Here's what it looks like when ransomware attacks victimize rural communities:
therecord.media/when-ransomwar…
therecord.media/when-ransomwar…
I got into my hometown for a visit just as the County next door was the victim of a ransomware attack that paralyzed its systems and left some services offline for weeks—so I covered it on the ground, seeing how the local government and the community responded.
Westmoreland, Kansas is the seat of Pottawatomie County and home to around 750 of its 25,000 residents. It's an Oregon trail town, but in recent weeks it was the site of another modern migration—this one of data, stolen from the County’s computers by cybercriminals .
How the county and community reacted highlights the complicated economic, financial, and social factors at play when local government systems are compromised—including just how much information is at stake and how such attacks should be disclosed to the communities they serve.
Pottawatomie County discovered the attack on September 17 and it ultimately paid the attackers off—but not the full amount. The attackers originally demanded $1 million, but settled for $71,250 after what the county calls “a successful negotiation."
It’s hard to say just how many counties have been held hostage by ransomware, in part because disclosure may not be required unless the breach affects certain protected kinds of information such as health data.
But MS-ISAC, an intelligence sharing group for state, local, tribal, and territorial governments with more than 2,500 members, said it detected 255 “ransomware incidents” across entities using their monitoring services from January through July of this year
Counties with smaller populations, in particular, can be key lifelines to residents that may be protecting everything from health records to industrial systems that control utilities like water—often while facing similar risks to their urban counterparts, but with fewer resources
National Association of Counties Chief Information Officer Rita Reynolds toe me defense often comes down to having those resources. “It’s whether or not they are equipped—if they have the right tools and people to protect the perimeter,” she said.
But even with defenses, ransomware attacks now seem like an inevitability to some.
“It’s not a matter of if, it’s when,” said William Johnson, the County Administrator of Butler—another rural Kansas county which was the victim of a ransomware attack in 2017.
“It’s not a matter of if, it’s when,” said William Johnson, the County Administrator of Butler—another rural Kansas county which was the victim of a ransomware attack in 2017.
Cybersecurity insurance with coverage for digital ransoms is key for counties trying to protect themselves, but also sets up incentives that seem at odds with the FBI's guidance not to pay off attackers because it funds further cybercrime.
A month after the attack was discovered, Pottawatomie says its systems are recovered, but the full scope of the information compromised in the attack, the full recovery costs, and many other details are still unclear.
County officials appeared suspicious of me during reporting—which was understandable given the circumstances—but the lack of transparency led many I spoke to complain that the government was trying to keep things "hush, hush" or "sweep it under the rug"
The silence of some victimized counties can also make it harder for the sector to get the resources they need to protect themselves, experts told me.
cc @Longreads???
• • •
Missing some Tweet in this thread? You can try to
force a refresh
