Jessica Cejnar Andrews / Friday, May 17 @ 2:57 p.m.

A Year After Devastating Cyber Attack, Curry County Operations Director Promises 'After Action' Report On Its Recovery


A year after a ransomware attack obliterated Curry County’s network, officials say the system that’s taken its place has already withstood attempted breaches.

In response to a comment Gold Beach resident Lynn Coker made Thursday, Director of County Operations Ted Fitzgerald said he is willing to put together an “after action” report on Curry County’s recovery, but it will continue to change. Meanwhile, there are “new emerging threats” to the IT landscape, he said.

“We are scheduling some testing of that with an outside agency down the road so we can stress test our system,” Fitzgerald said. “It’s a quickly changing environment as far as the IT landscape goes, that we have to work through. We have a lot of demands on it. We’re working with law enforcement, working with GIS, working with a variety of different outside agencies and we have to go through our firewall to communicate with those people. It’s a really dynamic operation going on there all the time.”

On April 26, 2023, Curry County officials found the server network “generally inaccessible” due to a Royal ransomware Group attack.

Ransomware is malicious software that prevents users from accessing computer files, systems or networks and demands a ransom for their return, according to the FBI.

According to the Cybersecurity Infrastructure Security Agency, or CISA, Royal ransomware had targeted more than 350 known victims worldwide and have demanded ransoms of more than $275 million since September 2022.

In Curry County, Fitzgerald said, “we were completely blacked out.”

“Our communications were nonfunctional,” he said Thursday. “It’s hard to communicate to the public how much of a giant catastrophe and ongoing emergency that was happening at the county from April 26 through about August. It was all hands on deck and more.”

According to Fitzgerald, when the attack occurred Curry County didn’t have redundant data storage — something it has since remedied. The attack forced the county to replace a “vast amount” of hardware that was past its useful life.

Earlier in Thursday’s meeting, the Board of Commissioners approved the transfer of $500,000 in American Rescue Plan Act dollars to the records division in the county clerk’s office. Those dollars will pay for a contract between the county and Dallas-based Kofile to restore digital files lost in last year’s cyber attack.
Commissioners approved the budget transfer as part of Thursday’s consent agenda.

During public comment, Coker said he reviewed more than three years of documents and video related to Board of Commissioners meeting and said that leaders were warned of a cyberattack as early as January 2021.

Coker called for a “full public disclosure” of the report surrounding the cyber attack that outlines the steps leadership took between 2021 and the 2023 attack in response to that warning. According to him, the Board of Commissioners did not report action taken to engage with staff on restricting access and provide for “enhanced backup” to the network.

“The current BOC is encouraged from my heart to hold a public forum to review the incident report you’re going to create or have created already,” Coker said, “itemizing the county investments that we’ve made since April 2023 which are intended to help us survive the many attacks that are coming our way.”

Calling the ransomware attack “the cyber Cascadia event of Oregon — it was that devastating,” Commissioner Brad Alcorn said he and Fitzgerald had been discussing a contract with Coos-Curry Electric regarding cyber security when the attack happened. Alcorn said the county had also unsuccessfully applied for a cyber security grant twice.

“When the attack occurred on April 26, we implemented our emergency management protocols,” he said. “We immediately reached out to the state and our federal, local and state law enforcement partners were involved. We actually had a total of 70 people respond to that cyber attack, 56 of whom were from outside the county. And we received mutual aid from other counties as well.”

In addition to CISA representatives, the agencies who responded to the cyber attack in Curry County included the Oregon departments of Forestry and Transportation, the Oregon Health Authority, Klamath, Lane and Coos counties and the Information Technology Disaster Resource Center.

Microsoft also lent a hand, bringing people in to Curry County from all over the world, Alcorn told the Outpost on May 18, 2023, about a month after the attack.

Since the attack, Curry County hired an IT director, Phil Dixon, who is constantly checking and testing the system as well as communicating with the county’s emergency management staff, Alcorn said Thursday.

“Worse case scenario [if] we get attacked again, we’re in a completely different situation than we were before,” he said.


SHARE →

© 2024 Lost Coast Communications Contact: news@lostcoastoutpost.com.