[BreachExchange] Durham city, county preparation prevented data breach when hack happened

Destry Winant destry at riskbasedsecurity.com
Tue Mar 10 10:08:11 EDT 2020 

https://www.wral.com/durham-city-county-preparation-prevented-data-breach-when-hack-happened/19002046/

It appears that employees of Durham governments, at the city and
county level, separately clicked on links in an email allowing a known
malware virus access to those government networks.

"These viruses are just rattling doorknobs," Durham Mayor Steve
Schewel said. He joined the city and county managers and leaders of
city and county information technology departments Monday in
describing the cyberattack and response by their offices.

Together, the leaders praised the preparation, training and backup
systems put in place that allowed for a quick response.

City Manager Thomas Bonfield said his staff had assured him that an
investigation detected no breach of personally identifiable
information. "We have no indication any data was stolen or tampered
with," Durham County Chief Information Officer Greg Marrow said.

Protective systems detected the malware Friday night and alerts IT
staff, who responded by taking networks and phone systems offline to
contain the damage.

Some of those systems, including access to 911, were restored quickly
or operating on backups. A full restoration of the 2,000 or so city
and county computers to their respective networks could take most of
the week.

Marrow said the county planned to re-image 1,000 computers and rebuild
100 servers in their data center.

Visitors to City Hall found a message on the door Monday that said,
"We are currently unable to access any of our systems."

Web access to the City of Durham and Durham County government was
working, and residents could use online services to securely pay bills
and request services.

Kerry Goode, chief information officer for the City of Durham, said he
expected "core business systems," such as those that manage payroll,
to be back online by Monday night.

He described a three-step process in which IT staff would review each
computer and other device before re-connecting it to the city network.

"Ransomware cannot consume our backups," he said. Schewel noted that
the city backs up data every two hours.

In press releases and questions with the media Monday, the Durham
leaders referred to "malware" and to "ransomware," but no ransom
demand was received.

More information about the BreachExchange mailing list