News

Actions

Ransomware attack hits Garfield County, shutting off its computer access for weeks

Posted at 5:09 PM, Apr 11, 2019
and last updated 2019-04-11 22:33:32-04

PANGUITCH, Utah -- A ransomware attack hit Garfield County's computer systems, crippling them for weeks before they were able to pay to get access to their own data, officials confirmed to FOX 13.

"All of our data had been taken," Garfield County Attorney Barry Huntington said of the recent data breach.

Someone clicked on a phishing email earlier this year that launched a ransomware attack, swiping up a number of county offices' data and locking it away.

"The Assessor's Office, the Recorder's Office, some of the files had been taken and we didn't know how or why," Huntington said Thursday. "Eventually we received an email stating that some terrorists had taken our information and if we wanted it back, we had to pay them."

In the meantime, many of Garfield County's systems had been taken over by an unknown person. (FOX 13 is told the courts, elections and sheriff's office were not impacted.)

The state severed access to its systems and the FBI got involved. Many county offices were reduced to working with pen and paper.

"We were told to leave our computers off while the FBI and the state looked into it," Huntington said. "We tried to do the best we could with handwritten files and things like that. Computer-wise, we were shut down."

Garfield County ultimately paid a ransom to someone in Bitcoin to get access to its files, phones and systems again, the county attorney said. Access was restored in March.

The FBI would not comment directly on the Garfield County ransomware attack, except to say it was aware of it. But the agency pointed out the county is not alone here.

"It really happens to everyone," FBI Supervisory Special Agent Jeffrey Collins said in an interview with FOX 13 on Thursday. "An individual person at home, small businesses, corporations, everyone can be affected by this."

Collins said the FBI is aware of other ransomware attacks on other Utah governments.

"We have had other local cities who've been infected, a similar situation where they're scrambling to find their backups and restore their files," he said. "I've seen another city where they had to pay the ransom and they were successful in getting it back."

The FBI said it does not encourage anyone to pay a ransom, but acknowledged some may not have much of a choice. Collins said many ransomware attacks originate overseas from former Soviet republics.

Nationwide, more than 2,000 ransomware attacks were reported to the FBI last year. They typically involve someone clicking on an attachment or a link in an email meant to look safe. It launches malware that can seize systems and databases and lock them up in an extortion attempt.

Collins said for people to protect themselves, always double-check emails that even look like they come from someone safe.

"Even if it looks like somebody you trust, you should be suspicious of it. Especially if it has an attachment or a link," he said. "Don't automatically click that or assume it's safe."

Backups are essential. For many governments, they contract with outside services to provide IT support. Collins said it's a good practice for cities or counties to make sure offsite backups are continually working.

"Backup your files regularly, keep them offline," he said.

Huntington said Garfield County has largely recovered from the attack and has already spent money and taken steps to have more secure systems.

"We've learned that even in Panguitch, people could steal your data," he said.