Months before a damaging ransom attack on Wyandotte County databases, the city-county government had approved a new position of cyber security analyst – but it was never filled due to a hiring freeze, a confidential source told The Heartlander Monday.
“They have not recruited for it, and they have not hired for it,” the source said.
The Heartlander also has learned that, despite not saying anything about it to the public as of Monday, Unified Government of Wyandotte County/Kansas City, Kansas elected commissioners, mayor and top staff were notified as early as Sunday, April 17 that the hack was a ransom attack.
The key cyber security position had been authorized and made a priority by commissioners last fall, and $90,712 had been budgeted for it.
The Heartlander’s source said there’s no way of knowing whether the new cyber security position might have been able to prevent the ransom attack April 16. “But when you have a position that’s fully funded and has the support of the commission, it certainly wouldn’t have hurt, right?” the source said on condition of anonymity.
Two other confidential sources revealed to The Heartlander Saturday that the hack of UG databases was actually a ransom attack in which the hackers have demanded undisclosed amounts of money. The third source on Monday confirmed independent knowledge that it was a ransom attack, and confirmed another source’s claim that it’s common knowledge among UG employees.
As of Monday morning, UG officials still had not disclosed to the public that it was a ransom attack – even though UG commissioners and top staff were told more than a week ago.
Indeed, The Heartlander was able to reach one UG commissioner on Saturday, a week after the hack, and he professed no knowledge of it being a ransom attack – despite having received notification of it on the 17th.
Sources say the leading theory early last week was that Russian operatives may have been behind it, as a digital trail allegedly led to the Russia-Ukraine war zone.
The third source also confirmed another source’s account that the hackers were still active inside the UG data system during the week last week.
The Heartlander could not reach a UG spokesperson over the weekend to respond. On Monday, a spokesperson wrote in an email that “we do not have any additional information that can be shared other than the released information that is posted on our website. As I receive additional information that can be shared, I will be sure to reach out to you.”
The third source took issue with UG pronouncements last week that, as one official said, “we are fully operational.”
“They had to process a payroll file that was incorrect,” the source said. “They just basically reprocessed the previous payroll file so that people could have money, because they couldn’t process it adequately. So now they’re gonna have to go back and make adjustments.
“I have a real problem with our mayor making a public statement that our service level is not adversely affected as a result of the cyber attack when there are some departments and divisions that aren’t even operational at this point.
“I think the public should be concerned, and I think the public has a right to know what’s happening. Obviously, I understand that there are certain aspects of local government and, you know, particularly with the cyber attack, that they have to remain cautious about (releasing), because you don’t want to incite panic. But at the same time, I think this is the public’s information, right?
“I mean, this is important information. Employees don’t know if their personal information was stolen, like their bank information used to process payroll. Residents don’t know if any of our data was compromised. I mean, we just don’t know what to be concerned about.”
When asked if other sources inside the UG would speak to The Heartlander, the third source reiterated another’s assertion that a climate of fear – from management, not hackers – has gripped the UG workforce under the new mayor and interim county administrator:
“The people that I know probably won’t (talk) just because there’s such a culture right now of fear. People are fearful of their jobs. People don’t have faith in the current administration, and that includes the current interim county administrator and the mayor.”
The source said commissioners have requested agenda items for Thursday’s board meeting to discuss both the cyber attack and interim county administrator Cheryl Harrison-Lee.