CROWN POINT — Lake County government continues to cope without emails two weeks after cyber pirates boarded their electronic communications platform in a ransomware attack.
Lake County Police Chief William Paterson said that it is becoming a safety hazard for his officers, who rely on intelligence from outside law enforcement agencies.
“A lot of information is received by email from different police departments and from federal agencies pertaining to investigations,” he said Wednesday.
“We are looking at more than 12 days being down, and we are being told there are no plans to bring it up for another week. It’s forcing us to look for another alternative so we are a little more insulated."
Mark Pearman, director of the county's information technology office, said county employees have had to unplug the county government center's more than 3,000 desktop computers as part of a virus removal and recovery effort.
He said that work will continue for several more days and emails may not be available again until next week.
Beyond officer safety, Paterson said communication restrictions are making the daily operations of the department’s more than 300 employees “an administrative nightmare."
“We use email to notify our personnel about policy changes, employment opportunities and overtime opportunities while officers need to request time off,” he said.
'We are not paying a ransom'
No email since Aug. 22 has meant inconvenience for the county’s thousands of employees and private vendors, but it could have been worse, Lake County Commissioner Mike Repay said.
“We are not paying a ransom. We know what they have, and what they have is not of great value,” Repay said.
In the meantime, thousands of county employees and vendors have to work around the shutdown by doing things the old-fashioned way.
Larry Blanchard, an assistant to the Lake County commissioners summed it up: “It’s back to phones, faxes and the shoe leather express.”
Pearman and county elected officials assured the public the virus didn’t infect the millions of business records, and individual data of county voters, taxpayers, property owners and others weren’t stolen or compromised.
Pearman said once communications are restored, there will be a thorough investigation of how the breach took place and what other measures the county should take to protect its information systems.
He said some Lake Superior Court employees first became away of the breach Aug. 22.
“It was a ransomware attack,” Pearman said.
Ransomware is malicious software that infiltrates a government or private business computer system and attempts to encrypt or lock valuable data stored within, making it unusable unless a ransom is paid to the attacker, according to the FBI website.
The FBI said such attacks are on the rise and often originate overseas. LaPorte County officials were forced to pay about $132,000 to “bad actors” to recover data locked up in about 7% of that county’s computer server network by a particular virus — RYUK.
The FBI advises victims of ransomware attacks not to pay the attackers' demands.
“Even after conferring with the FBI’s cybersecurity unit to determine if their decryption codes would work, they determined after several tries their 'keys' would not unlock our data,” Vidya Kora, president of the LaPorte County commissioners, told The Times.
First sign of trouble
Pearman said Lake County was lucky. “It only affected the email servers. It did not get into any of the databases. We are in the process of working with Microsoft to restore email servers," he said.
He said a notice to contact the cyber attacker was the first sign of trouble.
“We saw the encryption notice on a PC in the Small Claims Court clerk’s office. They called us right away,” he said.
There is no indication anyone in that office caused the breach, he added.
“We immediately went into the data center and disconnected all of the servers so it would have no chance to get any further,” Pearman said.
He said his staff and county government employees in all the other departments have been conducting infection control — manually loading software on all 3,000 desktop and laptop personal computers, as well as dozens of county government computer servers.
“That has been a huge effort,” he said, adding it will continue the rest of this week.
Lake Circuit Court Judge Marissa McDermott said her staff has been unable to use the email system to track pending cases to ensure the backlog doesn’t become too long.
She said they are using a backup court calendar system provided by the state under its Odyssey court data system.
Lee Ann Angerman, the deputy elections chief, said the breach didn’t affect voter registration records, which are kept on a statewide database unaffected by the ransomware attack. She said it didn’t affect the county’s electronic voting machines, either.
She said election staff have used the telephone or walked over to fellow employees to share information instead of by emails.
Lake County Assessor Jerome Prince said his office’s database of property tax assessment wasn’t touched by the attack.
Lake County Auditor John Petalas said it hasn’t affected the county’s ability to bill and track payment of taxes by more than 240,000 merchants.
“Most of that data was public record," Petalas said. “Anything that contains a driver’s license or Social Security number is safe.”
But the office has had to warn the thousands of businesses that sell products and services to county government.
“If they sent us a contract via email, we didn’t get it,” he said.
Patterson the ransomware hasn’t affected police radio communications or compromised confidential information police keep on crime witnesses or suspects.