Licking County, Ohio, population 116,000, which bills itself as the 17th largest county in the state has been thrust back into the dark ages.
A ransomware attack has taken down all of the county’s computers, including 911 dispatch and, they are saying, it will be a while before things are back to normal.
On Tuesday Jan. 31, 2017, a ransomware attack was discovered that caused the county to shut down all computer systems, including phones (I assume the phones must be IP phones) indefinitely.
The county would not say how much the hackers want to free their computers. Instead the county is rebuilding systems and restoring data from backups.
The county Commissioner suggests that anyone who wants to do business with the county get in their car, drive to the county offices and stand in line. Well, actually, he didn’t put it that way. He said they should physically go to the appropriate office.
A few departments operate on independent systems. The Department of Job and Family Services uses a state run system, so they were not affected – accept that you can’t call them and they can’t call you.
Eight county employees have been working around the clock to rebuild systems. They are sleeping there and people are bringing them food.
As of today, after a week of no phones, the phones in all departments should be working.
The computers should be working “some time this week”.
The good news for county employees and vendors is that ACH was run (to send payments to the bank) the day before the attack, so employees and vendors will get paid.
The county Treasurer said that they would miss the deadline for electronic payment of property taxes.
In the grand scheme of things, this is not the end of the world.
It appears that they have reasonable backups, even though the county’s 8 IT people are having to work around the clock, seven days a week to restore them.
For county residents, not having electronic services is probably, mostly, an inconvenience.
On the other hand, for the police, sheriff and fire, not having phones or computers may mean the difference between someone dieing or not or a building burning to the ground.
The lesson here is not for Ohio (although they probably learned a lesson or two), but rather for everyone else. This is likely purely a chance attack, meaning that it could have just as easily be you as them. The FBI gets reports of over 4,000 of these attacks every day.
Obviously, they had a poor disaster recovery and business continuity plan. For ransomware to take the ENTIRE county down, including phones is pretty amazing – and not in a good way. It is possible the reason for that was money, but more than likely, it was just poor planning. After all, are you ready for an attack that takes over your phones and all of your computers?
The good news for the county is that they are not likely to go out of business over this.
For your business, if you are down – no computers or phones – for a week or two, would you survive?