[BreachExchange] After February ransomware attack, La Salle County bolsters network security
Destry Winant
destry at riskbasedsecurity.com
Fri Oct 23 10:40:49 EDT 2020
https://www.newstrib.com/2020/10/21/after-february-ransomware-attack-la-salle-county-bolsters-network-security/aa1ph8z/
The February ransomware attack against the La Salle County government
was highlighted Monday in a national CBS news report about cyber
attacks.
On Wednesday, IT director John Haag said the county is as confident as
can be in protecting its computer networks.
Ransomware is a malicious software attack designed to block access to
a computer system until a ransom is paid.
Since the February attack, Haag said the county has recovered 95% of
the encrypted files without paying the hackers a dime. The 5% of files
lost were documents saved by county employees to the desktop computers
without backing them up on the county's network — which is strongly
encouraged by Haag moving forward.
Haag said the county has partnered with the Department of Homeland
Security to do regular penetration testing of the county's network.
Haag receives a weekly report and IT staff address any issues found to
strengthen the county's network.
The county also has a security vendor to monitor network traffic. Haag
and his senior network administrator are on-call 24/7 to react to any
immediate concerns with the network.
Haag also said the county has enacted policy changes by users.
"The landscape changes every day," Haag said. "There's no way to be
perfectly secure, but we're doing everything we possibly can."
The CBS News piece reported six Russian military officers were charged
in malware attacks — including one at a Pennsylvania hospital and at a
pharmaceutical company. There is no report the Russian hackers were
responsible for La Salle County's attack, but the news piece included
La Salle County's government as an example of a recent ransomware
attack.
The ransomware note said hackers wanted $428,000 in Bitcoin, Haag told CBS News.
The Feb. 23 attack on La Salle County took down email accounts,
limited access to documents and caused many county services to be
provided "the old-fashioned way" with paper.
While the cost of the ransomware attack was roughly $500,000, the
county was able to pay a $5,000 deductible to its insurance company to
cover all the costs, including hundreds of hours of overtime put in by
its IT staff.
"My staff did an impeccable job the last eight months bringing the
county out of the ransomware successfully and with no cost to the
taxpayers," Haag said.
More information about the BreachExchange
mailing list