A cyber attack on the government computer system in George County, Miss., is a “cautionary tale” for all other small town and rural government agencies, a county official said this week.
The attacks began, unknown to officials until after the fact, last Friday, when numerous “test attacks” on the county’s systems began, according to Communications Director Ken Flanagan.
Saturday, what IT professionals labeled a “brute force attack” began on all entry points into the county’s system. At some point Sunday, an employee received an email and clicked on an enclosed link.
“The email itself was extremely professional looking,” Flanagan said. “It looked like a legitimate ‘time to update your system’ email. It was spot on with graphics, color schemes, font, the whole bit.”
Once the ransomware entered the county system, it made it’s way up what Flanagan described as the “administrative food chain” until it gained access to one of the county’s three servers.
“Once it was inside the server, it was game over,” he said.
The hackers demanded payment to remove the software encryption, with payment in the form of cryptocurrency. Flanagan said Homeland Security investigators have told them to not disclose the amount, but Flanagan did say it was a “noteworthy amount.”
“Our board of supervisors were against (paying) just on principle,” he said, “but once we found the amount, it ended all discussion.”
Flanagan said they and investigators believe the hackers thought George County was a much larger government entity, based on the amount they were seeking, rather than the rural county of less than 25,000 residents.
George County supervisors declared a local emergency (not be to confused with a state of emergency), which allowed them to immediately contract with IT professionals rather than go through the normal state-required bidding process.
“It we’d have had to go get three quotes and go through that whole process, it’d have been a disaster,” Flanagan said.
As it was, the entire county system was shut down for more than two days, with officials at one point having to refresh themselves on how to do the proper accounting to issue handwritten, paper checks for payroll, which was due Friday.
By Wednesday, however, they had “turned a corner,” according to Flanagan, with one of the three servers restored and another partially restored by Thursday.
According to Verizon’s Data Breach Investigations Report, ransomware comprises 24% of all security breaches. In 2020, nearly 2,500 governments, healthcare facilities and schools in the U.S. were affected by ransomware.
Earlier this year, Jefferson County schools were victims of a ransomware attack, with Alabama officials saying such attacks on schools were on the rise.
Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told The Washington Post local governments are often viewed by hackers as having inadequate security systems.
“Most ransomware attacks are spray-and-pay in nature, and those hit are the ones with the weakest systems,” Callow said. “Local governments seem to have the weakest systems.”
Flanagan said Homeland Security and FBI investigators said there have been similar attacks on healthcare systems and school districts in this area.
The investigators have also said the perpetrators are a “foreign entity,” but as yet have not fully identified them.
“This is a cautionary tale to every county, municipality, school district, everyone out there, you have to remind your employees to be so diligent on these emails that come in,” Flanagan said. “
“No matter how good (emails) look, they need to double and triple check to ensure the legitimacy before they click on any link.”
Flanagan noted all of the county’s tax and payroll data is stored on an internal network which cannot be accessed from outside. In addition, no residents were affected, he said.