Georgetown County
Ransomware attack’s cost will be felt in budget
The cost of a ransomware attack on Georgetown County’s computer network in January is likely to reach $200,000. Although the county was insured and had a $10,000 deductible, the county will have to replace parts of its network to provide increased security, officials say.
“New security features are going to overwhelm this older equipment,” Walt Ackerman, the director of Administrative Services, told County Council this week. “We have some equipment that has failed.”
It will cost about $250,000 to replace that equipment, he said. New security measures will cost $150,000, and that will be an annual expense.
The county learned from the firm that monitors its network security that ransomware had infected its system on Jan. 23. The county shut down the network, losing access to data and email services, while a firm hired by the insurance company assessed the damage. It did not pay ransom.
The amount of the ransom demand has not been revealed. The intrusion is under investigation by the State Law Enforcement Division. The attack was the result of an employee opening an infected email attachment.
“It has become painfully obvious since the attack that we are now a prime target, as we had more breach attempts since the attack,” Ackerman said last week in a memo.
The security upgrades recommended by the recovery team will be required by the insurance company, he said.
“These include improved web security, multi-factor authentication, advanced endpoint detection and isolation anti-virus systems and wireless intrusion security,” Ackerman said. “There are many facets to each of these, but the key is layered security.”
County Council approved $140,000 to upgrade its computer network and to reinstate the position of director of Management Information Systems through June 30, the end of the fiscal year. The MIS department has gone from 10 employees a decade ago to five.
Most of the county’s 50 servers are back in operation and email services have shifted to the Microsoft 365 cloud.
While the county had security systems in place, Ackerman said, “the hackers are much better than what we had.”