CONYERS — A link inside what Rockdale County officials say appeared to be a legitimate email led to a cyber attack on Feb. 6 that prompted Technology Services to shut down nine servers.
While public safety computers remain up and active, Rockdale Water Resource billing computers and court service computers remain down until they can be verified to be virus free.
At a called news conference Monday morning, Al Yelverton, director of Technology Services for Rockdale County, explained what occurred.
“Rockdale County experienced some unusual network traffic Thursday afternoon,” he said. “During our investigation we found that there were multiple attempts to enter the network. Further investigation points to a ransomware incident.
“The normal way for a virus to be delivered is by an email link,” Yelverton continued. “When you click a link and it responds to a server, it alerts that server to start sending more emails for more opportunities to download viruses.
“What we’ve seen in the emails — they were legitimate email addresses for the county. It was the link inside that was bad.”
Before the virus itself could shut down the county computers, Yelverton said they made the decision to shut the systems down themselves.
“We took the precaution — trying to get ahead of this and make sure it did not spread — that we have affected some services in every department, because we turned off the critical servers,” he said. “We are bringing those back on once we have a clean bill of health and we’ll be back to full services. Right now we have phone and email services working, and there are various and sundry departmental services working.
“We turned off the services for Rockdale Water Resources because those services involve money. We did not want that to be compromised. We turned off the courts and justice system, because you don’t want any of the court records to be compromised. The jail is still fully operational.
“We have kept 911 operational so that every first responder has the information that they need to respond. We’ve got full police, fire and ambulance services available.”
Yelverton said there is no evidence that personal information of county residents have been compromised.
“We have engaged with our federal and state partners (GBI, Homeland Security, etc.) to mitigate the issue. We have, at this point, no indication that any citizen or financial information has been compromised. We continue to do the remediation; we’re trying to make sure that we do it correctly so it doesn’t reoccur because we missed something.”
Yelverton added that normally such an attack comes from someone wanting a big payday in return for killing the virus.
“There is a very big reason for them doing this — money,” he said. “They want Bitcoins, they want to have an untraceable source of income; and there are some people out there who just do it to be disruptive. As it stands now, we can’t categorize this ransomware attack as something someone did to be mean versus someone trying to make a financial gain.
“At this junction there has been no request for payment, and we’re looking more to follow the federal and state guidelines to try to remediate without payment,” he added. “As it stands now, from everybody that we’ve talked to, there is less than a 50% chance if we were to pay, that we’d actually get a satisfactory result.”
Jorge Diez, director of Public Relations, noted that while this is the first ransomware attack since Yelverton took over in November 2017, the county did suffer a ransomware attack in May 2017.
“The difference is in 2017 they did ask for a ransom, and we were able to decrypt it with our cyber security contractors before we even got to that point,” Diez said. “So we were able to break the code to prevent that situation. That’s what we’re in the midst of right now. Our computers are locked, but they are locked from our defense standpoint.”
Diez added that the main effect to county residents will be with their water bills.
“The biggest issue to the day-to-day public has been the inability to pay their water bill,” Diez said. “We will provide a grace period to our water customers who are unable to pay their water bills because of this. We’re hoping to wrap this up by Wednesday or Thursday of this week. But right now the grace period is indefinite. We will have a much more concrete deadline once we resolve this issue. We have just over 28,000 water customers.”
Board of Commission Chair Oz Nesbitt Sr. said the county is not taking the ransomware attack lightly and that they are increasing efforts to make sure it does not happen again in the future by educating county employees of what to watch out for when they receive emails.
“We’re going to step up our efforts in training and make sure that we have every Rockdale County employee know how to be on alert and know how to move forward,” he said. “Our goal is to be proactive and not be reactive when these situations happen.”
Nesbitt noted that whether or not the county receives a ransom note from the attackers, it is costing the county money every day the systems are down. But, he added, it is his responsibility to ensure the safety of county residents, regardless of the cost.
“As chairman of the county, it is my day-to-day duty and responsibility to make sure that the public safety of our citizens is always our top priority,” Nesbitt said. “In doing so, we have to make sure of the delivery of services and that we protect our systems, citizens’ information, information of our employees, and critical information that we have to provide to vendors that we have partnerships with... I’m going to make the decisions that need to be made in order to keep Rockdale County up and running and safe.”