Ad Spot

Resident information safe despite Commission cyber issue

By JOYANNA LOVE/ Managing Editor

Chilton County Commissioners have received a preliminary report on the ransomware intrusion of the Commission department’s network.

Chairman Joseph Parnell said the complete report from the expert hired to investigate the situation has been given to county attorney Roger Bates.

Based on what the Commission has received of the report, Parnell said none of the county’s files were downloaded during the incident.

“We have been presented with enough (information) to safely say that no files were extracted from our system, and we are nearly 100% confident of that, including the fact that none of our employees or any of the public’s personal information got out,” Parnell said. “That was primarily due to the speed in which Angela Fulmer (tag office chief clerk) and our IT department (Neauvicom) recognized the problem and got the system offline.”

Fulmer was the first employee in the office that day and noticed her computer “wasn’t acting right,” Parnell said.

The IT company employee she called “immediately knew what was wrong and got the system offline.”

County departments are back up and running in varying degrees, without the Commission paying the $800,000 or $1.6 million ransom. The tag office is fully operational. Title searches can now be accessed at the Probate Office, but it will be another day or two before they are available online.

“It has been a great deal of pain for the community, especially people selling their homes and realtor brokers who work primarily on commission,” Parnell said. “I feel awful about that. The Commission has worked extremely hard, diligently to get this thing taken care of. We have pushed our IT department and our software provider.”

He said there were days he was calling people three times a day to get updates to report back to the Commission.

The ransomware virus infected all of the nearly 70 computers across multiple departments on the county’s network. The virus encrypted the computer files, meaning employees could not open them. A popup on each computer gave an email address to contact to pay the ransom to be able to access files.

The Commission contacted their attorney and cyber insurance companies. These companies brought in cyber experts from Birmingham and New York to investigate the issue.

An initial recommendation was to pay the $800,000 ransom.

“That’s tough,” Parnell said. “We would have had to essentially borrow that money.”

The cyber insurance policy does not cover paying ransoms.

However, Parnell said this amount was only good for 24 hours. Since the Commission could not meet that quickly to vote because of laws requiring seven days’ notice, the ransom went up to $1.6 million.

Parnell asked their team if there was a guarantee that paying the ransom would give the county departments access to their files again. The cyber teams said there were no guarantees.

“We decided not to engage them because we had opportunities to get most of our data back,” Parnell said.

Some images of documents for the Probate Office had to be recovered with the help of local attorneys, but most of these have been recovered. Parnell said the department has all of the transaction information, so if a specific document is needed in the future that was not recovered, the attorneys that were involved can be contacted.

Parnell said getting the recovered document images back into the system was taking longer than had been anticipated.

Some financial documents from previous years were not recoverable from backup. Parnell said state auditors have already received all of the information that they needed from the county for those years.

Several computers did have to be replaced after the intrusion.

“We were on a three-year lease, and our lease paid out this month, so we were already planning on replacing that equipment,” Parnell said. “That equipment had to be purchased anyway.”

This accounts for about 67 of the approximately 70 computers that were infected with the virus.

Although it is nearly impossible to stop every attack that might come against a computer system, the Commission has put additional cyber security measuring, including monitoring and firewalls, in place. Training will also be implemented to better educate employees on recognizing possible threats trying to come through their email.

Three duplicate backups for data have been implemented.

“I still feel very good about where we are in this situation, having not paid the $1.6 million of tax payer money,” Parnell said.

Parnell praised Neauvicom, the IT group the Commission contracts with, for their work getting departments operational.

“Wayne and Brock and their group, they have worked nights and weekends, just countless hours to try to help us recover the system. I feel really good about how hard they worked to help us get our feet back under us,” Parnell said.

What the recovery and further preventive measures have cost the county is still being calculated, but it will be significantly less than either of the ransoms would have been. This is especially true since most of the computers were set to be replaced in the next fiscal year.

The cost is expected to be discussed at a future Chilton County Commission meeting.