Staff dust off their typewriters after malware attack

Sophisticated malware has taken down systems in at least two Alaskan municipalities in an attack that officials say is the worst they have ever seen. The Alaskan Borough of Matanuska-Susitna (Mat Su) and the City of Valdez have both been hit.

At Mat Su, everything from email to the electronic door key swiping system was affected. The Borough first noticed infections in its endpoints on 17 July when an update to its antivirus software spotted a common Trojan banking program on Windows 7 machines (but not its Windows 10 computers).

The software didn’t notice a range of other malware that the Trojan was infecting endpoints with. It was only a few days later that the Borough noticed issues with 60 of its 500 computers, information technology director Eric Wyatt told local radio reporters.

On 23 July, the IT department wrote a script to clean machines and reset all passwords. The malware reacted aggressively, locking up files on nearly all of its workstations and 120 of its 150 servers. That led the Borough to isolate all machines, disconnect its network from the internet and call the FBI.

The attack took down the Borough’s email and disrupted multiple systems including the property querying application, library system, landfill weights and fees application, and its animal shelter’s computers. Many public services were payable only by cash or cheque and the infection forced public employees to break out old typewriters from closets and to write receipts across some of its 73-building infrastructure. Wyatt said:

We have widespread disruption of offices, so that means a lot of things that citizens do with the borough is back to manual methods.

The Borough announced that computer systems were down on 24 July, and then explained that it was under attack on 25 July. Since then, it has been working with multiple organizations to fix its infrastructure.

Mat Su reported on Monday 30 July that most of its data was safe, thanks to a multi-tiered backup system. Credit card data was not stored on its systems and was therefore not at risk. It had to create an alternative email system with the same domain, as its existing Exchange system is completely unrecoverable.

The city of Valdez posted a press release on Facebook on July 27 adding that it had been hit by the same malware as Mat Su. It confirmed that all city computers and servers had been shut down and city email was unavailable. It was taking payment for services at City Hall and was asking customers to bring copies of their billing statements. The contact given for Valdez city representative Sheri Pierce was a Gmail address.

Over 200 organizations have been hit with the malware, according to evidence gathered by the Borough from its own systems. Wyatt added:

I have heard of numerous attacks in the state and throughout the nation. My information says that it’s very widespread in the state and in the United States, and it’s the same type of attack. It’s a multi-pronged attack.

Wyatt, who has spent 35 years dealing with cyberattacks in roles including military positions, said that the malware had been lurking on its network since as early as 3 May.

In radio interviews, Wyatt added:

I will tell you is that this isn’t some kid in his mother’s basement. This is very sophisticated and well-funded.  It would come from somewhere I believe outside the US. When we call it ransomware, that’s not its purpose. I believe its purpose was to disrupt our way of life.

Governments have been hit by malware that encrypts files before. In March, Atlanta suffered an attack that cost it $2.6m, and ransomware took down Baltimore’s 911 system in the same month.

Mission critical services should be up and running internally by end of this week. Wyatt concluded that it will be at least three weeks to get back to “something that looks like normal.”