Bingham County pays ransom to release encrypted servers

Technology

5  Updated at 2:34 pm, March 1st, 2017 By: Stephan Rockefeller, EastIdahoNews.com
Share This Story
Illustration by Stephan Rockefeller, EastIdahoNews.com

BLACKFOOT — Bingham County ended up paying more than $3,000 in ransom after it was unable to fully recover from an attack on county servers.

The ransomware attack was initially discovered Feb. 15, when county dispatchers were unable to access systems crucial to emergency responders.

Information technology personnel were called in at 4 a.m. and quickly learned hackers had delivered malware to the county servers that encrypted the data and made the computer systems inaccessible to county employees.

“They were scanning a range of IP addresses, poking at each one looking for a open port,” Computer Arts contractor Adam Michaelson tells EastIdahoNews.com. “Once they found an open port, they used a program to brute force login in passwords.”

Computer Arts is a local computer company that provides IT support to the county.

Michaelson explained that brute forcing passwords is done by using a program that bombards logins with every possible variation of numbers and characters until it finds one that works.

“They kept doing that until they were able to get administration rights,” Michaelson said. “When they got those rights, they dumped their program on us and encrypted everything.”

READ MORE INFORMATION ON RANSOMWARE

The program deposited a web link in every folder on the county servers. The link led to the ransom note, which detailed the attack and demanded $28,000 delivered in bitcoin for a password to decrypt the county servers.

The ransom note demanding money from Bingham County to decrypt its servers.

Bingham County Commissioner Whitney Manwaring said every department in the county was affected in some way. Most departments had to handwrite documents as official records.

At the time, county officials didn’t believe it was necessary to pay the ransom as they had multiple backup systems in place.

Nearly all the county servers were backed up, and that information was recovered. But two servers containing geographic information were still infected, as well as a server attached to the Bingham County Prosecutor’s Office.

Faced with the prospect of not recovering the information, the county chose to pay the hackers 3 bitcoins, a price that varies daily but is around $3,500. The ransom was determined to be cheaper to taxpayers than buying new servers.

After paying the ransom, IT personnel were provided a digital key that allowed them to remove the encrypted software.

Bingham County IT room. | Stephan Rockefeller, EastIdahoNews.com

“I’d say we are at about 90 percent back to normal,” Computer Arts contractor Chris Rhoads said. “We basically had to completely rebuild our servers and the removing the encryption will take days to complete due to the massive amount of information affected.”

Rhoads anticipates future problems, as many programs are only used a few times a year.

“There will be issues that we don’t even know about yet, but we will fix those problems quickly as the arise,” Rhoads said.

The IT team working in Bingham County says the cost of repairing the servers is nearing the $100,000 mark, and it could take until 2018 to be 100 percent back to normal.

New password protocols have been put into place and additional firewalls have been added to prevent this kind of attack from happening again.

“You never want to pay a ransom — if you do you get tagged as a potential future victim,” Michaelson said. “If you have no choice but to pay the ransom, you had better be sure they can’t come back and get you again. I’d say we have done that here.”

The actual source of the ransomware is unknown, but servers involved in the attack were traced to the Netherlands, Germany and Russia, according to Bingham County Information Technology Manager Tracy Reifschneider.

Michaelson said the hackers left a very clear and obvious trail.

“It very clear to us that they took no information from our servers — they only dropped the encryption program on us,” Michaelson said. “Other hacks around the country have stolen thousands of Social Security numbers with names and birthdays, but that wasn’t the case here.”

Stories You May Be Interested In:

Good Question: Why are some people afraid of snakes?

18 May 2017

Robert Patten, EastIdahoNews.com columnist

BBB Warns of Summer Festival  Scammers

16 May 2017

EastIdahoNews.com staff

Age-progressed photo of DeOrr Kunz Jr. released

23 May 2017

Nate Eaton, EastIdahoNews.com

SCHIESS: Lazuli Buntings show up in the Upper Snake River Valley

20 May 2017

Bill Schiess, EastIdahoNews.com columnist

  • WKC690

    QUOTE FROM ARTICLE:
    “You never want to pay a ransom — if you do you get tagged as a potential future victim,” Michaelson said. “If you have no choice but to pay the ransom, you had better be sure they can’t come back and get you again. I’d say we have done that here.”
    END QUOTE

    Yet… our own local government paid the ransom which simply helps ensure that future attacks on all of us are inevitable.

  • Chauncy

    Hahahahaha ha Ha HAHAHAHA ha HA!!!

  • ThisIsMyHandle

    https://www.nomoreransom.org/crypto-sheriff.php

    ^ Solution. And you really didn’t need to pay the criminals.

  • WKC690

    QUOTE FROM ARTICLE:

    “You never want to pay a ransom — if you do you get tagged as a potential future victim,” Michaelson said. “If you have no choice but to pay the ransom, you had better be sure they can’t come back and get you again. I’d say we have done that here.”

    END QUOTE

    Yet… our own local government paid the ransom which simply helps ensure that future attacks on all of us are inevitable.

  • disqus_WL64xch3mT

    “The ransomware attack was initially discovered Feb. 15, when county dispatchers were unable to access systems crucial to emergency responders.”

    I’d say they did. $3000 vs not having those services for weeks for months.