Washington County, Md., Hit With Thanksgiving Day Cyber Attack

Washington County, Md., is wrestling with the effects of a cyber incident that struck on Thanksgiving and disrupted some government systems, it announced. Several services and websites remain unavailable. The county is actively investigating with the help of third-party partners.

As a result of the incident, the government is currently unable to accept taxes, water/sewer service payments and other payments, or to process or issue permits, the county said in a Nov. 27 update on its Facebook page. Those needing to make payments should contact the budget and finances department, county Public Relations and Marketing Director Danielle Weaver told Government Technology.

The emergency management department was impacted by the incident, but the county emphasized that residents can still call 911 and that county phone services remain unimpacted.

“At this time, the disruption is affecting capabilities at the Emergency Communications Center (911) but does not prevent citizens from being able to report an emergency situation … all critical public safety services are operational,” the county said in a Nov. 26 post.

Weaver said that the county is exploring solutions for services disruptions. The investigation is active, and Weaver said she could not speak to the nature of the incident or provide additional details beyond the county’s public notifications.

The county is working with “third-party subject matter specialists” to “investigate the source of this disruption, confirm its impact on our systems, and restore full functionality to county services as soon as possible,” per its statements.

The Thanksgiving timing is unlikely to be a coincidence: Holidays are a prime time for cyber attackers to strike, because perpetrators see advantages like closed offices or reduced staffing as employees spend time with friends and family, the Cybersecurity and Infrastructure Security Agency (CISA) and FBI warned last November.

“Recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends,” the federal agencies warned at the time.

The widely impactful ransomware attack against Kaseya occurred during the July 4, 2021 holiday weekend, for example.

CISA and the FBI recommend entities take various steps, including identifying IT security workers who could be called upon to help should incidents or attacks hit during weekends and holidays. They also advise adopting multifactor authentication (MFA) on all remote access and administrative accounts, avoiding password re-use, training employees to spot phishing attempts and monitoring and securing remote desktop protocol services.