The ransomware attack shut down the county's Internet and access to some computer systems Aug. 7, and has forced many departments to subsequently operate on a limited basis. The county's phone lines were also down for a few days.
Ransomware is a broad term that applies to malicious software cyber criminals develop and then introduce into computer systems with the goal of extorting money, said Brian Gergens, assistant professor of cybersecurity and programming at the College of Southern Idaho.
"Once installed in your computer, ransomware's goal is to extract a ransom," Gergens said. "It encrypts your data and says if you want access again, pay us some kind of money."
Usually the hackers ask for payment in Bitcoin or some other type of cryptocurrency, which allows for anonymous transactions. The amount the cyber criminals demand ranges depending on who the target is, Gergens said.
While criminals used to primarily target individuals with ransomware, they now mostly attack companies, governments, schools and other larger institutions, Gergens said. And the threat of these attacks is growing.
According to Comparitech, a technology research website, 246 ransomware attacks were carried out on government agencies of various levels from 2018 through 2020 resulting in an estimated $18.9 billion in downtime and recovery costs.
County Commissioner Jack Johnson declined to say how much the hackers are demanding in ransom, due to the ongoing investigation. However, Johnson said the county is confident it'll be able to recover all of its data from backup virtual servers without having to negotiate with the cyber criminals.
"We're in the process of trying to restore everything and get it up and running," Johnson said. "It's just going to be a long process."
The county's offices are slowly coming back online, Johnson said. The county is prioritizing certain departments to restore first, such as the prosecutor, public defender and sheriff's office.
Eric Wildman, administrative judge for the state's Fifth Judicial District, issued an order Tuesday returning court operations in the county to normal. This follows an order the judge issued the previous week that limited court operations due to the county's network issues.
While the county hasn't identified the source of the ransomware, Gergens said 90% of the time these sorts of attacks are the result of phishing. This is when cyber criminals pretending to be a reputable source send emails with links containing malicious software to people within an organization.
"Someone may get an email from somebody claiming to be their boss, that says download this document and view it, but it's not a document," Gergens said.
These attacks are often fairly sophisticated and hard to prevent, Gergens said. But people can take some precautions, such as calling whomever supposedly sent the email to double check its authenticity before clicking on any links.
Additionally, while the cyber criminals can attach a reputable person's name to an email address, the email address itself is harder to fake. The address will usually contain clues that the email isn't coming from somebody within a particular company or organization.
Companies, organizations and people can also protect themselves with some sort of antivirus software, which Johnson said the county had installed.
But this doesn't guarantee malicious software won't infect a computer. Gergens said the cyber criminals behind these sorts of ransomware attacks are often part of almost businesslike enterprises that employ developers to create malicious software that can evade antivirus software.
Twin Falls County isn't the first government agency in Idaho to deal with this sort of problem. According to Comparitech's analysis, agencies in Ada and Madison counties and the city of Post Falls were hit with ransomware attacks between 2018 and 2020.
In addition to government agencies, private companies have been the target of ransomware attacks throughout the country. A ransomware attack earlier this year in the southeastern U.S. shut down the Colonial Pipeline leading to widespread fuel shortages in the area.
Amid the growing threat of ransomware attacks, Gov. Brad Little earlier this month established a cybersecurity task force charged with providing recommendations on how to better protect businesses, governments and people in Idaho. The task force is compromised of representatives from Idaho universities, cybersecurity experts in the private sector and government officials.
"Cyber attacks are now ubiquitous in modern society. Without the proper procedures and infrastructure in place, all Idaho citizens, businesses, and organizations are potentially at risk," said Tom Kealey, Idaho Department of Commerce director and task force co-chair, in an Aug. 5 press release. "Through collaboration and partnership...Idaho has the opportunity to advance cybersecurity initiatives and innovations to defend against these critical global threats."
©2021 The Times-News, Distributed by Tribune Content Agency, LLC.
