Montgomery County, Alabama joined the ranks of probably millions of others and paid a ransom to get their data back after hackers threatened to erase their data if the ransom was not paid within 7 days.
While details are sketchy, reports are that the attack began Monday around 5PM (at the end of the day) and probably spent all nite encrypting data. By Tuesday morning systems such as vehicle tags, car registrations and marriage and business licenses were down. Reports said that 70 terabytes of data was encrypted with no one noticing it.
The Chairman of the County Commisioners, interviewed on the Montgomery Advertiser link below said it was an “unfortunate situation” and “you don’t think about these situations until they happen”, but now he says it is “kind of an emergency situation”.
While we can laugh at his response because it wasn’t our systems that are down, the reality is that all of his comments are pretty accurate. Most businesses don’t have a disaster recovery program, an incident response program, tested backups or trained emergency resources already identified and contracted for. In fairness, some businesses are prepared, but they are the minority.
The County CIO, Lou Ialacci said that they tried to restore from backups but were unable to for some reason not related to the attack. Perhaps, the backups weren’t working or didn’t exist.
The Chairman of the County Commissioners NOW says that they are going to do whatever it takes to prevent this from recurring.
That comment is also not unusual – after the horse is out of the barn, down the round and the barn on fire, it gets pretty real for people.
The county also said not to worry – no data has been compromised. Are they sure? It wouldn’t be very hard to encrypt the data and then copy it to the cloud somewhere. Since the hacker has the key, he or she can then decrypt it at their leisure. Don’t know in this case, but it definitely happens some times.
In Montgomery County’s case, they had to pay the hackers 9 Bitcoin or about $40,000 to $50,000 in taxpayer dollars based on the then current Bitcoin price.
My guess is that Montgomery County was not specifically targeted by Vladimir Putin, so I think we can safely say this was an attack of opportunity.
The county is being pretty quiet as to what happened, but likely someone clicked on a link or opened an attachment and it was all over at that point.
The message here is that businesses especially and individuals too need to be prepared, Anyone can get targeted. The bad guys might send out 10 million emails and hope a few people click on it. At $40-$50 thousand a pop, you don’t need very many people clicking to earn a very nice living. Ten people click on it and you might make a cool half mil – tax free, I might add.
Are you prepared?
Are you sure?
Have you tested it?
You don’t want to be the next Montgomery County.