From back to front, Mount Church, Mount Dickey, Mount Grosvenor and Mount Johnson in Alaska's Matanuska-Susitna Borough.

Aug 30 2018

An Alaska Municipality Suffers a Devastating Ransomware Attack

A complex ransomware virus brought down the government’s major technical systems, including servers, phones, email and hundreds of desktops.

Over a month after many of its systems were knocked out by a complex ransomware virus, Alaska's Matanuska-Susitna Borough is still in recovery mode — and the costs for getting back to normal are still rising.

The borough, outside of Anchorage and home to about 106,000 people, had to dust off its typewriters following the incident, and libraries returned to writing by hand and stamping books for checkout, as the disaster, classified as an “advanced persistent threat,” thoroughly took down government systems. While the borough has managed to restore most of its phone system, part of its geospatial information system and the online portal on which residents can pay property taxes, among other services, several others remain only partially restored.

The impact prompted elected officials to approve a disaster declaration in the wake of the attack, which allows the borough to pursue federal or state reimbursement. These are funds the borough will need, as the attack has cost the county far more than initially anticipated: Officials estimate costs will rise to $1.4 million to restore servers and systems, above the $1 million covered by insurance and the $750,000 originally estimated.

Mat-Su Borough IT Director Eric Wyatt, who has worked in IT and information and network security for 35 years, including for the U.S. military and as a Defense Department contractor, described the malware as “a very insidious, very well-organized attack.”

"This is not somebody in his mother's basement," says Wyatt, KTUU-TV reports. "This is ... definitely an organization that wants to cause chaos within our country.

Hackers Target States and Local Governments

The Alaska borough is only one of the latest governments to be hit with a crippling attack. In fact, Wyatt believes they were the 210th to be hit by the virus, according to a single file left behind by the attackers.

"Our victim number is 210 for this virus, meaning that 209 others are victims before us," Wyatt told KTUU-TV, adding that the city of Valdez, Alaska, was also hit.

The Alaska cities aren’t alone: Atlanta was notoriously hit with ransomware in March that locked down many of the city government’s systems and took weeks to remedy.

According to “The Cybersecurity Insight Report” by CDW and research firm IDG, 46 percent of organizations in the U.S. have experienced a serious security breach, and 22 percent have discovered a near-breach in the past 12 months.

“Data breaches aren’t few and far between anymore. Whether it’s due to cyberthreats or employee negligence, sensitive data is being exposed at an alarming rate. More often than not, especially with the rise of malware, organizations might not even know that their systems have been compromised,” the report states.

These attacks could hit state, county and local governments harder as tight budgets, shoestring staffs and legacy equipment leave them more vulnerable than other types of organizations.


7 Best Practices for State and Local Government Security

When it comes to protecting against attacks, the “The Cybersecurity Insight Report” offers seven tips government IT can take to inject resilience into local agency systems before an attack occurs:

1. Establish a dedicated security function.

2. Have a plan for acting quickly — time is of the essence.

3. Budget appropriately for security.

4. Implement technology that provides better visibility and predictions.

5. Engage with trusted third-party partners.

6. Implement (and evolve) end-user training — and communicate any changes.

7. Extend security responsibilities to business and legal teams.

States also should be sure to remain constantly vigilant and always apply best practices, because new threats are constantly challenging the resilience of state and local government operations.

“This stuff morphs constantly, it morphs the way it attacks constantly,” Wyatt told KTUU in a video, speaking about hackers and viruses. “They’re getting more and more sophisticated every day.”

Ross Fowler/Wikimedia Commons

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT