Grand Traverse County, Michigan, federal government and experts investigate cyberattack

(TNS) – A day after a ransomware attack rocked Grand Traverse County’s systems, both city and county officials said critical services were fully operational.

Meanwhile, IT staff at the district’s third-floor operations center rushed to repair the damage with assistance from the FBI, Michigan State Police and outside software experts.

“We’ve done it,” said County Administrator Nate Alger. “We know what needs to happen to get us back up and running.”

When asked for a date or time when the network would be restored, Alger said, “We don’t know yet. (IT director) Cliff DuPuy is working nonstop. That’s his whole life right now.”

As of Thursday afternoon, county phone systems were still not functioning normally, although city government phones appeared to be working. Residents are encouraged to use email to communicate with county authorities and to delay in-person payments at this time.

The central dispatch center’s computer-aided dispatch system (also known as Grand Traverse 911) went offline on Wednesday, disrupting normal data transmission to the mobile data units mounted in most patrol cars.

Communication between the operations center and the rescue services is initially via radio and, if necessary, via mobile phone.

While emergency calls can still be made as normal, the emergency call center has set up a new non-emergency number for the duration of the power outage. This is: (231) 480-0024.

Emergency services in the area said they were also using radio to communicate with the operations center, although there had been no significant delays so far.

Municipal officials said their operations have been little impacted by the county’s network outage, except in a few specific areas, such as building permits, a service that may currently require an in-person visit to the county headquarters.

“Our systems are not directly connected to the county, so we are operating normally,” said Ron Lemcool, Long Lake Township Supervisor. “Of course, this incident is a reminder to everyone, including our employees, to take safety measures very seriously. You never know when something might happen.”

NO RANSOM PAID

Ransomware is a type of malware that attacks computers and networks and is often spread through fraudulent email messages. Typically, the malware encrypts files or “data points” on the network so that they are inaccessible for normal operations. Hackers then demand a ransom payment to release these encrypted files.

In other cases, cybercriminals download massive amounts of data from a targeted organization and then threaten to sell it or post it on the dark web if a ransom isn’t paid. Alger said Wednesday he was “pretty sure” that no county data had been shared so far.

Wednesday’s ransomware attack began at about 6:06 a.m. when county IT staff noticed “irregularities” in certain computer systems, including the 911 emergency call center.

After a flurry of phone calls and meetings early Wednesday, county officials decided to shut down the main network that supports both county and city operations to prevent the further spread of malicious code.

All employees were instructed to shut down desktop computers and other county-owned devices so they could be scanned for malware later in the day.

Alger confirmed late Wednesday that only a “small percentage” of devices in the county were affected by the attack.

County officials stressed Thursday that no specific ransom notes were downloaded from files or emails and that no ransom was paid. All data related to the attack, including any relevant emails, faxes or phone calls, have been forwarded to the FBI for analysis.

Both the county and city have cybercrime insurance, and local officials are currently working with the Michigan Municipal Risk Management Agency to assess the situation.

FIGHT BACK

In most parts of the United States, it is not illegal to pay ransoms, but cybersecurity experts and law enforcement agencies strongly advise organizations against doing so.

According to a 2023 study by Aon, Florida, North Carolina and Pennsylvania have passed laws prohibiting state agencies from making payments to hackers who pay ransoms for their victims. Several other states – Arizona, New Jersey, New York and Texas – are considering similar bills.

Michigan amended its criminal code in 2018 to prohibit the use of ransomware, but does not currently prohibit the payment of ransomware, according to data collected by the Record Eagle.

Unfortunately, ransomware attacks are becoming more common in the United States – according to the FBI, there are thousands of attacks every day, but many of them fail to extract money from victims.

Over the past six years, Grand Traverse County has also invested thousands of dollars to modernize its cybersecurity systems, including purchasing a $56,000 software package last fall that helped prevent a sophisticated spear-fishing email attack in early April.

Part of the county’s infrastructure is a third-party service that stores important data and customer information on a secure off-site, cloud-based server. This service can help combat a critical part of the ransomware scourge: the use of file encryption to lock down and deny access to corporate data.

After the county scans all devices and repairs the infected ones, it can repopulate its databases and servers with the “clean” files from the externally backed up system, officials said.

It is not known exactly how the latest ransomware code got into the county’s computer network.

NATIONAL TASK FORCE

To respond to the current attack, Grand Traverse County is partnering with the FBI’s National Cyber ​​Investigative Joint Task Force, which consists of more than 30 co-located government agencies spanning the spectrum from law enforcement to international intelligence agencies.

The FBI operates a “Cyber ​​Action Team” that can be deployed to various locations across the country within hours. The agency also has cybercrime units in 56 field offices across the country.

Incidents reported to the FBI’s Internet Crime Complaint Center (IC3) are often referred to the agency’s Recovery Asset Team, which, according to FBI documents, “has helped freeze hundreds of thousands of dollars for victims of cybercrime.”

But many institutions in Michigan have fallen victim to cybercriminals in recent years.

Ascension Healthcare, which operates 15 hospitals in Michigan, was the victim of a ransomware attack last month. The attack affected many critical areas of operations, including pharmacies and patient records.

Ascension executives have not made any ransom demands public, nor have they said they would be willing to pay such demands. Instead, the organization is taking time to rebuild its computer network and recover records.

On Memorial Day 2020, hackers attacked Michigan State University’s Department of Physics and Astronomy with ransomware. After working with state and federal law enforcement, MSU ultimately decided not to pay the ransom and instead invested heavily in updating its information security infrastructure.

County Commission Chairman Rob Hentschel, who oversees cybercrime, said the county commission will re-examine existing security measures at a future meeting in response to the current ransomware attack.

A special meeting of the Grand Traverse County Board is scheduled for Wednesday, June 26 at the Governmental Center, 400 Boardman Ave. in downtown Traverse City.

©2024 The Record-Eagle, distributed by Tribune Content Agency, LLC.