Washington County OKs cybersecurity upgrades, apparent ransom payment | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The Washington County commissioners called an emergency meeting Tuesday to approve $400,000 for wide-ranging digital security upgrades to the county’s computer systems along with an apparent ransom payment to the hackers who launched last month’s cyberattack that crippled government services and the courthouse.

The motion authorized Digital Mint of Chicago to “provide digital security consulting services and to take the steps necessary to restore the County’s computer network and authorize expenditures for incident response, settlement, attorneys fees and to address (and) implement cyber security issues within the County.”

The commissioners also voted to retain Sylint, LLC of Sarasota, Fla., to “conduct a thorough analysis of the County’s computer network and present a plan to implement a broader modernization of cyber security within the County, that would include the installation of hardware, software, etc., needed to protect and preserve critical information maintained by the County.”

All expenditures will be paid using federal American Rescue Plan Act money and are not to exceed $400,000 without further approval by the county commissioners. Commissioners Nick Sherman and Electra Janis approved the motion while Commissioner Larry Maggi voted against it.

The exact figure of the ransom payment is not known, but it is believed to be more than $200,000. County officials declined to comment on whether a ransom payment was included within the motion.

The county was struck with a cyberattack last month that locked down multiple systems. County officials said that “suspicious activity” was initially detected Jan. 19, but did not know it was a “ransomware attack” until Jan. 24, prompting them to shut down the county’s computer systems. That caused numerous problems and obstacles for county and courthouse workers as they tried to serve the public. A third-party cybersecurity consultant and agents with the U.S. Department of Homeland security have been working to restore services.

“The purpose of today’s County Commissioners Emergency Meeting was to inform the public of the essential facts concerning the recent ransomware attack on the County’s computer network,” Sherman said in a written statement released immediately after the meeting concluded. “There have been numerous questions raised and County residents have expressed concern and fears surrounding the disruption of County services and the operations of our Court system.”

Maggi said he voted against the motion because he was concerned about how it was prepared and whether it will ultimately unlock any of the problems created by the cyberattack.

“As a former law enforcement officer with over 30 years experience who was given limited information in a short time – there are no guarantees that our systems will work again – I just couldn’t in good conscience pay taxpayer dollars in this way,” Maggi said. “Due to the nature and sensitivity of this investigation, that’s about all we can say at this point.”

The last-minute scheduling of the meeting is raising questions about the county’s adherence to the state’s Sunshine Law, which requires public notice about meetings and agenda items that will be considered for approval. There are some exceptions, however, which allow for an emergency meeting without notice “for the purpose of dealing with a real or potential emergency involving a clear and present danger to life or property.”

But it’s unclear why an emergency meeting was needed, considering county officials have publicly known about the cyberattack for at least two weeks and have been working to restore services. The Observer-Reporter newspaper was notified just minutes before the meeting began, meaning a reporter was unable to be dispatched in time to attend. There were no messages posted on the county’s official Facebook page announcing the meeting, and the proceeding was not broadcast online as is typical with county meetings.

That could be problematic for the commissioners and the validity of their motion if someone from the public decides to file a Sunshine Law violation through a complaint in Washington County Court of Common Pleas. Melissa Melewsky, an attorney with the Pennsylvania NewsMedia Association, said public officials must be transparent about the reasons for an emergency meeting if they call one with no public notice.

“Ultimately, if they’ve known about this for more than two weeks, how is it emergent? Unless the situation has changed, then they should tell us that,” she said. “It’s incumbent upon them to tell us why they took these actions without due notice or an agenda. Maybe there is a legitimate reason.”

The Observer-Reporter filed an open records request Tuesday for any correspondence between county officials on the scheduling of the emergency meeting and what efforts were made to notify the public.

In a brief phone call after the meeting, Sherman said there was “additional information” that the county became aware of Tuesday morning that made it “a pressing issue” to address immediately. He referred further comment to county solicitor Gary Sweat, who could not be reached for comment Tuesday afternoon.

The commissioners also voted 2-1 to authorize Sweat to execute engagement agreements with the two cyber firms and compile any necessary documentation to address the ransomware attack.

“Our overriding goal and concern is to protect the privacy of the residents and taxpayers of the County and to ensure that their personal information is protected and at the same time, be as transparent as we can, given the legal constraints under which we are working,” Sherman said in his written statement.


Click Here For The Original Source.

National Cyber Security