July 24. [Updated] By Dave Yochum. Concerned citizen Joe Vagnone, a Cornelius business owner broker, was worried enough about malware and ransom-ware that he sent the town a cyber-security checklist late last year.
Here it is:
Pay or not pay a ransom?
Who are our IT experts currently.
Where is the Bit coin coming from if you choose to pay?
What value do you place on the data?
Cost to recreate data if you don’t pay?
Do you have regular testing & training?
Passwords, yearly review of who has access to data?
Inventory of hardware soft wear?
Are you reviewing all 3rd party vendors connected to town data?
Does the town have insurance for ransom threat?
Do we have a plan to inform town’s citizens & or Mayor, commissioners at the time of incident?
Response
There wasn’t much of a response from the town, says Vagnone, who lives on Norman Shores Drive.
“I cannot remember the response because it was less than a sentence dismissing my concern—to say, we got this covered, don’t worry about it,” Vagnone said.
Going on two weeks ago, the town “stabilized” a cyber threat that delayed or suspended some services provided by the town. At first, town officials said the threat was caused by ransomware; later they said it was malware, and no ransom was ever disclosed.
Importantly, 9-1-1 calls were not affected even though the town operates its own 9-1-1 center.
Now, 12 days later, the main number into Town Hall is still affected by the malware. The “Boxcast” of the Town Board meeting last week did not take place.
The town today said “town services may be delayed or unavailable,” but none were specified.
What’s next
Mayor Woody Washam said staff hopes to get the phone system fully operational this week, as well as other parts of the town’s information systems.
“Last week there was great progress to services that may appear small, but were very important,” Washam said. Messages to staff are taken by the front desk with pen and paper and carried to the right person in the two-story government center.
Town officials plan a press release later this week after a “consultant’s preliminary confirmation that will provide more detail to the public,” Washam said.
“Bringing the system back up in phases continues and we are hopeful that we could be completely functional in one to two weeks,” he added.
Town Manager Andrew Grant could not be reached for comment.
[UPDATE] Grant responded:
The Town of Cornelius has invested heavily in IT infrastructure in years past to deter and prevent threats of this nature. This investment was in the interest of safeguarding data and preventing interruption to operations. This attack was particularly sophisticated and was able to bypass security measures and safeguards that the Town has put into place. Sophisticated viruses, such as this one, are often updated by their creators in order to avoid detection. Our TechOps staff contained the virus quickly and did not allow it to cause significant damage to our systems. Staff is working to ensure that this type of virus cannot infiltrate our systems in the future.
Last week, a private cybersecurity forensic firm was brought in to confirm analysis on the attack that is being provided by the NC Joint Cybersecurity Task Force. More information will become available in coming days.