Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Alaskan borough dusts off the typewriters after ransomware crims pwn entire network

Pen and paper brought back into service

A ransomware infection has cast the Alaskan borough of Matanuska-Susitna (Mat-Su) back to the dark ages.

The malware was activated in mid-July, infecting 60 of the borough's Windows 7 PCs. As the IT department tried to clean the infection and reset passwords using a script, the malware started "attacking back", spreading to almost all of the 500 workstations and 120 of 150 servers.

Networked telephones and email went down, door-card entry was disrupted, and citizens could no longer make payments or access some services.

"We immediately started to isolate servers, took workstations off the network, isolated servers, and called the FBI," Mat-Su IT director Eric Wyatt said in a radio interview.

Handwritten note on keyboard saying sorry with sad face

Please forgive me, I can't stop robbing you: SamSam ransomware earns handlers $5.9m

READ MORE

Without computers to do the work, staff went back to basics. "They re-enlisted typewriters from closets and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings," said Mat-Su public affairs director Patty Sullivan.

An official release described the attack as having been spearheaded by the BitPaymer ransomware, but it seems an external attacker was also able to log into the borough's network and embed other nasties such as the Emotet banking trojan.

The attackers gained Active Directory admin access, compromising the controller to reconfigure its security settings.

It seemed likely that data was compromised and "sent outside the network", said Wyatt in a stark assessment.

And the motive? Despite the involvement of BitPaymer, Wyatt didn't believe it was purely financial.

"In 35 years in the business, this is the worst I've seen. It's meant to disrupt our way of life."

Borough assembly member Ted Leonard went further, describing events as more like terrorism than computer crime.

A Ransom Note

New Zealand school on naughty step after ransomware failure

READ MORE

Mat-Su isn't alone. According to Wyatt, the borough's victim case number was 210, which meant that 209 others had suffered the same fate, including Valdez in Alaska.

The attack is notable not only for the way it dismantled an entire organisation's computer infrastructure, but the remarkable honesty of the victims. Mat-Su even admitted its disaster recovery servers became infected.

The borough is now reimaging its systems using backups, some of them up to a year old. However, a lot of data such as email has been lost.

"Encrypted data will be stored for months or years in the hopes that the FBI will recover the decryption keys," Wyatt said.

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like