If you wanted a vehicle car tag or a license in Montgomery County, Ala., this week, you were out of luck. Hackers knocked many county computers offline with a ransomware attack, local officials say. The probate office took the worst of the attack, which hit late Monday, so business licenses, marriage licenses, and car tags were all unavailable. (Driver license systems were not impacted) So was the county sheriff website. It remains offline on Thursday afternoon. The county jail website is also still offline.
“We noticed the system was acting up at about 4:55 p.m. on Monday and this morning we were locked out. That’s when we were given a ransom. They said they wanted ‘bitcoins,'” said Hannah Hawk, manager of public affairs for Montgomery County, to the Montgomery Advertiser. “Due to the attack, the county’s system has been locked up and services the county provides will be impacted.”
In what may or may not be a related incident, security firm Barracuda Networks said it was monitoring widespread ransomware attacks that began on Monday. The firm says is trapped some 20 million booby-trapped emails laced with ransomware during a single 24-hour period; an update says a total of 27 million emails have been captured.
“These attacks are wrapped in either a ‘Herbalife’ branded email or a generic email that impersonates a ‘copier’ file delivery,” Barracuda said.
A majority of the emails originate in Vietnam, the firms says, but some are also sent from computers in India, Columbia, and Turkey and Greece.
As is typical in a ransomware attack, victims who are tricked into opened the attached file can have their files encrypted, and must pay the attackers to restore their files.
Consumers should never open unexpected attachments, even if they appear to come from friends or trusted companies.
Local government computer systems are a favorite target for hackers; many smaller agencies have fewer resources to keep security systems up to date. There were several similar incidents in Ohio last year. One county’s court systems were locked and the agency ended up paying $2,500 to restore them, for example. The problem got so bad that Ohio Auditor of State Dave Yost actually held a press conference urging local governments to stop falling for the scams.
“We’re not the first entity to go through this. We are working diligently to get things restored,” said Lou Lalacci, Montgomery County’s chief information and technology officer, to MontgomeryAdvertiser.com. “No personal information has been compromised.”