A cyber-attack which happened In July 24 has forced Matanuska-Susitna Borough to resort to typewriters after a ransomware hit their internal servers to encrypt their files and extort them to pay ransom. Reports have also stated that FBI’s Cyber-Crime division is currently focus on investigating this incident along with another attack in a city close by.
Acocrding to the IT Director Eric Wyayy on a conference call with the FBI, it has become clear that this incident is not an accident or something that may be performed by someone who is a an amateur, but rather a “very insidious, very well-organized attack”.
The aftermath of the incident has gotten officials to take down some of the systems in the munipulacity and these systems include:
- E-mail servers and accounts.
- Network devices.
This has forced residents to no longer be able to make online payments via credit cards at local government institutions, such as libraries and care facilities.
Around 500 Computers Victimized
Reports have also indicated that the ransomware has not only done damage to some servers but in overall attacked and infected over 500 machines amomg which 120 servers. The cyber-criminals even managed to get their hands on the backup and recovery systems of the government organization. What is interesting is that they were even able to lock and unlock doors and controll the card-swipe mechanisms for the doors to copy and paste RFID chips and other electromagnetic and radio frequency identificator devices.
Mat-Su Switches to Typewriters
The whole incident has forced Mat-Su to go back in time and dust off the old typewriters in order to service the ~100 thousand residents in the community. Currently everything is handled by hand and this includes loans, fees, public affairs and other important activities.
According to the reports by Wyatt who has worked for the military IT sector before and has written a report on this ransomware, the malware is very sophisticated as it contains a Trojan horse full of components that can be activated with a click of a mouse from the “other side”.
Além disso, the protection software which was ran at that time appeared to have removed the Trojan horse, but in the same time the software has left behind modules and malicious components that allowed the infection to proceed. After developing a custom script, the IT personnel was able to remove the modules which were missed by the antivirus program, but the worse part of this malware seemed to be one step ahead of them. A malicious trigger was activated and similarly to a Dead Man Switch logic, the malware executed a script which devastated not only the recovery servers there, but also damaged a lot of data, despite the fact that it was not able to cause harm to most of the Mat-Su data.
Até agora, FBI experts and IT professionals are struggling to recover computers by re-imaging them and they have detected the ransomware to be the BitPaymer virus.
Até agora, the Alaskan town is slowly recovering from the aftermath of the attack, and most of their services are now reported to be up, including the phone server that is now working properly.
These types of attacks are now becoming more and more often and they started to target important institutions which is a clear sign that a lot of attention has to be paid to cyber-threats of this magnitute.