Wyandotte County IT officials were warned there was malware in their databases about three months before they alerted government leaders to a devastating ransom cyber attack, multiple sources tell The Heartlander.
The malware infected a server that the Unified Government of Wyandotte County/Kansas City, Kansas shares with the Board of Public Utilities. A confidential source tells The Heartlander that BPU technology officials took steps to halt the attack but the Unified Government did not.
Unified Government leaders were ultimately told April 17 that their databases had sustained a cyber attack the day before in which the hackers were demanding ransom. UG officials have not acknowledged the nature of the attack publicly, but multiple sources have confirmed to The Heartlander that it was a ransom attack.
In any case, the attack appears to have actually begun three months prior to April 16. Sources say that BPU officials not only blunted the attack on their side, but warned UG IT officials of it about five times – in phone, text and email messages.
UG officials “didn’t do anything about it, and that was the malware that became the hack,” a source said. The UG’s IT department “did absolutely nothing about it.”
The U.S. Attorney’s office is being briefed on the case for possible criminal charges, a source said. The attack has curtailed or crippled all manner of UG services, ranging from appraisals, taxes and payrolls to court cases.
There is “a certified cyber officer of the Unified Government,” a source told us. “He’s the federal contact. He’s the guy on paper that says when you’re notified of a malware attack, you call the feds within 24 hours, no questions asked. That’s what the federal law is.”
Even after being warned of the malware by his counterparts in the BPU over three months ago, the source said, the UG’s cyber officer “didn’t take any steps. He just said, ‘OK, it’s taken care of. I’ve got it handled over here.’ And he didn’t.”
In short, BPU officials followed cybersecurity protocol and “nipped it in the bud, and they didn’t lose anything,” a source says. “They quarantined the joint server and they didn’t suffer any impact. The Unified Government did absolutely nothing.”
A UG spokesperson has told The Heartlander that no information would be made available other than what the government has put on its website.