OSSIPEE — In the wake of a serious cyberattack on neighboring Strafford County, Carroll County’s IT contractor assured commissioners that Carroll County’s data has been secured but the threats to the county’s security are ongoing.
Strafford County Sheriff David Dubois confirmed Wednesday that the cyberattack happened on June 28, and involved a ransomware attack that affected the nursing home, jail sheriff’s office, county attorney’s office, registry of deeds and commissioners office. He heard from the county’s IT director that over 90 percent of the computer systems are up and running again. No ransom was ever paid. The U.S. Secret Service is helping with an investigation.
Fosters.com’s Brian Early reported that the virus was encrypting Strafford County files and this forced the county’s IT experts to shut down that county’s computer system. Carroll County is north of and adjacent to Strafford County.
On Tuesday, during a U.S. Senate Homeland Security hearing, Sen. Maggie Hassan (D-N.H.) cited Strafford County government’s response to the cyberattack as an example of the importance of implementing resiliency plans across all levels of government.
In questioning, Census Bureau Director Dr. Steven Dillingham said: “Just a few weeks ago, the Strafford County government experienced a cyberattack that took their systems offline. However, the Strafford County government had prepared for a cyberattack scenario ahead of time, and were able to implement a continuity of operations plan — in this case by reverting to pen and paper — allowing the government to continue its essential functions. While this New Hampshire county-level government operates on a different scale — to be sure — than the 2020 Census, this event highlights an important lesson on resiliency at all levels of government.”
Hassan told the Sun Thursday: “Protecting against cyber threats is one of my top priorities as a member of the Senate Homeland Security committee. The briefing by Strafford County officials about their recent cyberattack is critical to understanding emerging threats, and I was pleased to discuss with them ways that we can ensure that both the public and private sector have the resources that they need to handle these increasingly common types of attacks.”
On Wednesday, Carroll County Commissioners Chair Amanda Bevard (R-Wolfeboro) asked Carroll County’s IT contractor Jon Rich, president of Belmont-based Cybertron Inc., to talk about the status of Carroll County’s cybersecurity.
Each of New Hampshire’s 10 counties performs a wide range of functions including having a jail, nursing home, sheriff’s office, prosecutor’s office and a registry of deeds.
Rich said that the county has a firewall that prevents hackers from getting into Carroll County’s systems. He said any attempts to get past it are logged.
“We have had outside people trying to get into our system and the firewall has always performed its duty and prevented them from getting in,” said Rich.
Later in the meeting, Rich said “it’s always scary” to read about issues that happened in Strafford County. He said six or seven years ago, there was an attack on Carroll County that was relatively minor.
Bevard asked if these attempted intrusions are reported to authorities, and Rich replied that such attacks are so common that it would not be practical unless the attack was successful.
“There are millions of computers around the world; we call them bots, robot computers and that’s all they do,” said Rich. “They scour the internet trying to identify a system that has vulnerabilities and then that bot computer will report it to some human where ever, in the third world who will then try to take that further.”
Rich said that there are numerous severs in the county and that data is backed up every night and stored in “the cloud.” This information is stored inside the U.S. and “not overseas at all.”
“I know in the case of another county, they caught what is known as a crypto-virus,” said Rich adding the virus would search the infected network for documents, spreadsheets and pictures and encrypt them. “Then they charge you a ransom note for a decryption key in order to get them back.”
He said that virus has been around for a long time and the “best defense” is a back up every night.
If an attack got through, Rich would identify the computer where it started, take it off the network, clean up infected files on the servers and then he would restore from the previous night’s backup.
Systems that “back up on the fly” are prohibitively expensive, he said.
Bevard asked about a proposed change in the software system at the business office.
Rich said the change is to make it cloud-based software rather than locally based. He said the advantage of a cloud-based system is the county wouldn’t have to maintain its servers, which is expensive. The drawback is the county would be relying on the cloud-based company to do the back ups and have a strong backup.
Any system that is critical to have on site, like at the nursing home, would always have local back ups in the event the cloud goes down. The jail has nothing in the cloud, he said.
Emails are scanned for viruses and spam and filters those out. He said some virus-laden emails can be made to appear legitimate and a user might click on it to investigate and get infected.
He said most of the time the antivirus will stop the user from getting infected but there is a “window of opportunity” between the time a new virus is released and when the antivirus system has a chance to update.
“That is the world in which I live,” said Rich. “Between the antivirus, the spam filter and all that, we have not had that (a virus outbreak) here.”
U.S. Sen. Jeanne Shaheen (D-N.H.) offered this comment: “I applaud the quick action of Strafford County employees, which helped mitigate the impact of this cyberattack, and I appreciate the assistance being provided by the Secret Service as they proceed with their investigation. I’ll continue to monitor the situation closely and offer any assistance as the investigation moves forward. Safeguarding our information technology infrastructure and cybernetworks at every level of government remains a top national security priority, and I will continue to work on a bipartisan basis to push forward effective proposals to address this growing threat.”