Henry commissioner says no ransom demanded in `malware’ attack

Public safety was one of the few departments unaffected by the cyber “incident” that has brought Henry County government to a halt over the past few days. Henry Commissioner Bruce Holmes said Thursday that the county has not received a ransom demand. JOHN SPINK/JSPINK@AJC.COM

Public safety was one of the few departments unaffected by the cyber “incident” that has brought Henry County government to a halt over the past few days. Henry Commissioner Bruce Holmes said Thursday that the county has not received a ransom demand. JOHN SPINK/JSPINK@AJC.COM

Henry officials struggled through a second day of an apparent cyber attack on Thursday that dismantled county services and forced staff to pull out typewriters and switch to paper forms, after the south metro county government was left without email or Internet access.

While county officials have not yet said the cause of what they are describing as a “malware” attack, Henry Commissioner Bruce Holmes said there has been no ransom demand.

Atlanta was hit by a ransomware attack in March 2018, by criminals who demanded $51,000 in exchange for encryption keys to recover the city’s compromised data.

“I don’t know why they chose Henry County, but I’m interested in finding out why we appealed to them,” Holmes said.

While public safety divisions such as police and E-911 were operational in Henry on Thursday, almost everything else was not.

Property tax collections, building permit issuances and business licence requests could not be processed. Seniors who depend on pre-arranged rides from the county’s on-demand transit system had to call to make appointments because of the county’s inability to access schedules.

Those seeking files from Superior Court were out of luck unless they had case numbers that could be matched with paper copies.

“That’s tough because a lot of people come from out of town and they don’t necessarily have this information,” Superior Court Clerk Barbara Harrison said.

And just when county services will be restored is anybody’s guess.

“We just don’t know,” Henry spokeswoman Melissa Robinson said at close of business Thursday afternoon. “This could go into next week.”

Henry, the second-fastest growing county in metro Atlanta, announced on Wednesday it had been hit by a possible cyber "incident" and decided to take the county's servers offline as a precaution.

The FBI and the Georgia Technology Authority have been called in to help with the investigation.

“We’ve never had a problem like this before,” Robinson said, adding that the county did have email go down for two days a few years ago. “Hopefully it will be a blip and we’ll get through this.”

The attack on Atlanta targeted the city’s Watershed Department and municipal court. The city did not pay the ransom but spent millions — at least $17 million according to a report last August — to repair the damage.

Two Iranian men were indicted by the U.S. Department of Justice in October for the Atlanta attack, and others.

Cyber security expert David Barton, a managing director at UHY Advisors, said government agencies have increasingly come under attack because municipalities don't take the threat as seriously as they should. Outside of training technology teams, few see the necessity in taking the time to educate every employee on how to safeguard information.

The easiest way for cyber criminals to access a server is by enticing an employee to click on an email link with something desirable, like a free $100 gift card, he said.

“You need to practice with your people what they should and shouldn’t do or they are going to click on something they shouldn’t along the way,” he said. “It’s not a technology problem, it’s a people problem.”

Superior Court Clerk Harrison said traffic in her office was much lighter on Thursday because word about the technology outage had spread.

“Today, even the phones have been kind of dead,” she said.