ANDERSON — Nearly a month after a ransomware attack locked important files behind a digital wall, county information technology workers are finishing the monumental task of putting the computer system back together.
“Basically, we got locked out of our house and the people stayed in our house,” said Dan Dykes Madison County administrator. “They messed up everything and we have to put it all back together again.”
Alhough the county paid a reported ransom of $28,000 at the urging of the county’s cyber insurance carrier Traveler’s Insurance and received decryption keys to unlock the files, that was only the beginning.
The ransomware not only locked each file behind an encryption, but it also broke all of the connections between the software and the files, said Lisa Cannon, director of the IT department.
Essentially, it was as if every file was a house without an address and Cannon and her team had to look at each individual file, assign it an address and make a map for the county’s server system.
“And that takes lots and lots of time,” she said, adding that directly after the attack city IT workers were working overtime and sleeping in the department in order to optimize the time they could work.
Although Cannon wouldn’t release the strain of ransomware nor explain how it was introduced to the county’s computers, she did say it wasn’t from a malicious email or fake website advertisement, which are the most common ways malicious software gets on computers.
It would have technically been possible to break the encryption code, but it would have been far more costly and time consuming to fight the malicious software, Dykes said.
“We were told by the Indiana State Police that it could take from now until the end of time to actually break the encryption,” he said.
Cannon has worked to upgrade all of the county’s software and added extra digital security to stop another attack. The county is also in the process of creating a backup system that would make it much easier to recover from another ransomware or virus.
“We have taken steps to stop it from happening again,” Cannon said. “But, we had what we thought were up-to-date safety precautions.”
With the added overtime, cost of new software and systems, rental of computer hardware and the cost of being down for nearly a month, the total cost of the attack will be much more than the comparably small ransom.
However, a portion of that cost will be covered by the county’s cyber insurance. The exact scale of what will be covered is still in negotiation with Traveler’s, Dykes said.
“We were lucky, or looking ahead, because the county just added cyber protection about a year ago,” he said.
Madison County is part of a growing number of governments and private sector businesses opting to add cyber insurance to the list of liability protections.
Though Traveler’s Insurance representatives declined several requests for interviews about their cyber insurance program, the company’s website says its cyber division is growing.
The Federal Trade Commission, which oversees consumer protection in the United States, recently released guidance for companies on how to defend from and respond to the growing problem of ransomware.
“We have heard from security researchers that local governments, police departments and school districts are among those places being targeted,” said Dan Salsburg, chief counsel in the Office of Technology Research and Investigation at the FTC.
Though the FTC is in the beginning of working with cyber insurance, Salsburg said it does seem to be a good option for businesses and governments.
“It would certainly be worth exploring and seeing if it’s a good option,” he said.
Cannon said she’s already been contacted from other area government IT professionals who asked about their protection and insurance.
Neighboring Delaware County has begun looking into its own cyber protection and insurance following Madison County's attack.
“The positive side is it did wake up a lot of people that it could happen to anyone,” Cannon said.