An Alaskan borough has had to dust off its typewriters following a major ransomware attack.
The BBC reports that after the attack encrypted Matanuska-Susitna’s email server, internal systems and disaster recovery servers, staff used typewriters. A spokeswoman for the borough told the BBC that workers had “resourcefully” dusted off the typewriters and were writing receipts by hand.
In a report released Monday, the Borough’s IT director Eric Wyatt said that a Trojan, a form of malware, was detected on July 17. The attack subsequently escalated, with the virus launching Crypto Locker ransomware.
The ransomware began encrypting files on workstations and servers. Nearly all of the Borough’s 500 work stations, encompassing both Windows 10 and Windows 7, and 120 of its 150 servers, were infected.
In a ransomware attack, hackers typically encrypt a computer network’s data to hold it “hostage,” providing a digital decryption key to unlock it for a price. However, Wyatt said that the cyberattack against Matanuska-Susitna does not bear the characteristics of a classic ransomware attack.
“This encryption is portrayed as a ransomware attack, however its real purpose may be to cover the tracks of the other components,” he wrote.
In a statement released Monday, the Borough said that most of its data had survived the attack.
“Despite the sophisticated level of attack, the Borough backup servers that store this local government’s documents were structured in a way that protected most of the data. Credit cards are not stored here online and were never at risk,” it wrote.
On July 24, the Borough first disconnected servers from each other, then disconnected the Borough itself from the Internet, phones and email. “Since then, infrastructure is steadily being rebuilt, computers cleaned and returned, and email, phones, and Internet connection becoming restored,” it explained.
Nonetheless, Wyatt described the attack as and very-well organized. “It’s not a kid in his mom’s basement,” he said in the statement. “Because we are getting the information out and sharing it with other entities, hopefully they can weather the storm.”
Wyatt said that the city of Valdez, Alaska, and other locations in the U.S. have been hit with a virus that seems similar to the one that attacked Matanuska-Susitna.
At a meeting on Tuesday evening, Matanuska-Susitna Borough Manager John Moosey declared the cyberattack a disaster. Moosey told the audience that the declaration gives the Borough access to insurance, the emergency part of its budget and possible FEMA assistance.
Earlier this year the City of Atlanta was targeted in a ransomware attack that mpacted a number of its systems. A virulent form of ransomware known as SamSam was used against the City.
Last year, a major ransomware attack forced the shutdown of a host of IT systems at Mecklenburg County, North Carolina.
Also in 2017, a hacker targeted Sacramento Regional Transit, deleting 30 million files in a ransomware attack. Officials worked to restore the data from backup files.
In 2016, a Los Angeles hospital paid a ransom of nearly $17,000 in bitcoins to hackers who infiltrated and disabled its computer network.
Cybersecurity specialist Sophos released research Tuesday that sheds new light on the scale of the ransomware threat. SamSam, it reported, has generated almost $6 million in ransom revenue since it emerged 32 months ago.
Sophos Principal Research Scientist Chester Wisniewski told Fox News that SamSam has targeted a wide range of organizations. “This just isn’t against healthcare and government, we have seen attacks against just about anything,” he said. “It’s likely opportunistic – if you’re really locked down they move onto the next organization, but if they find a door that’s ajar, they are more than happy to take you for a ransom.”
“It’s more premeditated [than the traditional forms of ransomware],” Wisniewski, added. “They are doing their research to know when your business is open and closed – when they break in they are incapacitating your backups.”
The Associated Press contributed to this report.
Follow James Rogers on Twitter @jamesjrogers