Madison County in Idaho fell victim to a ransomware attack last week, after an employee opened a phishing email asking for money. The IT department spent the week recovering the computer system from the attack, which took place over the three-day Columbus Day weekend.
The entire county network was affected, including payroll systems, sanitation services and the treasurer’s office, making it difficult for officials to conduct business operations. Employees couldn’t send emails and had to use backup data to issue paychecks.
“I was stunned at the magnitude of it. It surprised me at the depth and how deep they went into the system and destroyed the servers,” Madison County Commissioner Brent Mendenhall said in an interview. “People who look for cracks in a server and get past the firewalls can lock up all of your system.”
County Commissioner Brent Mendenhall and Madison County Clerk Kim Muir said they will not pay the ransom and, because the IT department had made backups, they were able to successfully restore the system. Although a few days after the attack was detected the county retrieved a backup of the data from the payroll systems, some technical issues are still expected to arise.
The attack on Madison County is one of many launched against local governments or public entities in North America. Similar attacks took down the San Francisco Metropolitan Transit Authority, crippled city services in Atlanta and shut down the emergency 911 network in Baltimore.