Connecting state and local government leaders
An abundance of caution months after a cyber assault on one municipality’s IT systems.
After a disruptive and costly ransomware attack this summer that locked down computer systems and forced some local government workers in Alaska to dust off old typewriters, employees working for the Matanuska-Susitna Borough north of Anchorage got some more bad news this past week about the cyber assault.
The Anchorage Daily News reported on Sunday:
Now, in a new vestige of the attack, borough officials sent out a letter to employees recently: Their personal information may have been compromised if they used borough computers to do private business like banking or paying credit cards.
The borough government is providing three years of credit monitoring for those affected by the malware attack, according to a letter from Borough Manager John Moosey. The Anchorage Daily News notes that although there isn’t any evidence that any personal information was indeed compromised, the action was taken under an abundance of caution.
The Mat-Su Borough, which includes the cities of Palmer and Wasilla, is a geographically expansive jurisdiction that covers more than 25,000 square miles.
Earlier this month during an Alaska Municipal League panel discussion on cybersecurity, Moosey discussed the borough’s decision making process in how it responded and why Mat-Su chose not to pay the bitcoin ransom, which was approximately worth $400,000.
As KTUU reported on Nov. 18:
Moosey says he ultimately decided that using taxpayer dollars spent on insurance premiums to pay a ransom to criminals was untenable.
"They do this because they can," Moosey said of cyber criminals. "I did not want to be, as the Mat-Su Borough, an encourager of this activity." Moosey says the decision was made with the knowledge that even if the borough paid the ransom, its data may not be returned anyway.
While Mat-Su borough officials chose not to pay the ransom, another Alaska municipality that experienced a similar cyberattack around the same time, the city of Valdez, took a different path to recover.
The Valdez Star reported on Nov. 14:
At the time of the attack, Elke Doom, the city manager, told the Valdez City Council that city officials had not been in contact with the kidnappers; however, the city did hire an unnamed security firm in Virginia that specializes in cyber-incident response and digital forensics to negotiate the terms of release for the city's data according to a press release issued Tuesday by the city's public information office.
"The firm anonymously contacted the attackers on the City's behalf to investigate and possibly negotiate ransom terms," Police Chief Bart Hinkle said in the city's press release.
The city said it expects recovery efforts to be complete by the end of the year but the data "...remain in quarantine until the data is carefully "scrubbed" and verified virus-free."
Cybersecurity experts have observed that in 2018, ransomware attacks have continued to surge with health care being one sector being particularly hit hard.
Michael Grass is Executive Editor of Route Fifty and is based in Seattle.