Cyber security expert describes what Genesee County is facing with ransomware attack

By  | 

FLINT (WJRT) - (04/05/19) - More questions than answers linger after a ransomware attack in Genesee County.

The flow of business continued to be hampered Friday, days after officials discovered the breach, but the county says it is making progress in fully restoring operations.

The Genesee County Board of Commissioners posted on Facebook that they expected to have email services up and running Friday.

A cyber security expert from Baker College explained to ABC12 what the county may be up against.

"This stuff is so intense and so tough and so dangerous," cyber defense program director Doug Witten said.

"The first thing it does...it deletes any backups that you actually have and isolates that computer. It takes every file that you have, anything that's important to you; it zips them all together or compresses them all together in one little spot, and then encrypts that piece," Witten said.

There weren't many business transactions taking place at the treasurer's office inside the Genesee County Administration Building Friday.

"Happened to see the sign on the door and I thought well let me go in and be sure. And when I got there, that's what it was. Computers are down," Shelton Lynch said.

Lynch, a Flint resident, was among many people who either came in or called, and didn't get their desired outcome.

Signs remain posted on the doors and walls letting residents know that most payments can't be made nor can tax information be received from the treasurer's office.

It's all due to the ransomware attack officials discovered Tuesday and later found out that it was more expansive than originally thought.

RELATED: Genesee County's email system not functional after ransomware hack

Witten calls the attack dangerous because ransomware means exactly what it sounds like. It essentially holds critical data hostage for a fee.

"Sorry about that but pay us $399 bucks and we'll give it back. All you have to do is pay for this and here's your address, and once you send your address, we will send the actual decrypt key," Witten said.

He says this is what he teaches his students to guard against.

The county says no data has been released, but did not provide additional insight into the hack Friday. Officials are aiming for business to be back to normal by Monday.

Meanwhile, the Register of Deeds office is mostly unaffected. County Clerk John Gleason attributes that to updated software and equipment.