ROCKDALE COUNTY — Rockdale County was hit by a ransomware attack earlier this month, but the county reports the attack did not compromise any personal or financial data.
According to county officials, the city received alerts that unusual activity was present on the Rockdale County network Feb. 6. After a brief investigation, abnormally high CPU usage was observed on several servers and officials decided to power down all other production servers and/or disconnect the servers from the network to minimize the impact of the suspected attack.
Further investigation revealed that the attack was localized to the computers connected to the Rockdalecounty.org domain. Technology Services followed the Department of Homeland Security procedures to respond to the attacks.
As the assessment/mitigation process was underway, the determination of the current state and availability of backups started. After forensics were gathered by state and federal law enforcement, Technology Services physically removed endpoints that were infected and restored/rebuilt servers affected.
The attack was facilitated through the use of email of which four examples were identified. One email had an attachment and three others contained links that introduced a series of scripts.
County officials say there is no evidence that any financial or personal information was compromised. The ransomware version encrypted Microsoft Office related files and redirected Microsoft Windows startup processes.
Cylance Protect software has been installed on Rockdale County computers since 2018 and targeted changes to the software have been made to increase the security related to the identified malware behavior. Additionally, Cylance Optics has been added to every device to increase the visibility into individual system vulnerabilities/activity.
Other cybersecurity tools have also been identified to enhance the response to questionable technology activity. No malware activity was detected within 96 hours after the attack.