Officials with the United States Secret Service and other agencies have been called in to assess a cyberattack on Dawson County government computer servers that reportedly occurred Monday afternoon, April 23, according to the county IT analyst Will Shattuck.
Shattuck updated county commissioners and audience members at the board’s work session Tuesday afternoon, April 24, on the potential damage and the status of the ongoing investigation.
Shattuck said the IT department was first notified around 2:30 p.m. Monday by the tax assessor’s office, which reported it was unable to save work on some of its files. Soon calls flooded in from many other departments, and once the IT department began investigating, it discovered a ransomware attack.
Ransomware is a type of malicious software that encrypts writable data, and only the attacker knows the decryption key.
“We started shutting down servers and trying to minimize the amount of damage, as it spreads very quickly, through the networks and through the different servers,” Shattuck said.
The county’s exchange server, as well as phone and internet services, were affected.
“We did work through the night to get phones and internet back up,” Shattuck said. “Some of the other servers will take longer to repair and to work through.”
On Tuesday morning the county called in a cyber security company, Carver Security Systems, which is still working to identify if the ransomware is spreading or has been contained.
Shattuck said he had been contacted by the Secret Service and that the service believes the attack is originating in the United Kingdom.
The point of entry has not yet been determined, and Shattuck could not say if any personnel data had been compromised.
The county does have a cyber insurance policy in place, but prior to Monday it did not have an emergency management plan in place for a ransomware attack.
Shattuck also said that the attack is similar to one the city of Atlanta experienced in March, which brought city services to a halt. The city has spent millions of dollars in the aftermath of the attack.
According to the U.S. Department of Homeland Security, there were more than 4,000 ransomware attacks on average that occurred daily since Jan. 1, 2016.
“This is a 300 percent increase over the approximately 1,000 attacks per day seen in 2015,” the department said in a memo.
The department advised isolating the infected computers, securing backup data, contacting law enforcement and changing passwords after removing the system from the affected network.
“Paying a ransom does not guarantee an organization will regain access to their data,” according to the department, which said some individuals or organizations were never provided with decryption keys after paying the ransom.
Some victims were targeted again, and others may get asked to pay more than the original ransom.
News reporter Nick Watson contributed to this report.