Cause, motive still under investigation
Okanogan County government computers and phones are up and running again after a nine-day, nearly ’round-the-clock effort to recover from a cyber attack.
The county’s information technology (IT) staff and an outside forensic consultant are still investigating the source of the attack, and some specialized software — for accounting, courts and the Sheriff’s Office — hasn’t been completely reconfigured, but the county’s computer systems are working at 80 to 85%, Okanogan County Risk Manager Tanya Craig said Monday (Jan. 25). Everyone has access to email, phone and voicemail, and to all their computer files, Craig said.
The investigators haven’t been able to learn the attackers’ motives — whether it was ransomware or a quest for account information, data or files, or something else, Craig said.
The county’s security software notified the IT department early last Saturday morning, Jan. 16, that something was amiss. The IT staff headed to the office and then notified Craig so she could contact the county’s insurance company. They’ve been working to restore the network ever since, and got most systems running on Jan. 25, she said.
Some county divisions log into state computer systems, including the courts, Public Health and Sheriff’s Office fingerprinting for background checks.
Those services will not be fully operational until staff have reset passwords and completed other security measures, Craig said.
The cyber specialists are still conducting forensic tests to find out how the attackers got into the system and how to prevent future attacks, Craig said. Investigators are scrutinizing all files and programs on all computers and servers to be sure that employee information and other sensitive data are safe.
Analyzing evidence
A device Craig described as a “forensic PAC-MAN” scans all files and photographs anything that looks unusual so IT specialists can analyze it to see if anything has been touched. So far, they have found no evidence that anything was lost or tampered with, Craig said.
The county has a system that backs up all computer files every night, but because it’s on one of the county servers, it was also affected. After the investigation is complete, county staff will sit down with the forensic specialists to get suggestions about the best protection for the future and the best place to store backups, Craig said.
While having an off-site backup can provide extra assurance, many cyberattacks intentionally target these places because they’re a repository for so many backups, Craig said.
The county has cyber-security insurance, which covers the cost of the outside forensic specialists. The only expenses that would not be covered are overtime for county staff, Craig said.
The county still has no prediction for how long it will take before the investigation is complete.
Jury duty for District Court is canceled through Friday (Jan. 29).
Emergency numbers and 911 weren’t affected by the attack. The county shut down the emergency call center set up to field non-emergency calls once all phone systems were working again at the end of the day Monday.
