Another Click2Gov data breach hits Indio, California
October 15, 2018
The online bill payment software used by hundreds of local governments continues to be a frequent source of cybersecurity incidents.
The Matanuska-Susitna Borough, outside Anchorage, was hit by the same complex virus cybersecurity researchers believe attacked the PGA.
Benjamin Freed is the technology editor for StateScoop, covering how states and cities make decisions about the technology that powers government s...
Nearly three weeks after many of its systems were knocked out by a complex ransomware virus, Alaska's Matanuska-Susitna Borough has restored most of its phone system, part of its geospatial information system and the online portal on which residents can pay their looming property-tax bills. But the borough, home to about 106,000 people outside Anchorage, still has many services to restore, prompting its elected officials last week to approve a disaster declaration in the cyberattack's wake.
The declaration could make the borough eligible for assistance from the Federal Emergency Management Agency. Meanwhile, local government systems are slowly blinking back online. In its most recent updates, the borough says it's restored departments' phone servers and that full email service is expected within a week.
But other systems are still being rebuilt after the borough's encounter with the ransomware known as BitPaymer, which locked down systems ranging from main file servers to the card-swipe mechanisms that control doors in government buildings. BitPaymer is a complex cocktail of malware that enters a targeted system through a Trojan horse, then lies dormant until it's noticed and authorized users attempt to remove it, at which point it locks up the system with a demand for a sum of money payable in bitcoin.
"All of the pieces of this are the absolute worst in the world, and they have all been combined together and put on us at one time," borough IT Director Eric Wyatt says in a recent YouTube video about the response to the cyberattack.
In the case of Mat-Su, as the borough is known to residents, Wyatt has said the Trojan component likely arrived as early as May 3, more than two months before an attempted anti-virus sweep triggered the ransom demand. According to evidence found during the initial investigation of the attack, Mat-Su was at least the 210th victim of the BitPaymer package since it was first unleashed in June 2017. This week, it possibly found its latest victim in the Professional Golfers Association, employees of which found themselves locked out of their systems on the eve of the prestigious PGA Championship. According to the cybersecurity research website BleepingComputer, the attack on the PGA resembles the one that hit Mat-Su.
There's no apparent timeline for when all of Mat-Su's systems will be back to normal, though Wyatt says in his video update that the borough is receiving assistance from at least 20 other organizations, including tech vendors and the FBI.
But the restoration of property tax payments on Aug. 2 came just in time: homeowners are required to pay half their 2018 tax bills by Aug. 15, and as a borough press release states, "there is traditionally a very long line for making payments in person."