County & Local

Local governments forced offline after ransomware targets web host

A REvil attack on web-hosting provider Managed.com resulted in a handful of state and local governments' websites going dark.

By Benjamin Freed

November 20, 2020

(Getty Images)

Several state and local government agencies around the United States have had their web presences taken out following a ransomware attack against a web hosting provider the agencies share.

The provider, Managed.com, was targeted with the REvil malware in an incident that appears to have started Monday. The company has said it took down the entirety of its web hosting services, according to ZDNet, which was first to report the incident. Those services include managed website hosting, email and file-transfer servers and remote access points.

But in Managed.com deactivating its hosting infrastructure, several of its clients’ websites have gone dark in the process. Among the affected customers are the governments of Brown County, Indiana; Columbus County, North Carolina; and Jackson County, Oregon. Additionally, the Arizona Judicial Branch said Thursday that its main website, azcourts.gov, was also affected.

Some of the affected governments have established backup websites. Jackson County created a page at an alternate address where its residents can still access property tax payments, vital records, local election results and virtual meetings of the county board of commissioners. A Tuesday tweet from the county stated that while its main website was inoperable because of the Managed.com attack, “internal county systems and data are not affected.”

Managed.com has said that only a handful of its clients’ websites were affected by the ransomware, but that it does not have an estimate of when its services might be restored.

“Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity,” read a statement on its website. “Our first priority is the safety and security of your data. We are working directly with law enforcement agencies to identify the entities involved in this attack. As more information is available, we will communicate directly with you.”

The REvil malware appears to be targeting only Managed.com, and not any of the governments affected by the company’s deactivation of its hosting services.

Still, attacks on web hosts can easily disrupt their customers. In April, the web-hosting giant Cognizant was attacked with the Maze ransomware, with several of its clients, including major pharmaceutical and hospitality companies, experiencing service disruptions as a result.