Alaskan borough dusts off the typewriters after ransomware crims pwn entire network
Pen and paper brought back into service
A ransomware infection has cast the Alaskan borough of Matanuska-Susitna (Mat-Su) back to the dark ages.
The malware was activated in mid-July, infecting 60 of the borough's Windows 7 PCs. As the IT department tried to clean the infection and reset passwords using a script, the malware started "attacking back", spreading to almost all of the 500 workstations and 120 of 150 servers.
Networked telephones and email went down, door-card entry was disrupted, and citizens could no longer make payments or access some services.
"We immediately started to isolate servers, took workstations off the network, isolated servers, and called the FBI," Mat-Su IT director Eric Wyatt said in a radio interview.
Please forgive me, I can't stop robbing you: SamSam ransomware earns handlers $5.9mREAD MORE
Without computers to do the work, staff went back to basics. "They re-enlisted typewriters from closets and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings," said Mat-Su public affairs director Patty Sullivan.
An official release described the attack as having been spearheaded by the BitPaymer ransomware, but it seems an external attacker was also able to log into the borough's network and embed other nasties such as the Emotet banking trojan.
The attackers gained Active Directory admin access, compromising the controller to reconfigure its security settings.
It seemed likely that data was compromised and "sent outside the network", said Wyatt in a stark assessment.
And the motive? Despite the involvement of BitPaymer, Wyatt didn't believe it was purely financial.
"In 35 years in the business, this is the worst I've seen. It's meant to disrupt our way of life."
Borough assembly member Ted Leonard went further, describing events as more like terrorism than computer crime.
New Zealand school on naughty step after ransomware failureREAD MORE
Mat-Su isn't alone. According to Wyatt, the borough's victim case number was 210, which meant that 209 others had suffered the same fate, including Valdez in Alaska.
The attack is notable not only for the way it dismantled an entire organisation's computer infrastructure, but the remarkable honesty of the victims. Mat-Su even admitted its disaster recovery servers became infected.
The borough is now reimaging its systems using backups, some of them up to a year old. However, a lot of data such as email has been lost.
"Encrypted data will be stored for months or years in the hopes that the FBI will recover the decryption keys," Wyatt said.