ROCKDALE COUNTY — Rockdale County was hit by a ransomware attack earlier this month, but the county reports the attack did not compromise any personal or financial data.
According to county officials, the city received alerts that unusual activity was present on the Rockdale County network Feb. 6. After a brief investigation, abnormally high CPU usage was observed on several servers and officials decided to power down all other production servers and/or disconnect the servers from the network to minimize the impact of the suspected attack.
Further investigation revealed that the attack was localized to the computers connected to the Rockdalecounty.org domain. Technology Services followed the Department of Homeland Security procedures to respond to the attacks.
As the assessment/mitigation process was underway, the determination of the current state and availability of backups started. After forensics were gathered by state and federal law enforcement, Technology Services physically removed endpoints that were infected and restored/rebuilt servers affected.
TOO MANY ADS? GO AD-FREE
Did You Know?: The ads you see on this site help pay for our website and our work. However, we know some of our readers would rather pay and not see ads. For those users we offer a paid newsletter that contains our articles with no ads.
What You Get: A daily email digest of our articles in full-text with no ads.
The attack was facilitated through the use of email of which four examples were identified. One email had an attachment and three others contained links that introduced a series of scripts.
County officials say there is no evidence that any financial or personal information was compromised. The ransomware version encrypted Microsoft Office related files and redirected Microsoft Windows startup processes.
Cylance Protect software has been installed on Rockdale County computers since 2018 and targeted changes to the software have been made to increase the security related to the identified malware behavior. Additionally, Cylance Optics has been added to every device to increase the visibility into individual system vulnerabilities/activity.
Other cybersecurity tools have also been identified to enhance the response to questionable technology activity. No malware activity was detected within 96 hours after the attack.