IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Ransomware Attack Strikes Systems in Traverse City, Mich.

A ransomware attack early Wednesday led to the shutdown of the main information network used by the Grand Traverse County and Traverse City governments. Dozens of departments were affected.

Traverse City, MI
(TNS) — A ransomware attack early Wednesday morning led to the shutdown of the main information network used by Grand Traverse County and Traverse City government. Dozens of departments were affected.

County information technology staff noticed "network irregularities" at 6:06 a.m. After consulting with county and city leaders, they decided to shut down the main network used by dozens of departments for routine operations. The county's IT department provides networking and related services to both county and city governments.

"Out of an abundance of caution, we opted to shut off our main network," said county administrator Nate Alger. "First and foremost, I want the public to know that our critical services are still in place and operational."

Essential services, such as law enforcement and firefighting, continued throughout the outage by using radios for communications.

However, the computer-aided dispatch system run by the county's emergency management division was out of service throughout the day, which affected the vehicle-mounted data devices found in many patrol vehicles.

To supplement radio communications, the county set up mobile "hot spot" devices at various locations to provide reliable Wi-Fi service to those working in the field.

The county also established a command center on the third floor of the Governmental Center to coordinate the response.

"At 2 p.m., we met with city and county staff, as well as our liability provider and some (IT) specialists who help municipalities in cases like this," Alger said. "As a result of that discussion, and its impact on the network, we fully believe this is a ransomware incident."

In support of in-house IT staff, county officials are working directly with the Michigan State Police, FBI and the Michigan Municipal Risk Management Agency, as well as third-party specialists.

Both the county and city have insurance for cyberattacks.

Every computer and electronic device that connects to the government's servers is being scanned for malware before they will be reconnected to restore full functionality.

"We are seeing that a small percentage of scanned devices have been impacted," Alger said.

As a precautionary effort, county and city networks will be offline until further notice, officials said in a statement late Wednesday afternoon.

As far as a timeline for restoring the network, Alger said there is no exact schedule, but that the additional assistance will "help us get back in order as soon as possible."

Close cooperation between the city and county is helping immensely, said Traverse City Manager Elizabeth Vogel. "When I got up this morning and heard about the outage, I was prepared for the worst. Now I'm very reassured by the way our two governments are working together. It's seamless."


Many county and city departments were impacted by the outage in one way or another.

For example, phone calls to most county offices, including the county clerk, health department and county treasurer's office, did not go through Wednesday and, instead, gave callers a busy signal or a generic "not accepting calls" message. Voicemail services were down as well.

To help minimize service disruptions, officials urged local residents to use email for communicating to county staff during the outage. The county email system is based on software from Google, which was not affected. The city uses a Microsoft Outlook system for email.

Both the county and city websites remained up on Wednesday, although some database-related features may have been affected by the network outage.

Grand Traverse County maintains thousands of personal and business records — data that is necessary for delivering routine government services throughout the year. These range from marriage licenses and death documentation to criminal data and property deeds.

On Wednesday Alger said, "We are fairly certain that no customer information has been shared."

Many county records are available to the public via the county website. But state and federal laws restrict, and local regulations limit, the sharing of some data.

There's no evidence of a data breach involving personal records, Alger said.

For example, the justice system adheres to the "Michigan Access Security Matrix" to restrict access to non-public and limited-access court records. These can include data about adoption, community mental health treatment, firearms and personal protection orders.

Even accessing less sensitive information, such as building permit data, often requires a Freedom of Information Act request.


The county fended off a data breach attempt by cybercriminals in early April.

"We've known all along that it's not a matter of 'if' but 'when,' " Alger said.

That so-called "spear phishing" attempt, which also involved a malicious email, was blocked by software designed to protect the hundreds of PCs, servers and mobile devices used by the county's 500-plus employees.

The security software kicked in before the malware could damage county computers or disrupt operations, according to Cliff DuPuy, the county's director of information technology.

That software marks incoming email messages in a certain way to alert users that it may contain malicious content. It also strips away URLs (website addresses) that may be suspicious or harmful.

Over the last several years, Grand Traverse County has invested thousands of dollars in cybersecurity, including a service that stores critical data and customer records in a secure off-site, cloud-based server. That strategy helps defeat one critical part of the ransomware menace: the use of file encryption to lock up and deny access to organizational data.

After the county scans all devices — and repairs the infected devices — it could then replenish its databases and servers using the "clean" files from the off-site backed-up system, officials said.

Exactly how the latest ransomware code entered the county's computer network is not known.

County board Chair Rob Hentschel, a self-described "computer geek," said it may be a week or more before the entry point is determined.

© 2024 The Record-Eagle (Traverse City, Mich.). Distributed by Tribune Content Agency, LLC.