A county government in North Carolina has suffered a ransomware infection for the third time in the past six years.
According to a statement published on its website, the Orange County government observed on 18 March that a virus had infected its network. It responded by shutting down all servers, which rendered public computers at the the Orange County Main Library, reservations for Orange County facilities and classes/programs for DEAPR and Department of Aging unavailable. The forced shutdown also disrupted local officials’ ability to to issue marriage licenses, process real estate closings and pet adoptions as well as verify tax bills.
Following its discovery, the Orange County government instructed its IT team to identify the source of the virus as well as evaluate every computer and server connected to the network for signs of infection. These efforts led the County to restore public Wi-Fi and some GIS functions along with county email on 19 March, though employees at that time could still not access their email as they couldn’t turn on their computers.
Officials confirmed a day later that IT personnel had succeeded in restoring at least partial functionality to the Register of Deeds, health and dental clinics, animal services and the Person County Sheriff’s Department. They also revealed that its response team had disinfected 20 of the 120 computers infected by the ransomware. This update reveals how there’s still work to be done.
“According to Orange County IT Director Jim Northrup, the county has not detected any evidence that data has been lost or stolen,” reads a 20 March update posted on the County’s website. “An investigation into the incident is continuing with the assistance from state and federal cyber security and law enforcement experts. Northrup cautioned that until the cause has been isolated, the threat of re-infection exists.”
This thorough response reflects Orange County’s cumulative experience with ransomware. According to WNCN, this is the third time that the County has suffered a ransomware infection in six years. Todd McGee, a spokesperson for Orange County government, told WNCN that many of the digital threats targeting the County have recently originated from Eastern Europe. He didn’t provide any details about what strain of ransomware infected the County’s network, though he did say that the County intends to recover without paying the extortionists.
This incident highlights how organizations need to keep their computers’ software up-to-date, install an anti-virus solution on all connected workstations and back up their data on a regular basis. Additional ransomware prevention tips can be found here.