Business Continuity Management / Disaster Recovery, Critical Infrastructure Security, Cybercrime
Bernalillo County officials work with security vendors to restore systems
Devon Warren-Kachelein â¢
January 6, 2022
Stay tuned for updates on this developing story.
See also: Preparing CISOs for Emerging Messaging Threats in 2022 and Beyond: With GartnerÂ® Analyst and Fox
Government buildings in Bernalillo County, New Mexico, were closed after the county’s computer systems reportedly suffered a ransomware attack on Wednesday. County officials say all affected systems have been taken offline and servers have been isolated as a result of the attack.
While technical details around the incident remain scarce, officials believe systems were disrupted between midnight and 5:30 a.m. Wednesday, according to a statement from Bernalillo County.
County staff are working remotely during systems restore, officials said. Critical services, including emergency response units, continue to operate, they say.
The county says it is working with third-party vendors to restore its systems to full functioning as soon as possible. Currently, staff do not have access to public databases, which complicates the process of assisting residents.
Bernalillo County is the largest county in New Mexico, with nearly 700,000 residents in surrounding cities, including Albuquerque.
In response to a request from Information Security Media Group on Thursday, a county spokesperson declined to provide further details or updates on the investigation.
Details of the attack
Authorities and security teams involved in the investigation have yet to publicly describe the malware strain or attribute the crime to any particular ransomware gang. With operations still down, it is still unclear when the Bernalillo County network will be fully restored.
County officials say law enforcement still responds to 911 calls, and the sheriff’s office and fire and rescue units are responding to calls with limited resources.
As a result of the attack, the county metropolitan detention center, while still being able to process inmates, canceled the visits. Its planning and development department, also affected, is currently accepting permit applications through a public drop box.
County spokesman Tom Thorpe told local media outlet KOB-4, a subsidiary of Hubbard Broadcasting Co., that to his knowledge no ransom demand had been received. It is not known whether the county has cyber insurance or whether it offers specific training for staff on phishing or other cybersecurity issues.
In a statement to local media outlet KOAT Action News 7, the Albuquerque Division of the FBI said it was aware of the incident and although it could not confirm or deny that an investigation was underway, it was “customary” to offer assistance on matters relating to such crimes.
Ransomware as a service, or RaaS, continues to be a growing threat in the public sector, with ransomware gangs focusing their efforts on vulnerable networks connected to schools, small municipalities and county governments around the world (see : The Ransomware Files, Episode I: The School District).
Bernalillo County is far from the only US county to fall victim to a crypto lockdown attack.
In September, for example, Pottawatomie County, Kansas was the victim of a ransomware attack that left its computer networks dark for two weeks. The officials reportedly paid a ransom – and had cyber insurance.
Ransomware operators are known to dissolve and then reappear, and by the end of the year, four variants – LockBit, Conti, BlackMatter, and Hive – accounted for over 50% of current ransomware attacks. New operators also continue to emerge.
Garret Grajek, CEO of security firm YouAttest, says “no company, county or organization” remains off limits to hackers, who will continue to automatically scan for vulnerabilities known to enter a network.
In the face of growing threats surrounding ransomware, the Biden administration, the US Cybersecurity and Infrastructure Security Agency, and other federal agencies have focused on tackling ransomware, particularly incidents targeting 16 critical infrastructure sectors ( see : Senators seek clarification on DHS and DOT cybersecurity efforts).