IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Clay County, Ind., Hit by Apparent Ransomware Attack

All Clay County Courthouse offices and the Clay County Health Department are closed as of 2 p.m. Tuesday, and they will remain closed Wednesday as officials evaluate the developing situation there.

Ransomware
Shutterstock
(TNS) — Clay County has been hit with a ransomware attack.

County commissioners on Tuesday afternoon issued a statement saying the county’s information technology department spotted unauthorized activity shortly after midnight.

This appears to be a ransomware attack, commissioners said. The county cannot access its data or electronically connect with some of its state partners.

Ransomware is a type of malicious software or malware designed to deny access to a computer system or data until a ransom is paid to unlock data. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.

All Clay County Courthouse offices and the Clay County Health Department are closed as of 2 p.m. Tuesday, and they will remain closed Wednesday.

Commissioners will reevaluate the situation Wednesday and decide on further closings by 2 p.m. Wednesday. The highway department, extension office and the WIC office are open.

Anyone scheduled for a court appearance on Tuesday or Wednesday should call the court on Thursday to receive instructions on rescheduling.

Commissioners said they will give further instructions via news release Wednesday if the courthouse must remain closed Thursday.

The Clay County Sheriff’s Office and the dispatch center are operating. An initial disruption occurred to the non-emergency lines, but they are now fully operational, commissioners said. The 9-1-1 telephone system was never affected.

Measures taken

Clay County says it has taken the following steps to address the incident:

• Isolated affected systems to contain the attack.

• Cybersecurity professionals are working to correct the disruption in services.

• Relevant law enforcement and government agencies have been notified.

Data exposure, protection

The county is currently assessing the extent of data exposure. There was as of Tuesday afternoon no evidence that personal data has been compromised, the county said.

“We are committed to transparency and will notify all potentially impacted parties as we gather more information,” commissioners wrote.

The investigation is ongoing, and the county says it is working around the clock to restore operations. Commissioners said they will release further information regarding the attack when possible.

Clay County said in a news release it “is deeply committed to the security of all data we hold. We understand the importance of protecting our community’s information and are taking significant steps to enhance our cybersecurity framework.”

Brazil Mayor Brian Wyndham’s office said the city’s systems were not affected by this attack.

Ransomware background

Justin McIntyre, a senior network administrator sent the Tribune-Star some information on malware attacks.

He said such malicious software is typically introduced into a network environment through opened malicious email attachments or compromised account credentials.

The ransomware can lie dormant and provide reconnaissance to the attacker, or it can immediately trigger a payload, silently locking thousands of files across a network in minutes, McIntyre wrote.

Ransomware is a fast-growing genre of malware, he said.

“Now, you don’t need to be a computer science graduate to orchestrate a cyber attack. New strains of ransomware code are made frequently and pre-fab kits can be bought online, ready for deployment,” McIntyre said. “New strains take longer for security defense systems to detect whereas older, more studied variants are detected earlier or can be blocked outright.”

The speed of recovery from a ransomware attack varies with the severity of attack, availability of backups, and personnel on hand, he added.

He noted Vigo County went through a ransomware attack in 2019, “and we’ve learned that planning defense around possible attacks and having multiple backups of systems and services is one of the best practices in remediation.”

If you get hit

Sid Stamm, a professor of computer science and software engineering at Rose-Hulman Institute of Technology, also sent the Trib-Star information on malware attacks.

He, too, said breaches commonly come from phishing attacks, password compromise or malware. Phishing is probably the most common way for the bad guys to get in, he added.

Because a ransomware attacker wants you to pay them, they make it obvious when you’re infected.

Stamm advised that if you do get infected, don’t pay the ransom — “that just encourages the criminals to keep being criminals!”

Instead, he suggest people have copies of their data stashed somewhere safe to get access to after they eradicate the malware infection.

Among his tips:

• Keep this backup of your important files offline.

• Back stuff up periodically when you know you’re safe and unplug or disconnect your backup drive or system between backups. This way if ransomware gets control of your computer, your backup will stay untouched.

• The best way to counter ransomware attacks is to prevent them: use strong passwords and multi-factor authentication. Be very cautious with email and attachments.

• Keep your computers updated.

“A small dose of skepticism and a short pause before replying to emails can help expose email phishing attacks,” Stamm wrote. “Keep all your software up to date. Install updates often and restart your computer periodically to let it install updates.’

Stamm advises if you do fall victim to a cyber-attack, immediately disconnect the compromised computers from the network to stop any spread.

If you’re not sure how to do that, turn them off to contain the attack.

© 2024 the Kokomo Tribune (Kokomo, Ind.). Distributed by Tribune Content Agency, LLC.