Advertisement

Alaska suburb recovering from ransomware declares disaster as it continues rebuilding systems

The Matanuska-Susitna Borough, outside Anchorage, was hit by the same complex virus cybersecurity researchers believe attacked the PGA.

Nearly three weeks after many of its systems were knocked out by a complex ransomware virus , Alaska’s Matanuska-Susitna Borough has restored most of its phone system, part of its geospatial information system and the online portal on which residents can pay their looming property-tax bills. But the borough, home to about 106,000 people outside Anchorage, still has many services to restore, prompting its elected officials last week to approve a disaster declaration in the cyberattack’s wake.

The declaration could make the borough eligible for assistance from the Federal Emergency Management Agency. Meanwhile, local government systems are slowly blinking back online. In its most recent updates, the borough says it’s restored departments’ phone servers and that full email service is expected within a week.

But other systems are still being rebuilt after the borough’s encounter with the ransomware known as BitPaymer, which locked down systems ranging from main file servers to the card-swipe mechanisms that control doors in government buildings. BitPaymer is a complex cocktail of malware that enters a targeted system through a Trojan horse, then lies dormant until it’s noticed and authorized users attempt to remove it, at which point it locks up the system with a demand for a sum of money payable in bitcoin.

“All of the pieces of this are the absolute worst in the world, and they have all been combined together and put on us at one time,” borough IT Director Eric Wyatt says in a recent YouTube video about the response to the cyberattack.

Advertisement

In the case of Mat-Su, as the borough is known to residents, Wyatt has said the Trojan component likely arrived as early as May 3, more than two months before an attempted anti-virus sweep triggered the ransom demand. According to evidence found during the initial investigation of the attack, Mat-Su was at least the 210th victim of the BitPaymer package since it was first unleashed in June 2017. This week, it possibly found its latest victim in the Professional Golfers Association, employees of which found themselves locked out of their systems on the eve of the prestigious PGA Championship. According to the cybersecurity research website BleepingComputer , the attack on the PGA resembles the one that hit Mat-Su.

There’s no apparent timeline for when all of Mat-Su’s systems will be back to normal, though Wyatt says in his video update that the borough is receiving assistance from at least 20 other organizations, including tech vendors and the FBI.

But the restoration of property tax payments on Aug. 2 came just in time: homeowners are required to pay half their 2018 tax bills by Aug. 15, and as a borough press release states , “there is traditionally a very long line for making payments in person.”

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts