ANDERSON – Madison County officials are in the process of removing the ransomware attack from the county’s computer servers after payment of a ransom to the hackers.
Lisa Cannon, director of the IT Department, said Wednesday that the county has obtained the keys to remove the encryption from the servers so that officials can have access to data.
She said her staff is working on taxes and billing and public safety.
“It’s a slow process,” Cannon said. “There are a lot of variables involved.”
Informed county sources, who didn’t want to be named, indicated the ransom paid by Madison County was $28,000. It was paid on the advice of the county’s insurance carrier, Travelers Insurance.
Cannon informed the Madison County Council at Wednesday's meeting that she will be spending money that is not in her budget over the next month.
“It has been a devastating last few days,” she said. “We can’t do without any longer.”
Cannon said the council eliminated six positions in the department in 2012 and reduced the budget by 56 percent.
“We can’t be expected to operate as large as General Motors on a gas station budget,” she said. “We need help and it’s going to take funds.”
Cannon said it will cost the county $17,500 to bring in a support company to bring the two largest computer servers back online and to make best practices recommendations.
“This is a drastic situation and we need a council that will support us, so we can serve the employees so they can serve the public,” she said.
One of the options being considered is to store the county’s computer data off-site to protect the county from future attacks.
Cannon said the ransomware attack affected 600 personal computers and up to 75 servers.
“We can’t wait to take action,” she said. “We have to have bodies and finances. We can’t operate the IT Department on a shoestring budget.”
Council President Fred Reese asked Cannon to bring a plan to the council at the December meeting.
Indiana State Police Capt. Dave Bursten said the investigation is ongoing.
“Investigations of this nature are complicated, are rarely solved, and typically involve criminal actors from foreign countries,” he said.
Bursten said the best defense to malware attacks is daily backups to segregated backup sources or to third party backup vendors not on the same system. He said internal backups that are not segregated offer no protection to ransomware attacks
Concerning the payment of a ransom, Bursten said ISP concentrates on the criminal aspect of the investigation and makes no recommendation related to the payment or non-payment of ransom.
“Decisions to pay or not pay a ransom are business decisions,” he said.
Ransomware is a type of malicious software that prevents access to computers by its rightful users through file encryption until a specified amount of money is paid.
Follow Ken de la Bastide on Twitter @KendelaBastide, or call 640-4863.