Four days after a ransomware attack hit DuPage County computers, officials have offered little information about the incident — including whether there was any breach of data — but offered assurances that the government continues to function.
“Thanks to extensive planning and preparedness efforts, we have been able to ensure the continuity of operations for the residents of DuPage County,” Chief Judge Bonnie Wheaton, Circuit Court Clerk Candice Adams and Sheriff Jim Mendrick said in a joint statement Wednesday in response to questions over where the situation stands.
Asked whether any sensitive information was compromised by the attack, county spokesman Evan Shields declined comment, citing an active investigation.
Initially described as a “cyber incident,” the event was first detected about 2:30 a.m. Monday, according to county officials. By Monday afternoon, the county confirmed it had been the target of a ransomware attack that impacted the sheriff’s office, circuit clerk’s office and courthouse. The attack forced systems across the three offices offline while tech personnel worked to “determine the full extent” of the strike, officials said.
The county contacted the FBI and U.S. Secret Service about the incident.
Through the course of the event, courtrooms have remained open and judicial matters continue to proceed, officials said in their joint statement Wednesday.
The county’s Office of Homeland Security and Emergency Management provided back-up telephone and internet service to the sheriff’s office early Monday morning. IT staff have also been “working around the clock to assist these offices as needed,” officials said.
According to the FBI website, “ransomware is a type of malicious software — or malware — that prevents you from accessing your computer files, systems or networks and demands you pay a ransom for their return.”
It can be unknowingly downloaded onto a computer when someone opens an email attachment, clicks an ad, follows a link or visits a website that’s been embedded with malware, the site said.
“Once the code is loaded on a computer, it will lock access to the computer itself or data and files stored there. More menacing versions can encrypt files and folders on local drives, attached drives and even networked computers,” the FBI site said.
“You always think it’s not going to happen to me,” said an IT director from another Illinois county that experienced a ransomware attack five years ago.
The attack infected the county’s servers with malware, locking files while attackers asked for $400,000 in exchange for their release, according to the director, who asked to not be named for security reasons.
“It was literally like a bomb went off across the county,” he said. “I mean, just PC by PC, (the attack) locked up everything.”
The days that followed were composed of little sleep as the county worked to restore systems, he said. That process started with getting email back up, followed by public safety systems, including the coroner’s office, emergency management, the sheriff’s office and the state’s attorney’s office, the director said.
In all, it took about two months for services to be restored in full, he said.
Ultimately, the county did not pay attackers and there was no exfiltration of data, he said. The director recalled being told by the FBI — which helped the county respond to the attack — that, “We don’t negotiate, we don’t pay.”
