Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

County Rejects Ransom Demand. Hackers Expose Sensitive Data

An October cyberattack on Chatham County’s computer network tried to extort $2.4 million, but the North Carolina county refused to pay. An investigation found the hackers posted personal data for sale on the “dark Web.”

(TNS) — An investigation into October's cyber attack on Chatham County, N.C.,'s computer network has uncovered personal information posted for sale on the "dark web."

The network was hit Oct. 28 with a DoppelPaymer ransomware that originated in a phishing email with a malicious attachment, County Manager Dan LaMontagne said. It encrypted much of the county's network infrastructure and associated business systems, the county said in a news release. Staff was able to isolate the affected systems.

The hacker sent a ransom note demanding 50 bitcoins, or about $2.4 million at the current exchange rate, county spokeswoman Kara Dudley said in an email Tuesday. The county refused to pay the ransom, she said.

Staff members now are working with the N.C. Department of Health and Human Services and the N.C. Attorney General's Office to identify files affected by the breach and to notify people whose personally identifiable information or health information may be at risk, LaMontagne told the county commissioners Monday. A call center will be set up to help them, he said.

"As we know recently on Feb. 8, I discovered that the cyber actors responsible for the theft of information from our servers posted the information on the dark web, and this investigation remains ongoing," LaMontagne said. "This includes efforts to identify and notify every individual whose personal information may have been impacted."

The cyberattack shut down most county functions and temporarily cut off public access to services. Data also was stolen from "a limited number of county systems," but the county hasn't determined what data specifically was taken, LaMontagne said.

Personal Data on Dark Web

The Chatham News & Record reported last week finding sensitive files, including county employee personnel records, eviction notices and Chatham County Sheriff's Office investigation documents, posted to the internet, including to the dark web, which is not tracked by conventional search engines and can be dangerous or used for criminal activities.

The newspaper was able to access the websites containing the digital files using information provided by an anonymous source, the report said. County officials confirmed that the sensitive data had been released by the ransomware group DoppelPaymer, it said.

There were two releases, it said. On Nov. 4, "mostly innocuous" files were uploaded, LaMontagne told the newspaper. In January, a second upload included more sensitive data. The newspaper was able to take screenshots of a counter on the site showing the files had been viewed over 30,000 times.

Sheriff Mike Roberson said in Monday's news release that his employees were among those affected.

"Once the Sheriff's Office received a tip off regarding the data breach, we acted quickly to notify all victims — mostly our own employees — whose sensitive information was copied from Sheriff's Office files," Roberson said.

Staff had to wipe and re-image the county's servers and over 550 staff computers, LaMontagne said. Staff computers, internet, office phones and voicemail are almost recovered, and they are adding security measures and reinforcing employee training, he said. Staff have taken the opportunity to examine better ways to handle data, he said.

"The threat from outside individuals in this type of attack is constant, and Chatham County aims to take all reasonable actions to secure our data and infrastructure," LaMontagne said.

County officials said anyone who thinks they may have been affected should monitor their accounts for suspicious activity and consider putting a fraud alert or security freeze on their credit report.

Ransomware, Phishing Attacks

The federal government reports that ransomware and other malware attacks have become more prevalent against governments, schools, hospitals and other organizations.

The nonprofit Identity Theft Resource Center reported in 2020 seeing a shift from attacks targeting consumer information to attacks on businesses using stolen logins and passwords. The center reported 1,108 breaches in 2020, compared with 1,362 breaches in 2019.

Over 300 million people were affected by publicly reported data breaches, it said. Phishing attacks were the cause in 44 percent of the 878 cyberattacks last year, followed by ransomware, it said.

Ransomware encrypts data on a computer system, effectively holding it hostage until a ransom is paid. If no one pays the ransom, the data is at risk of being released to the public. FBI officials noted that at least $144.35 million had been paid using the cryptocurrency Bitcoin in response to ransomware between 2013 and 2019.

That includes some U.S. cities and counties, according to an FBI fact sheet.

Durham, Orange County Malware Attacks

Durham city and county governments were hit in March 2020 with a malware attack that targeted information technology and operating systems, including the public safety phone network. The local 911 network was not affected, but the attack halted real estate transactions at the Register of Deeds office for a few days and created lingering problems at the Department of Social Services.

The Ryuk malware, which is known to attack local government entities, gained access through an email attachment and spread through computer networks. It affected at least 2,000 computers and workstations and 180 servers across the city and county government networks.

Orange County government also suffered a cyberattack in March 2019 — its third or fourth ransomware attack in six years, according to Jim Northrup, county information technology director. The attack infected more than 120 computers and briefly interrupted services.

(c)2021 The Herald-Sun (Durham, N.C.) Distributed by Tribune Content Agency, LLC.

Special Projects
Sponsored Stories
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.
Service delivery and the individual experience within health and human services (HHS) is often very siloed and fragmented.
In this episode, Marianne Steger explains why health care for Pre-Medicare retirees and active employees just got easier.
Government organizations around the world are experiencing the consequences of plagiarism firsthand. A simple mistake can lead to loss of reputation, loss of trust and even lawsuits. It’s important to avoid plagiarism at all costs, and government organizations are held to a particularly high standard. Fortunately, technological solutions such as iThenticate allow government organizations to avoid instances of text plagiarism in an efficient manner.
Creating meaningful citizen experiences in a post-COVID world requires embracing digital initiatives like secure and ethical data sharing, artificial intelligence and more.
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?
As more state and local jurisdictions have placed a priority on creating sustainable and resilient communities, many have set strong targets to reduce the energy use and greenhouse gases (GHGs) associated with commercial and residential buildings.