Alaskan borough dusts off the typewriters after ransomware crims pwn entire network

Pen and paper brought back into service

typewriter_wtf_648

A ransomware infection has cast the Alaskan borough of Matanuska-Susitna (Mat-Su) back to the dark ages.

The malware was activated in mid-July, infecting 60 of the borough's Windows 7 PCs. As the IT department tried to clean the infection and reset passwords using a script, the malware started "attacking back", spreading to almost all of the 500 workstations and 120 of 150 servers.

Networked telephones and email went down, door-card entry was disrupted, and citizens could no longer make payments or access some services.

"We immediately started to isolate servers, took workstations off the network, isolated servers, and called the FBI," Mat-Su IT director Eric Wyatt said in a radio interview.

Handwritten note on keyboard saying sorry with sad face

Please forgive me, I can't stop robbing you: SamSam ransomware earns handlers $5.9m

READ MORE

Without computers to do the work, staff went back to basics. "They re-enlisted typewriters from closets and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings," said Mat-Su public affairs director Patty Sullivan.

An official release described the attack as having been spearheaded by the BitPaymer ransomware, but it seems an external attacker was also able to log into the borough's network and embed other nasties such as the Emotet banking trojan.

The attackers gained Active Directory admin access, compromising the controller to reconfigure its security settings.

It seemed likely that data was compromised and "sent outside the network", said Wyatt in a stark assessment.

And the motive? Despite the involvement of BitPaymer, Wyatt didn't believe it was purely financial.

"In 35 years in the business, this is the worst I've seen. It's meant to disrupt our way of life."

Borough assembly member Ted Leonard went further, describing events as more like terrorism than computer crime.

A Ransom Note

New Zealand school on naughty step after ransomware failure

READ MORE

Mat-Su isn't alone. According to Wyatt, the borough's victim case number was 210, which meant that 209 others had suffered the same fate, including Valdez in Alaska.

The attack is notable not only for the way it dismantled an entire organisation's computer infrastructure, but the remarkable honesty of the victims. Mat-Su even admitted its disaster recovery servers became infected.

The borough is now reimaging its systems using backups, some of them up to a year old. However, a lot of data such as email has been lost.

"Encrypted data will be stored for months or years in the hopes that the FBI will recover the decryption keys," Wyatt said.




Biting the hand that feeds IT © 1998–2018