A devastating ransom attack on Wyandotte County databases went undetected for two days, then unreported for a third, according to two new sources speaking confidentially to The Heartlander.
Among other disruptions in government functions, property owners in the county have been unable since the attack to appeal their property valuations because the appraiser’s office can’t access its information. Property owners are “getting no hearings” or are just losing their appeals for the county’s lack of data, sources say.
Appraisers “can’t reload their backup (information), because (the hackers) will just delete ‘em again,” one source said. “It’s a mess. I mean, they got hit hard. They’re not really laying it out there how hard they got hit.”
And, another source said Wednesday, “Our financial system is still not available.”
The cyber attack was initially believed to have begun Saturday, April 16 before being reported to county leaders the following day. But sources tell The Heartlander the breach actually began as early as Thursday, April 14, just prior to the Good Friday holiday. And two sources – the fourth and fifth confidential sources to speak with The Heartlander since word of the attack broke after Easter weekend – say that for some reason, an IT official waited until Sunday the 17th to notify leaders of the attack.
“It’s my understanding that it happened on Thursday and he didn’t tell anybody till Sunday,” one source said. “So we went for days with this malware eating away, deleting stuff on the system.”
Why did an IT official wait so long to notify county leaders about the attack?
“He’s either embarrassed, or it’s above his head and he doesn’t know what the hell’s going on,” the source said.
Moreover, although Unified Government of Wyandotte County/Kansas City, Kansas leaders were notified on April 17 that it was a ransom attack, the government has yet to acknowledge that publicly. The Heartlander’s multiple confidential sources, independent of each other, say it was indeed a ransom attack and that the hackers have demanded money.
One cyber expert told The Heartlander that UG officials might be staying quiet because “You don’t want to admit (for hackers to see) that you even know that you’ve been attacked.” Yet, since the hackers sent ransom demands to the county, there would be no doubt in their minds of the county’s knowledge of the attack and no reason for the county to conceal it from the public.
One source said the UG was unusually ripe for an attack, with insufficient technology and personnel, and had been warned about it well in advance – by tech experts and by a cyber attack on the county’s Board of Public Utilities a few years ago.
“This has been coming,” the source said. “They knew from (the BPU attack) that both the Unified Government and the BPU were under attack.” But, the source said, IT officials “ignored it.”
Future attacks on UG databases are now more likely because of this attack’s entry deep into the system – perhaps with malware that’s just lying in wait within the system, the source said.
“I’m gonna tell you, this isn’t over yet,” the source said.
The Heartlander has reported that the UG had budgeted for a cybersecurity analyst late last year but never took steps to hire one. One source said the $90,000 budgeted wasn’t enough anyway to get the proper experience and protection, which can cost upward of $250,000.
The source said the ransom attack was likely perpetrated by Russian operatives, but said the possibility of a local co-conspirator can’t be dismissed.
In either case, UG databases were highly vulnerable, the source said, a vulnerability made worse by the inexplicable delay by IT officials in taking definitive action and notifying authorities – particularly federal officials, who are required by law to be summoned after such attacks.
Federal officials who responded to the UG’s belated call for help “were astonished at the lack of preparedness of the Unified Government,” the source said. There have been more than 40 federal officials on site, an amalgam of the FBI, the Department of Treasury, the Cyber Security Command in Washington, D.C., and perhaps more.
At least one of the UG’s IT officials has been relieved of duties, one source said.
UG cyber vulnerabilities cited by our sources include old equipment; improper use of software; unsophisticated security arrangements; lack of 24-hour cybersecurity monitoring; perilously loose social media guidelines for employees; and lack of ability and focus among IT staff.
Two sources took pains to emphasize that the data breach was not the fault of new Mayor Tyrone Garner, who they say inherited a system susceptible to being exploited.