Pennsylvania County Cyberattack: MSSP Assists Recovery
Luzerne County in northern Pennsylvania has hired Sylint, a 20-year old, Florida-based managed security services provider (MSSP), to help recover from a malware attack that hobbled the county’s courthouse computers.
Arete Advisors also assisted with the recovery, according to reports. We’re checking to see if Sylint and Arete are related businesses.
Sylint, which bills itself as a cybersecurity and data forensics specialist, is collaborating with Microsoft to provide remediation services and a prognosis on the extent of the malware infection. Luzerne’s deal with Sylint will cost the county about $30,000, some of which may be covered by insurance, manager David Pedri told local outlet The Citizen’s Voice earlier this year. The county has an existing contract with Microsoft that includes a $26,000-a-year advanced threat protection feature.
This is what officials know so far:
- The attack appears confined to the county courthouse’s network.
- There’s no evidence that any sensitive information was stolen in the attack.
- The county isn’t locked out of its systems and there has been no ransom demand.
- Many county offices can’t get to information such as property assessment records, deeds and civil court filings.
- No evidence it was a targeted attack.
Updated July 8, 2019: The effects of the May 2018 cyberattack on the Luzerne County computer network are still being felt, though nearly all costs the county incurred thus far should be covered by insurance, according to county Manager David Pedri, The Citizens’ Voice reports.
The county real estate database was still out of service as July 7, 2019. Without the latest property records available, the assessor’s office cannot perform required certifications of tax bills, the report said.
Luzerne County Malware Attack: Network Rebuild
Original report from May 2019: Sylint was expected to conclude an assessment report over the weekend and present a plan to bring the courthouse’s computers back online. So far, it appears that machines not on the courthouse network are virus free, including 911 services and the local emergency management agency, both of which are fully functional, officials said.
The county’s internal IT experts are already rebuilding some servers, David Parsnik, county director of administrative services, said. “We don’t want to waste time. If we don’t start rebuilding the network, we will be several days behind,” he reportedly said. In the interim, a clean server not connected to the infected network will enable workers to do their jobs.
The attack not only bears the markings of a phishing campaign it also shows how important is cybersecurity training, more training, and oh-by-the-way have we mentioned more training. An employee mistakenly opened a bogus email that launched the malware that attacked the courthouse servers, Parsnik told the Times Leader. Last year, the county began tagging all incoming emails from non-county senders while reminding staffers not to open attachments or click on links that aren’t obviously legitimate.
The incident isn’t one of finding fault but it is another example of how easy it is to get duped by hackers. “The good news is that our existing firewall did catch this pretty quickly,” Pedri said. Stronger security and more training will spring from the attack, he said. “We will be working to upgrade our existing firewall. We will examine what we could have done better.”
Cyberattacks, Ransomware Target Municipalities, Government Infrastructure
Numerous cities, towns, counties and organizations have suffered major ransomware and malware attacks over the past year. Example strikes include:
- May 2019: Baltimore, Maryland suffered a big ransomeware attack. The cleanup may cost $18 million or more, reports suggest.
- April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
- April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
- April 2019: Hackers stole roughly $498,000 from the city of Tallahassee, Florida’s employee payroll system.
- March 2019: Albany, New York, suffered a ransomware attack.
- March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
- March 2018: Atlanta, Georgia suffered a major ransomware attack.
- February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.
Note: Article originally published June 10, 2018. Updated January 8, 2019, with recovery details. Additional insights from Joe Panettieri.