Malware strikes NID: Initial forensic expense is $50k
A third local government agency has been hacked within the span of four months.
The Nevada Irrigation Department marked the third government entity in the region whose privacy was breached by an unknown party this year. In July, Grass Valley paid a ransom to an entity with access to sensitive information about victims of violent crime in the area. That same month, the town of Truckee endured a cyberattack that set its permitting process back by six weeks.
According to NID Assistant General Manager Greg Jones, malware was detected in the district’s information system last week.
Jones said the information and technology department went to work to stop the virus right away.
“After some forensics, we determined it moved pretty quick throughout the system,“ Jones said. ”Our internal IT staff took a while to track down exactly what it is, how it got where it came from and what it might have infected — what the salacious software was.“
Jones said once his team determined the gravitas of the situation, they employed outside help to assess the situation and resolve the crisis.
“We have a forensics team to help analyze the situation and then we recognized we needed to dive deep to get into the system. We stopped it and now we need to clean it,” Jones said, adding that although the intruding software was largely stopped by the weekend, the mop up is ongoing.
The initial cost for the assessment was $50,000, Jones said, but the district will pay more for the mop up.
“We’re in the middle of cleaning our our servers and replacing what we need to replace,” Jones said, adding that although individual updates are pending for some of the district’s 200-plus staff, the district is largely up and running.
Jones said the decision to cancel the district’s Wednesday meeting was based on the scarce support resources available amid the malware crisis and the demands on the department during Zoom meetings.
Jones said his team, combined with hired consultants, were able to stop the spread of the malware before any important information was tampered with.
“We were able to catch it in time,“ Jones said of the malware. ”It could have been a ransomware — someone wanted to take particular customer data information and ransom a price to get it back. That’s happening a lot at local governments throughout the nation. We just happened to have our systems compromised.“
In addition to Grass Valley and Truckee, Sierra College was struck in May by a ransomware attack.
Jones said the complex system that makes up the malware came through an email server.
“It was definitely sophisticated,” Jones said. “It wasn’t targeted specifically to an NID project or process.”
Jones said his team receives notice of thousands of malware hits a day, which a spiderweb-like system protects them from.
“It’s difficult to understand the implication, what could have happened or as to why,” Jones said. “These robots go out into the world every day.”
Jones said the district will notify the local authorities, which may result in a “greater review.”
“Typically a police log will trigger a response to the FBI,“ Jones said.
Jones said although his team addressed the problem in a timely manner, the rebuilding process has required supplemental support to identify what exactly was compromised and how to rebuild the system.
None of the district’s four hydroelectric facilities were affected in any way. Fortunately, Jones said, the district does not host too much customer data — including credit card information for payment, so all that was lost was information that can generally be found through a Google search, like phone numbers and addresses.
Jones said the incident helped identify some weakness in the structure that the district is currently addressing.
“We’re fixing those now,” Jones said. “It brings us into a cloud-based process.”
The district anticipates its next meeting, to address the Plan for Water process, to take place in two weeks.
Rebecca O’Neil is a staff writer with The Union. She can be reached at email@example.com
Support Local Journalism
Support Local Journalism
Readers around Grass Valley and Nevada County make The Union’s work possible. Your financial contribution supports our efforts to deliver quality, locally relevant journalism.
Now more than ever, your support is critical to help us keep our community informed about the evolving coronavirus pandemic and the impact it is having locally. Every contribution, however large or small, will make a difference.
Your donation will help us continue to cover COVID-19 and our other vital local news.
Start a dialogue, stay on topic and be civil.
If you don't follow the rules, your comment may be deleted.
User Legend: Moderator Trusted User