Madison County held hostage by ransomware on Monday

Madison County workers found themselves held hostage following a ransomware attack that started on Monday, Oct. 8. Pictured here are Shay Rindlisbacher, County Clerk Kim Muir, Brenda Stoor, Sue Bagley and Jodi Weimer. Workers expect county computers to be up and running by Friday.

REXBURG — Ransomware held Madison County hostage on Monday and continued through much of Thursday.

The hacker demanded money to restore files and access, but Madison County officials declined to pay. Instead, officials turned to their IT specialists to fix the problem. County workers called in specialists on Monday — Columbus Day — to get the problem fixed.

The hacker blocked county files and prevented any county worker from emailing. It also prevented Madison workers from receiving emails. That proved a huge problem as residents are currently requesting absentee ballots that must be sent out by Friday.

Madison County Commissioner Brent Mendenhall said he learned of the situation on Monday.

“I was stunned at the magnitude of it. It surprised me at the depth and how deep they went into the system and destroyed the servers,” he said. “People who look for cracks in a server and get past the firewalls can lock up all of your system.”

The hacker attacked all county departments from the county’s roads and bridges to county sanitation to the county clerk to the treasurer’s office, Mendenhall said. He was surprised that anyone would attack a small county in the Gem State.

“I just didn’t expect that in eastern Idaho. I thought, ‘We’re small potatoes. We’re not some huge corporation like Google or Microsoft,’” he said.

For whatever reason, the hacker chose Madison County and demanded a ransom before restoring files. A message on the computer screen asked for money to reopen the system.

It wasn’t known how much money the hacker wanted, and the county did not ask for an amount, Mendenhall said.

“We didn’t panic and ask, ‘What do you want?’ We’re not going to negotiate with cyber terrorists. We’re prepared to deal with them. So we did,” he said.

The county did so by calling in IT officials to work on the problem, and they continued throughout Friday. IT workers succeeded in restoring the county’s pay system, which allowed for county workers to be paid, reported Madison County Clerk Kim Muir.

“They got the payroll system back up. Otherwise we’d be cutting paper checks, and we don’t want to do that,” she said.

Muir said that county IT workers previously went to great lengths to protect computer systems from such an attack.

“IT has done a lot to prevent that in the past. Hackers are just getting too smart. It’s the world we live in,” Muir said.

Madison County officials are endlessly thankful that IT workers backed up their files, Mendenhall said.

“We’re just very, very fortunate that we have efficient IT personnel who insisted and are vigilant on backups, or we would have been in trouble,” he said.

Mendenhall asked an IT worker what saved the county from what could have been a huge catastrophe regarding its records.

“He said that we have very, very good backups. So far, we’ve been able to save critical programs,” he said. “If we had not had the backups, we would have been saying, ‘What do we do?’”

Mendenhall said such incidents are bound to happen more and more when businesses and private residents rely on computers for just about everything.

“That’s the day and age we live in of computer security and being aware of the threats that are out there. We are always to be aware and to protect our interests,” he said.

Muir said that she was called into work on Monday because of the situation. She noted how she never paid attention to the number of emails she sent and received on a daily basis until she and everyone else in the county was unable to do so.

“It’s frustrating. I’m sure hundreds of emails are sent out from the county. That’s how you communicate with the outside world. I was worried about people sending in an absentee ballot request,” she said. “We’ve had people calling us, and we’ve let them know they can’t request ballots by email. They’ll have to fax them. There are other ways around it.”

Muir noted that Madison County Courthouse workers had worked throughout the past weekend to get the new Idaho State Supreme Court system up and running.

“We had girls working all weekend to go live on Tuesday morning. They can do most of their stuff on the Supreme Court side, but they need their emails too,” she said.

County worker Brenda Stoor said that the hacking incident proved exasperating for workers.

“I was upset, frustrated and angry that someone would try to do that. It made things rather difficult, but we are working through them,” said Stoor.

Stoor’s fellow county worker, Shay Rindlisbacher, agreed.

“I was just a little frustrated. We have a lot of work to do around here. We were at a standstill,” she said. “When we got back up, it took a while for the computers to be fully functioning.”

Why would somebody target Rexburg, Idaho?

“I guess that’s a good question,” she said.

Meanwhile, Rexburg Mayor Jerry Merrill said that during staff meetings, the city’s IT people discuss hacking and cyber security on a regular basis.

“Sometimes people at city hall complain that our system is locked down too much and that they can’t get to the things they want. You know that’s a delicate balance between access — what they want and (being) secure enough,” he said.

Merrill warned residents about scams.

“I really encourage people to check things out, especially when it sounds too good to be true; it usually is too good to be true,” he said. “People really need to take it upon themselves to be really careful, especially if anyone is asking for money, they need to be extra, extra careful.”

Merrill noted that police have a difficult time tracking down con artists because they could be scamming from anywhere in the world. Merrill reported someone from Nigeria continually contacting him. At one point, the Mayor called the Rexburg Police Chief about the ongoing calls.

“I said, ‘Hey, is there anything that you can do as far as tracking this down?’ And he said, ‘You know, they’re just so widespread and all over the place that it’s almost impossible for us to track anything like that down,’” Merrill said.

Ironically, on Wednesday, Jeremy Johnson of the Better Business Bureau spoke at the Rexburg Chamber of Commerce luncheon about hacking and scams. She said that anybody who has ever had health insurance, a social media account or their own webpage proves a target.

She noted what’s called phishing attacks.

“(They’re) throwing some type of information out trying to lure you in. Someone is sending an email disguised to look like an email from someone (you know). They’re creating a fake website or sending someone a text message with a malicious link,” she said.

In some cases, all it takes is a phone call to get information. Johnson reported how the Twin Falls-based College of Southern Idaho received such a call. A new employee took that call and wound up sending the personal information of an estimated 2,500 workers to a con artist last year.

The scammer told the employee that he had received permission from another CSI official to gather the information. He asked the worker to send him the information.

“They said, ‘So-and-so has already approved this. We need the information from your employees' W-2s,” Johnson said.

Johnson urged everyone to have employees go through the traditional chains of command before ever sending any employee or customer information out.

“You need to have something in place in your training. ‘If you were ever to release this information, this is how it would be. If you get contacted with this type of information, please go through two or three different people. This is the kind of thing that can happen’,” she said.

Johnson noted that the Jerome School District was hit by ransomware recently.

“It’s a huge and horrible mess to clean up,” she said.

Johnson said that on the average, it costs $3.26 million a year to fight record data breaches.

“Credit Unions spend $260,000 and 1,600 hours (a year) just dealing with fraud issues,” she said.

Having a computer system go down is the equivalent of a fire experienced by a public entity prior to the use of computers, the internet and email, Muir said.

“I guess we’re so dependent on email and electronics now. It does wipe you out and put you down for a few days. We can’t function,” she said.

County IT workers will have to deal with residual computer issues in the ensuing weeks, but in the meantime, computers are back online, Muir said.

“We hope to be up and running tomorrow (Friday),” she said.

Stoor said county workers are doing everything they can to help Madison County residents.

“We are trying our best to fill the needs for the county,” she said. “Please be patient with us.”