LOUISVILLE, Ky. (WDRB) -- Cyber hackers claim they stole files from the Jefferson County Clerk's Office in a ransomware attack last month that sent every Louisville branch offline for five days, and the clerk's office said Wednesday those files "may contain" sensitive information.
The Russian hackersinstalled malicious software known as ransomware, locking files and demanding money, according to Jefferson County Clerk's Office Executive Director David Summerfield. He said this happened Monday, July 22.
Summerfield testified Wednesday in Frankfort in front of the six-member Investments in Information Technology Improvement and Modernization Projects Oversight Board thatthe hackers — operating as the group Ransom Hub — got into the network through a VPN.
"As part of this attack, the hackers took specific steps to prevent us from recovering our data by deleting backups and disabling security tools," he said. "They scanned the network for files that may contain valuable or sensitive information. The hackers then encrypted the files on the shared drives and on the servers that host virtual machines. The hackers also encrypted the files on the computers that ran the virtual machines, making them unusable."
A ransom note was then left on each encrypted device, but Summerfield said the hackers weren't able to access the cloud-based software where most of the clerk's office's sensitive information is held.
"Hackers were not able to access any of the cloud-based services that host our most critical applications such as motor vehicle titling and registration, voter registration, land records recording and indexing, marriage licenses, budgeting and accounting, Human Resources applications, credit card processing and poll worker recruitment or training," Summerfield said. "These systems were not affected because they don't exist inside the clerk's network."
However, the Russian hackers claim they did obtain something. On Aug. 12, the clerk's office was informed that the hackers posted a message on a dark web blog claiming they obtained files from the clerk's office and a list of those files. Ashley Tinius, a spokesperson for the clerk's office, said the leaked files "primarily consisted" of Microsoft Word files and Excel spreadsheets but that some of it may have included more serious files.
"Some of those may contain personnel files, social security numbers, and other sensitive information," Tinius said in a written statement Wednesday. "We are reviewing the leaked files to determine who we need to contact. We will send a letter to anyone we identify, similar to other agencies that have been victims of these malicious actors. Federal law for private companies gives a full 60 days to notify, which is not very timely. Our internal policy allows 35 days to identify and contact individuals about the security breach."
Summerfield said the clerk's office is working to verify or debunk the claims from the cyber criminals but said it's "assuming those claims are true" out of an abundance of caution.
Most viewed stories on WDRB
25-year-old man identified as victim of fatal 5-vehicle crash on I-64 in eastern Jefferson County
Kentucky school district in hot water over social media post about school choice amendment
Lane closures scheduled on Interstate 64/265 interchange in east Jefferson County
He said the clerk's office didn't negotiation or considering making any form of ransom payment.
"As a result, we do not know what the hacker's ransom demand is," Summerfield said.
But there's still been a price to pay for the clerk's office. Summerfield said it has cost close to $100,000 for protection remediation efforts. He expects that to price-tag to rise.
To recover from the ransomware attack, Jefferson County Clerk Bobbie Holsclaw said it wasn't as simple as rebooting the system. Crews had to go through more than 300 computers separately to get things back up and running. Because of that, each branch had to come back online at separate times. It wasn't until July 27 that all branches were back open.
During the closures, Holsclaw encouraged people to get help from neighboring clerk's offices — like Bullitt, Oldham or Shelby counties — in the case marriage licenses or vehicle registration renewals. But any mortgage or deed business had to wait, because the legal department in Jefferson County has to handle those items.
Sitting next to Summerfield in Frankfort on Wednesday was Frank Friday, the government affairs director for the clerk's office. Friday told lawmakers the ransomware attack didn't affect election security in any way.
Related Stories:
- Jefferson County clerk says at least 1 branch could reopen Friday after Russian ransomware attack
- Expert offers tips for Jefferson County residents worried about their information after ransomware attack
- Jefferson County clerk waits for 'dark cloud' to lift as ransomware attack follows backlogs, long lines
- All Jefferson County motor vehicle branches to remain closed after ransomware attack
Copyright 2024 WDRB Media. All Rights Reserved.