Fulton County Manager Dick Anderson gave county commissioners a brief public update Wednesday on the cyberattack, now nearly two weeks old, that took down many county systems.
Anderson did not reveal the cyberattack’s nature and the update included few new details. Several outside cybersecurity experts have told The Atlanta Journal-Constitution that the hack looks like a ransomware attack.
While all county offices are open, often using work-arounds, recovery is still “in the early stages,” Anderson said.
“We do not have an estimated timeframe (for) when our systems will be back online,” he said.
County employees, especially IT staff, have worked round the clock to bring back operations, Anderson said. They’re prioritizing safety needs and public services.
The attack took down many county computer systems, particularly affecting the courts, tax offices, and internal county financial systems, he said. The county’s phone system, which runs through the internet, was also knocked out; but 450 phone lines have been restored.
Later this week the county will process its employee payroll on time, Anderson said.
Due to strenuous efforts by the court system and law enforcement, legal hearings continued and thus the county jail population has not increased, Anderson said.
Fulton County is not the only government to be the target of a recent cyberattack. Last weekend a denial-of-service attack knocked Pennsylvania’s state court system offline. But that doesn’t mean there’s a connection, according to Cliff Steinhauer, director of Information Security and Engagement at the National Cybersecurity Alliance.
Local governments, particularly their court systems, are frequent targets for attack, he said: they hold sensitive data and provide vital public services, while smaller governments often lack the latest in cybersecurity. That makes them prime candidates for ransom attacks, Steinhauer said.
“I think it’s a matter of knowing your targets,” he said.
Governments need to train their employees thoroughly on cybersecurity, keep systems with sensitive information as isolated as possible from other systems, and don’t connect anything to the internet that doesn’t have to be, Steinhauer said.
The number-one motivation for cyberattacks is financial, he said. Some might have political motivation, but that’s hard to prove even if someone claims responsibility, Steinhauer said.
It’s not surprising that more details on the Fulton attack haven’t yet been released, he said. Governments’ priority is typically to restore services first. Often all investigative details are never made fully public, and that inquiry can take weeks or months, Steinhauer said.
“It can vary quite widely, I would say,” he said.