Editor’s note: This story was originally published by the Belleville News-Democrat, a news partner of St. Louis Public Radio.
Influenced by a recent ransomware attack on St. Clair County, Madison County’s board voted to bolster its network in an effort to protect itself from a similar situation.
The board voted unanimously in favor of approving two contracts totaling $163,436 to improve network security at the county. One $112,689 contract with Carahsoft Technology Corp of Reston, Virginia, will provide a service that will monitor the county’s network called Arctic Wolf.
County Board member and Information Technology Committee member Jamie Goggin told the board the service will monitor the county’s network to “keep the bad guys out.” The contract and the attack on St. Clair County were discussed extensively during a meeting of the committee Monday.
“St. Clair County was recently hit by a ransomware attack and there have been a number of attacks in the region,” said County Information Technology Director Chris Bethel during the meeting, noting that Alton, Collinsville and Clinton County had recently been targeted. “It’s definitely a real threat to us.”
In late May, a ransomware group calling itself Grief claimed it targeted St. Clair County along with several other organizations demanding payment in cryptocurrencies such as Bitcoin and Monero, according to several publications specializing in cybersecurity.
In screenshots of the group’s website, obtained by the Belleville News-Democrat, thegroup claims it has 2.5 gigabytes of data including internal company documents, personal and customer information.
The county’s website was offline for several days and several services were unavailable for weeks.
Additional network security
It’s hoped that the Arctic Wolf security software will protect Madison County from any types of cybersecurity attacks.
“Its prevention and detection,” Bethel said during the information technology committee meeting. “Arctic Wolf is essentially a 24/7 security operation center. We’re a very small staff. We do our very best to look for these things but we’re a small staff and can’t work 24 hours a day seven days a week.”
Bethel said the software keeps a track of the county’s network logs, looking for unusual activity and helps react to cyberattacks. He said that’s a plus because if the county is attacked they won’t have to urgently search for help.
“This would help us detect a breach must faster and even prevent one in general,” he added.
The second contract with Insight Public Sector, Inc. of Herndon, Virginia, for $50,747, will provide the county with “two-factor authentication,” a security measure that helps prevent cyberattacks.
Both expenses are two of the first to be covered by federal Coronavirus Aid, Relief and Economic Security, or CARES Act, funds given to the county. County Chairman Kurt Prenzler said the county currently has $25 million in CARES act funds and expects to receive a total of $51 million in total.
Ransomware attacks
In ransomware attacks, a small amount of data is lifted from an organization’s networks and “ransomed” back to the organization. For larger amounts and sensitive data, hacker groups may encrypt the data within the network of a company or local government, only to decrypt it when payment is received.
While making payment restores access to the data, it doesn’t mean that data won’t also be sold on the dark web. It isn’t clear how much the group is demanding the county pay for the data.
St. Clair County hasn’t commented on if indeed it was attacked with ransomware or if it has paid anything, but did acknowledge a cyberattack took place in a press release earlier this month.
Kavahn Mansouri is a reporter with the Belleville News-Democrat, a news partner of St. Louis Public Radio.
