The big news over the weekend for the IT teams working to counter the cyber attack at the Matanuska-Susitna Borough: most of our data is not lost.
Borough desk phones are still coming online after the phone server was rebuilt Sunday night. Phones were restored first at the main administration building in Palmer. IT teams were dispatched this afternoon to the Capital Projects department, two public safety buildings, and Animal Care. Work continues with other departments tomorrow. The main Borough number is (907) 861-7879.
Despite the sophisticated level of attack, the Borough backup servers that store this local government’s documents were structured in a way that protected most of the data. Credit cards are not stored here online and were never at risk.
Mat-Su Borough IT Director Eric Wyatt said Valdez and elsewhere in the U.S. are hit with a computer virus that seems to be the same as this one.
Based on evidence in Mat-Su Borough computers, the Borough is victim 210, meaning that more than 200 organizations have been hit with this attack before us, Wyatt said.
Last week, on a conference call set up by the FBI with Valdez and other entities, the Mat-Su Borough shared vital information on what to anticipate with the virus and advice on how to pre-empt it. A regional IT meeting in Anchorage is planned to do that in more detail with IT security directors from across the state expected to attend.
In a Status Report, attached here, Wyatt called the virus a multi-pronged, multi-vectored attack. Not a single virus but multiple aspects of viruses together including trojan horse, Cryptolocker, time bomb, and dead man’s switch.
“This is a very insidious, very well-organized attack,” Wyatt said. “It’s not a kid in his mom’s basement. Because we are getting the information out and sharing it with other entities, hopefully they can weather the storm.”
Last Tues., July 24, the Borough first disconnected servers from each other, then disconnected the Borough itself from the Internet, phones, and email, as it recognized it was under cyber attack. Since then, infrastructure is steadily being rebuilt, computers cleaned and returned, and email, phones, and Internet connection becoming restored.
Wyatt explained to a table of Borough directors this morning that in his 35 years of IT work including in a military uniform and later as a contractor for the U.S. Dept. of Defense, he’s never seen anything like this.
Wyatt called it a “zero-day” attack, which means the anti-virus software makers do not yet have the definitions of the virus in their software to catch and remove the threat. The Borough gave them theirs so they can write new protections from this virus. The Borough awaits the new software.
This new threat doesn't stop at your primary systems. It gets in to corrupt your back up servers and disaster recovery systems. Wyatt said he and representatives with primary international venders such as Dell and Cisco have not seen this before, until now.
“It’s a new world,” said Wyatt.
Some 20 different agencies and vendors, including former employees, have supported the Borough’s response, offering brainpower and resources to untangle the forensics of the attack. The FBI cyber crimes unit has been working with the Borough since last week on gathering such evidence.