Officials with the United States Secret Service, local law enforcement and other professionals are still assessing the damage of a cyberattack on Dawson County government computer servers that reportedly occurred the afternoon of April 23.
County IT analyst Will Shattuck updated county commissioners and audience members at the board’s work session Tuesday afternoon, April 24, on the potential damage and the status of the ongoing investigation.
Shattuck said the IT department was first notified around 2:30 p.m. Monday by the tax assessor’s office, which reported it was unable to save work on some of its files. Soon calls flooded in from many other departments, and once the IT department began investigating, it discovered a ransomware attack.
Ransomware is a type of malicious software that encrypts writable data, and only the attacker knows the decryption key.
“We started shutting down servers and trying to minimize the amount of damage, as it spreads very quickly, through the networks and through the different servers,” Shattuck said.
The county’s exchange server, as well as phone and internet services, were affected.
“We did work through the night to get phones and internet back up,” Shattuck said. “Some of the other servers will take longer to repair and to work through.”
On Tuesday morning the county called in a cyber security company, Carvir Cyber Security, which is currently still working in conjunction with the county IT department to resolve the situation.
Email was restored to all of the county offices on Friday.
An update from the county manager mid-week stated that no critical or essential services such as E911 or emergency response were impacted by the attack.
“County offices have remained open as normal and, under the circumstances, are functioning well and continue to serve the citizenry,” County Manager David Headley said. “At this time, no personnel data or banking information is believed compromised. Employees will continue to be paid as normal, and our teams continue to work to fully restore computer systems.”
The point of entry for the attack has not been determined.
The county does have a cyber insurance policy in place through the Association of County Commissioners of Georgia, but prior to Monday it did not have an emergency management plan in place for a ransomware attack.
Shattuck also said that the attack is similar to one the city of Atlanta experienced in March, which brought city services to a halt. The city has spent millions of dollars in the aftermath of the attack.
According to the U.S. Department of Homeland Security, there were more than 4,000 ransomware attacks on average that occurred daily since Jan. 1, 2016.
“This is a 300 percent increase over the approximately 1,000 attacks per day seen in 2015,” the department said in a memo.
The department advised isolating the infected computers, securing backup data, contacting law enforcement and changing passwords after removing the system from the affected network.
“Paying a ransom does not guarantee an organization will regain access to their data,” according to the department, which said some individuals or organizations were never provided with decryption keys after paying the ransom.
Some victims were targeted again, and others may get asked to pay more than the original ransom.
DCN Regional Staff Writer Nick Watson contributed to this report.
This story will be updated as more information becomes available.