12 days in, malware still affecting Town Hall systems

Last Updated: July 24, 2023By Tags: , ,

July 24. [Updated] By Dave Yochum. Concerned citizen Joe Vagnone, a Cornelius business owner broker, was worried enough about malware and ransom-ware that he sent the town a cyber-security checklist late last year.

Here it is:

Pay or not pay a ransom?
Who are our IT experts currently.
Where is the Bit coin coming from if you choose to pay?
What value do you place on the data?
Cost to recreate data if you don’t pay?
Do you have regular testing & training?
Passwords, yearly review of who has access to data?
Inventory of hardware soft wear?
Are you reviewing all 3rd party vendors connected to town data?
Does the town have insurance for ransom threat?
Do we have a plan to inform town’s citizens & or Mayor, commissioners at the time of incident?

Response

There wasn’t much of a response from the town, says Vagnone, who lives on Norman Shores Drive.

“I cannot remember the response because it was less than a sentence dismissing my concern—to say, we got this covered, don’t worry about it,” Vagnone said.

Going on two weeks ago, the town “stabilized” a cyber threat that delayed or suspended some services provided by the town. At first, town officials said the threat was caused by ransomware; later they said it was malware, and no ransom was ever disclosed.

Importantly, 9-1-1 calls were not affected even though the town operates its own 9-1-1 center.

Now, 12 days later, the main number into Town Hall is still affected by the malware. The “Boxcast” of the Town Board meeting last week did not take place.

The town today said “town services may be delayed or unavailable,” but none were specified.

What’s next

Mayor Woody Washam said staff hopes to get the phone system fully operational this week, as well as other parts of the town’s information systems.

“Last week there was great progress to services that may appear small, but were very important,” Washam said. Messages to staff are taken by the front desk with pen and paper and carried to the right person in the two-story government center.

Town officials plan a press release later this week after a “consultant’s preliminary confirmation that will provide more detail to the public,” Washam said.

“Bringing the system back up in phases continues and we are hopeful that we could be completely functional in one to two weeks,” he added.

Town Manager Andrew Grant could not be reached for comment.

[UPDATE] Grant responded:

Andrew Grant

The Town of Cornelius has invested heavily in IT infrastructure in years past to deter and prevent threats of this nature. This investment was in the interest of safeguarding data and preventing interruption to operations. This attack was particularly sophisticated and was able to bypass security measures and safeguards that the Town has put into place. Sophisticated viruses, such as this one, are often updated by their creators in order to avoid detection. Our TechOps staff contained the virus quickly and did not allow it to cause significant damage to our systems. Staff is working to ensure that this type of virus cannot infiltrate our systems in the future.

Last week, a private cybersecurity forensic firm was brought in to confirm analysis on the attack that is being provided by the NC Joint Cybersecurity Task Force. More information will become available in coming days.

 

No Comments

  1. Nancy Brand July 24, 2023 at 1:54 pm - Reply

    So in typical manner, the town bureaucracy ignored the cyber-security check list that a concerned citizen and business owner suggested.

  2. Newsroom July 24, 2023 at 3:31 pm - Reply

    This comment is from
    Joseph Miller of
    Lake Norman IT Professionals…

    Security is very important but as important and maybe even more important is recoverability.

    This is what you should be focusing on for real positive outcomes.

    Areas of concern:
    What is your RTO? Recovery Time Objective—how long will you be down?

    What is you RPO? Recovery Point Objective—how much data do you expect to lose from time down?

    All dictated around areas like:

    1. Where are you hosted?(most small orgs could never afford the capabilities of public cloud)

    2. What redundancy do you have?

    3. What is you backup strategy?

    4. What skillset do you have to support recovery?

    As a Lake Norman community we have security leadership and innovation leadership peer meetings monthly with top leaders from throughout the CLT region.

    Happy to have town leadership participate. BTW it is free to practitioners.

    Joseph Miller
    Lake Norman IT Professionals
    http://www.lknitp.com

  3. Joe a vagnone July 24, 2023 at 6:54 pm - Reply

    Insufficient Response to Cyber Attack – Urgent Need for Action
    Dear Editor,
    I am deeply disappointed about the recent cyber-attack on our town and the lackluster response from our mayor and town manager. In today’s digital world, such attacks are expected, but we deserve better leadership and preparation on this issue.
    Our town should have been better equipped to handle this incident, and the response from our Mayor has been disappointing.
    I urge the mayor and town manager to take this matter seriously, no longer in such a dismissive attitude. Communicate a detailed plan to prevent future attacks. Transparency and open communication with residents on the recovery process. This is a crisis that we could have been better prepared for. 12 days and counting…tick, tick, tick, tick.
    I want to express my heartfelt gratitude to your publication for bringing to light the recent cyber-attack that our town faced. If it weren’t for your vigilance in reporting important news, many of us would have remained unaware of this critical issue. Your dedication to keeping the community informed is truly commendable.

  4. Mayor Woody Washam July 25, 2023 at 11:48 am - Reply

    For years, the Town has prepared for cybersecurity incidents and put in place multiple security measures including redundant firewalls, endpoint security programs, vulnerability penetration tests, and phishing training for employees, plus performing regular & redundant off-site backup of our data. Our security measures have literally prevented thousands of attacks, but unfortunately even the most prepared organizations fall victim to cyber incidences, as hackers are constantly evolving their viruses to outsmart security. And, this is what happened to the Town, as our security measures were not able to detect this sophisticated threat. It is unfortunate that the Town has joined the list of approximately 70% of governments and private businesses that fall victim to cyber attack. Due to measures already in place and the Town staff’s responsiveness, the threat was able to be contained to just a single computer and none of our data was taken. The Town was able to keep core functions and services, such as 911 operating while the network was down and being evaluated. And, last night, our network was able to be turned back on, including all the digital tools that support public safety and other Town operations. While it is not uncommon for restoration to take 3 weeks to a few months, the Town worked as fast as possible to come back online, as our restoration time was less than 2 weeks as the security and integrity of the system was protected for restart. I am extremely proud of our staff and all involved in this recovery and safe system restart as well as the overall handling of this matter.
    Mayor Woody Washam

Leave A Comment

recent posts

Our Partners

upcoming events