, because the ransomware only included a "request for communication" and the county has yet to respond.

As of Friday afternoon Pearman said no dollar amount had been requested and the county has not answered the cyberattackers' request for communication.

Meanwhile, email service on the county domain remains suspended, meaning messages cannot be sent from or received by addresses ending in lakecountyin.org, according to Pearman. County employees still have internet access and have been asked to conduct business using their personal emails, if necessary.

Lake County’s critical public safety agencies appear to have been spared from the ransomware attack. Systems at Lake County 911 and the Sheriff’s Department remain online, so “law enforcement was not affected,” Pearman said.

At this time, Crowdstrike is still investigating the source of the attack. He said because the FBI was involved in the LaPorte cyberattack, it is likely they will also be involved in this investigation down the road. Any leading information Crowdstrike finds will be passed to law enforcement agencies.

"All ransomware attack motives are always for money and sadly that's the word we live in," Pearman said. "We can only do what we have to in order to prevent it. Still, there's no 100 percent guarantee to prevent such attacks from happening."

©2019 The Times (Munster, Ind.). Distributed by Tribune Content Agency, LLC.



Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.