Business Continuity Management / Disaster Recovery
Critical Infrastructure Security
Bernalillo County Officials Working With Security Vendors to Restore Systems
Stay tuned for updates on this developing story.
See Also: Preparing CISOs for Emerging Email Threats in 2022 and Beyond: Featuring Gartner® Analyst and Fox
The government buildings in Bernalillo County, New Mexico, were closed after the county’s IT systems reportedly suffered a ransomware attack on Wednesday. County officials say all affected systems were taken offline and servers were isolated following the attack.
While technical details around the incident remain scarce, officials estimate that the systems were disrupted between the hours of midnight and 5:30 a.m. on Wednesday, according to a statement issued by Bernalillo County.
County staff are working remotely as systems are restored, officials say. Critical services, including emergency response units, continue to operate, they say.
The county says it is working with third-party vendors to restore its systems to full operation as soon as possible. At this time, staff do not have access to public databases, which complicates the process of assisting residents.
Bernalillo County is the largest county in New Mexico, with nearly 700,000 residents in surrounding cities, including Albuquerque.
Replying to an inquiry from Information Security Media Group on Thursday, a county spokesperson declined to provide further details or updates on the investigation.
Details of the Attack
Authorities and security teams involved with the investigation have not yet publicly described the malware strain or attributed the crime to a particular ransomware gang. With operations still reportedly down, it remains unclear when Bernalillo County’s network will be fully restored.
County officials say law enforcement agencies are still responding to 911 calls, and the sheriff’s office and fire and rescue units are responding to calls with limited resources.
In the wake of the attack, the county’s Metropolitan Detention Center, while still able to process inmates, has canceled visitation. Its planning and development department, also affected, is currently accepting permit applications through a public drop box.
County spokesman Tom Thorpe told local media outlet KOB-4, an affiliate of Hubbard Broadcasting Co., that no ransom demands had been received, to his knowledge. It is unknown whether the county has cyber insurance or whether it provides specific training to staff on phishing or other cybersecurity concerns.
In a statement to local news outlet KOAT Action News 7, the FBI’s Albuquerque Division said that it was aware of the incident and while it could not confirm or deny an investigation was taking place, it was “customary” to offer assistance on matters related to such crimes.
Ransomware as a Service, or RaaS, continues to be a growing threat in the public sector, with ransomware gangs concentrating efforts on vulnerable networks connected to schools, smaller municipalities, and county governments worldwide (see: The Ransomware Files, Episode I: The School District).
Bernalillo County is far from the only U.S. county to fall victim to a crypto-locking attack.
In September, for instance, Pottawatomie County, Kansas, was the victim of a ransomware attack that resulted in its computer networks staying dark for two weeks. Officials reportedly paid a ransom – and had cyber insurance.
Ransomware operators are known to disband and then reemerge and as of the end of the year, four variants – LockBit, Conti, BlackMatter, and Hive – accounted for more than 50% of current ransomware attacks. New operators also continue to emerge.
Garret Grajek, CEO of security firm YouAttest, says that “no company, county, or organization” remain off-limits for hackers, who will continue to automatically scan for known vulnerabilities to enter a network.
With growing threats surrounding ransomware, the Biden administration, the U.S. Cybersecurity and Infrastructure Security Agency and other federal agencies have placed an emphasis on combating ransomware – particularly those incidents targeting 16 sectors of critical infrastructure (see: Senators Seek Clarity on DHS, DOT Cybersecurity Efforts).