Matanuska-Susitna (Mat-Su), a borough in the Anchorage Metropolitan Statistical Area, declared a disaster on Tuesday citing the severity and magnitude of a cyber attack.
“Without computers and files, Borough employees acted resourcefully. They re-enlisted typewriters from closets, and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings,” Patty Sullivan, Public Affairs Director at Mat-Su said.
The attack has not just crippled computers in the area but telephones, servers, and e-mail-exchanges as well. "The cyber-attack has caused major disruption in Borough services and loss of productivity, which may continue for a prolonged time," Assembly Member Ted Leonard said at a Mat-Su Assembly meeting Tuesday.
Mat-Su Manager John Moosey informed the assembly that the declaration was in order to access to the insurance, the emergency part of the budget and possible FEMA (the US emergency management agency) assistance.
Mat-Su Borough IT Director Eric Wyatt explained that it was a multi-pronged, multi-vectored attack. Among the tools which have been used to cripple the machinery include “Trojan Horse (Emotet), Worm, Crypto Locker (Ransomware (BitPaymer)), Time Bomb, Dead Man’s Switch, External hacker logged in to our network, maybe more.”
“This is an Advanced Persistent Threat. This is also a ‘Zero-day’ attack. Meaning, the anti-virus software does not yet have the virus definitions in their software to catch and remove this threat,” Wyatt said.
According to Federal Bureau of Investigation which is assisting the IT department, the Trojan Horse received through emails makes a doorway to the network for the hacker. Once gaining access to the network directory, it emails the links to viruses to the government looking addresses. The ‘From’ address is most likely from someone you know and trust leading to unchecked spread.
Once inside, the virus/hackers work to gain Active Directory administrator access. They then ‘own’ the Domain controller, drop all internal security settings, logging, and auditing, which is then spread to all servers and workstations through normal Active Directory mechanisms. They then can easily crack all passwords and spread to all machines.
The spread was such that pool, libraries, animal care, landfill, collections, as well as a number of web services such as e-commerce are crippled.
Other parts in the US has also been affected by similar attacks. A town in Alaska, Valdez is also recovering from an attack.
News Source: Money ControlLast modified on Friday, 03 August 2018