Sophisticated malware has taken down systems in at least two Alaskan municipalities in an attack that officials say is the worst they have ever seen. The Alaskan Borough of Matanuska-Susitna (Mat Su) and the City of Valdez have both been hit.
At Mat Su, everything from email to the electronic door key swiping system was affected. The Borough first noticed infections in its endpoints on 17 July when an update to its antivirus software spotted a common Trojan banking program on Windows 7 machines (but not its Windows 10 computers).
The software didn’t notice a range of other malware that the Trojan was infecting endpoints with. It was only a few days later that the Borough noticed issues with 60 of its 500 computers, information technology director Eric Wyatt told local radio reporters.
On 23 July, the IT department wrote a script to clean machines and reset all passwords. The malware reacted aggressively, locking up files on nearly all of its workstations and 120 of its 150 servers. That led the Borough to isolate all machines, disconnect its network from the internet and call the FBI.
The attack took down the Borough’s email and disrupted multiple systems including the property querying application, library system, landfill weights and fees application, and its animal shelter’s computers. Many public services were payable only by cash or cheque and the infection forced public employees to break out old typewriters from closets and to write receipts across some of its 73-building infrastructure. Wyatt said:
We have widespread disruption of offices, so that means a lot of things that citizens do with the borough is back to manual methods.
The Borough announced that computer systems were down on 24 July, and then explained that it was under attack on 25 July. Since then, it has been working with multiple organizations to fix its infrastructure.
Mat Su reported on Monday 30 July that most of its data was safe, thanks to a multi-tiered backup system. Credit card data was not stored on its systems and was therefore not at risk. It had to create an alternative email system with the same domain, as its existing Exchange system is completely unrecoverable.
The city of Valdez posted a press release on Facebook on July 27 adding that it had been hit by the same malware as Mat Su. It confirmed that all city computers and servers had been shut down and city email was unavailable. It was taking payment for services at City Hall and was asking customers to bring copies of their billing statements. The contact given for Valdez city representative Sheri Pierce was a Gmail address.
Over 200 organizations have been hit with the malware, according to evidence gathered by the Borough from its own systems. Wyatt added:
I have heard of numerous attacks in the state and throughout the nation. My information says that it’s very widespread in the state and in the United States, and it’s the same type of attack. It’s a multi-pronged attack.
Wyatt, who has spent 35 years dealing with cyberattacks in roles including military positions, said that the malware had been lurking on its network since as early as 3 May.
In radio interviews, Wyatt added:
I will tell you is that this isn’t some kid in his mother’s basement. This is very sophisticated and well-funded. It would come from somewhere I believe outside the US. When we call it ransomware, that’s not its purpose. I believe its purpose was to disrupt our way of life.
Governments have been hit by malware that encrypts files before. In March, Atlanta suffered an attack that cost it $2.6m, and ransomware took down Baltimore’s 911 system in the same month.
Mission critical services should be up and running internally by end of this week. Wyatt concluded that it will be at least three weeks to get back to “something that looks like normal.”
Rob
“Mat Su reported on Monday 30 July that most of its data was safe, thanks to a multi-tiered backup system. Credit card data was not stored on its systems and was therefore not at risk.”
Kudos to them for thinking about IT security in terms of ‘when not if.’ It’s only a shame we so rarely see a phrase like this when breaches get reported.
Spryte
Well done to the IT staff there for proper backups and system structures.
Unfortunately for I gave my typewriter to the Salvation Army many years back thinking it had gone the way of the Dodo… Poor thinking on my part.
Bentham
So a back up system should include:
Printed address books with street addresses (not just email addresses)
Typewriters (preferably manual)
Spare typewriter ribbons (that have not dried out)
A4 paper (probably in our printers)
Carbon paper (and means to shred it after use)
Envelopes & Stamps
It’s a mad world (or just a world full of mad people)
Scott Johnson
And cash.
s31064
The thing that stands out to me is Mat-Su’s IT department had the knowledge, where-with-all and foresight to have a multi-tiered backup system in place and to not store credit card information on its systems, yet it was using an (obviously) inferior AV product and structure. Almost 100% of its workstations and 80% of its servers were infected over the course of what appears to be several months, and no one noticed. As a sysadmin, if I worked for them I’d expect to be on the unemployment line real soon.
Yves
No comment on the infected linux servers?
Anonymous
MS Windows systems? Go all Linux.
Ivan
The solution it is very simple, invest resources and migrate to Linux. That does not mean that Linux do no have security problems, but has a lot less and you will deal with something that it is not a blackbox as Windows, it is.