Operations are slowly returning to normal after a weekend ransomware attack on servers at the Tallapoosa County Probate Office.
Tallapoosa County probate Judge Talmadge East said no data or personal information was compromised in the Sunday morning attack and servers are allowing new business to be conducted.
“We are up and running as of (Thursday afternoon),” East said. “We are not up completely in recording yet. We can record new data. We can’t access old data yet as terabytes upon terabytes are downloading to the server.”
The ransomware attack froze the servers for automobile tags and recording of deeds but no personal information was removed.
“As best we can tell, it locked our data in place,” East said. “Based on forensic accounting it appears no data was compromised. We do not see data moving from the server over the network. It appears they just locked it.”
East said all personal information used to pay for automobile tags and such is encrypted and appears to be uncompromised. East said the probate office’s software provider noticed the issue Monday morning after transactions from Friday didn’t clear the system as scheduled over the weekend.
“What they did was launch something around 4 a.m. Sunday to encrypt our data,” East said. “When you tried to access the system it asked for a password and another window had a link to a website for how to pay the ransom in bitcoin.”
East said probate office employees never clicked through the link to see how much the ransom was and started the work of wiping the server clean and rebuilding it with data backed up on a cloud server. To get the office back up and running, representatives with Scott Accounting in Alexander City and Assurance, a software company from Carrollton, Georgia, who the probate office works with, came to help.
“A representative with Scott Accounting has been here all week,” East said. “A representative with Assurance has been here two days. He downloaded the backbone onto the rebuilt server and we were up and running with new data (Thursday).”
East said the work with Assurance is covered in the contract between the company and Tallapoosa County.
“We only had to purchase some hard drives,” East said. “We will also have to pay Scott Accounting.”
East said it will take several days for all the historical data to download to the rebuilt server.
East said servers in Montgomery County were attacked a few years ago and recently the City of Florence paid $300,000 in ransom to free its servers. East hopes the plan of using backup data stored in the cloud works.
“We are really lucky we had the cloud backup,” East said. “Paying the ransom is the last resort.”
East speculates the ransomware came in via email.
“Ninety-eight% of the time something like this is done is through email,” East said. “While we were shut down during the pandemic, we did a lot of business through email.”
Tallapoosa County administrator Blake Beck said the ransomware attack seems to be isolated to the probate office.
“It seems to be isolated,” Beck said. “We had a couple machines we are a little concerned about because they are connected to (the server).”
East said more security and backups were in the plans before Sunday’s attack.
“The operating system on some computers was outdated,” East said. “It was Windows 7 and unsupported. We were trying to upgrade those in phases. While we were down we updated everything. Alexander City will be updated Monday while they are closed.”
East said upgrades beyond security include adding three offsite rolling daily and monthly backups in addition to the backup on the cloud.
Beck and East are hoping the county doesn’t have to resort to paying the ransom because of the backup.
“All things considered, we came out unscathed,” Beck said.
East added, “I feel blessed. We seem to have weathered the storm.”