Grand Traverse County, Mich., Feds, Experts Probe Cyber Attack
(TNS) — A day after a ransomware attack hit Grand Traverse County systems, both city and county officials said essential services are fully operational.
Meanwhile, in the county’s third-floor incident command center, information technology staff rushed to repair the damage with help from the FBI, Michigan State Police and third-party software experts.
“We got this,” said County Administrator Nate Alger. “We know what has to happen to get us back up to full speed.”
Asked for a date or time when the network would be restored, Alger said: “We don’t know that yet. (IT Director) Cliff DuPuy is working nonstop. This is his entire life right now.”
As of Thursday afternoon, county government phone systems were still not working normally, although city government phones seemed to be operable. Residents are encouraged to use e-mail to communicate with county departments and delay in-person payments at this time.
The computer-aided dispatch system used by the central dispatch center (also known as Grand Traverse 911) went offline on Wednesday, disabling the normal data feeds to mobile data units mounted in most patrol cars.
For the time being, the dispatch center is communicating with first responders via radio — and via cellphone, if necessary.
While calls to 911 still function normally, the central dispatch center did establish a new non-emergency number while the outage is ongoing. That number is: (231) 480-0024.
Ambulance services in the area said they also were relying on radios to communicate with the dispatch center with no significant delays noticed so far.
Township officials said their operations were little affected by the county network outage, except in a few specific areas, such as building permits, a service that may require an in-person trip to the governmental center at this time.
“Our systems are not really connected to the county directly, so we’re operating normally,” said Ron Lemcool, Long Lake Township supervisor. “Of course, this incident is a reminder for everyone, our staff included, to take security measures very seriously. You never know when it’s going to hit.”
NO RANSOM PAID
Ransomware is a type of harmful software that attacks computers and networks, often spread by fraudulent email messages. Typically, the malware encrypts files or “data points” on the network so they can’t be accessed for normal operations. Hackers then demand a ransom payment to unlock those encrypted files.
In other cases, cyber criminals download massive amounts of data from a target organization, then threaten to sell it or post it on the dark web unless a ransom is paid. Alger said Wednesday that he is “fairly certain” that no county data has been shared so far.
Wednesday’s ransomware attack started about 6:06 a.m. when county IT staff noticed “irregularities” in certain computer systems, including at the central 911 dispatch center.
After a flurry of calls and meetings early Wednesday, county officials decided to shut down the main network that supports both county and city operations to prevent further spread of malicious code.
All staff were instructed to shut down desktop PCs and other county-owned devices so they could be scanned for malware later in the day.
Alger confirmed late Wednesday that a “small percentage” of county devices had been affected by the attack.
County officials emphasized Thursday that no specific ransom demands were downloaded from files or e-mails, and that no ransom has been paid. All data related to the attack, including any relevant e-mail, fax or phone communications, have been forwarded to the FBI for analysis.
Both the county and city have cyber crime insurance policies. Local officials are now working with the Michigan Municipal Risk Management Agency to assess the situation.
FIGHTING BACK
Making ransomware payments isn’t illegal in most parts of the United States. However, cybersecurity experts and law enforcement agencies strongly discourage organizations from doing so.
Florida, North Carolina and Pennsylvania have enacted laws that prohibit state agencies from paying ransomware hackers, according to a 2023 study by Aon. Several other states — Arizona, New Jersey, New York and Texas — have similar bills under consideration.
Michigan amended its penal code in 2018 to outlaw the use of ransomware, but does not currently prohibit ransomware payments, according to legislative records obtained by the Record-Eagle.
Unfortunately, ransomware attacks are increasingly common in the United States — thousands occur each day, according to the FBI, but many are unsuccessful at extracting money from victims.
Over the last six years, Grand Traverse County also has invested thousands of dollars to upgrade its cybersecurity systems, including a $56,000 software package purchased last fall that helped prevent a sophisticated “spear-fishing” email attack in early April.
One part of the county’s infrastructure is a third-party service that stores critical data and customer records in a secure off-site, cloud-based server. That service may help defeat a critical part of the ransomware menace: the use of file encryption to lock up and deny access to organizational data.
After the county scans all devices — and repairs the infected devices — it could then replenish its databases and servers using the “clean” files from the off-site backed-up system, officials said.
Exactly how the latest ransomware code entered the county’s computer network is not known.
NATIONAL TASK FORCE
To respond to the current attack, Grand Traverse County is working with the FBI’s National Cyber Investigative Joint Task Force, which consists of more than 30 co-located government agencies spanning the gamut from law enforcement to international intelligence agencies.
The FBI operates a rapid-response “cyber action team” that deploys within hours to locations across the country. The agency also has cyber crime squads at 56 field offices around the nation.
Incidents reported to the FBI’s Internet Crime Complaint Center (IC3) are often routed to the agency’s Recovery Asset Team, which has “assisted in freezing hundreds of thousands of dollars for victims of cyber crime,” according to FBI documents.
But many Michigan institutions have fallen prey to cyber criminals in recent years.
Ascension healthcare, which operates 15 hospitals in Michigan, was hit by a ransomware attack last month. The attack impacted many critical aspects of its operation, including pharmacies and patient records.
Executives at Ascension did not publicize any ransom demands, nor did they say they’d be willing to pay such demands. Instead, the organization is taking time to rebuild its computer network and restore records.
On Memorial Day 2020, hackers used ransomware to attack the Michigan State University Department of Physics and Astronomy. After working with state and federal law enforcement agencies, MSU ultimately decided not to pay the ransom. Instead, it invested heavily in updating its information security infrastructure.
County board Chair Rob Hentschel, who monitors cyber crime activity, said the county commission will re-visit the existing security measures at an upcoming meeting in response to the current ransomware attack.
A special meeting of the Grand Traverse County board is scheduled for Wednesday, June 26, in the Governmental Center at 400 Boardman Ave. in downtown Traverse City.
©2024 The Record-Eagle, Distributed by Tribune Content Agency, LLC.