Bingham County pays hacker ransom to restore servers

Bingham County employees are able to use their work computers again — though not without a price.

Emergency dispatch officials noticed something awry Feb. 15 when they couldn’t access the county’s computer system.

Unknown hackers — likely from the Netherlands, Germany or Russia, county information technology manager Tracy Reifschneider said — attacked Bingham’s servers with ransomware.

To remove it, hackers demanded 28 Bitcoins: digital currency equivalent to about $33,000, according to Google.

All-nighters and holiday work allowed employees from Idaho-based IT company Computer Arts to restore most of the servers, though not all of them, by Feb. 21 using backups.

While 25 county servers were safely backed up prior to the hacking, three were not.

Two geographic information system server backups were corrupt for unknown reasons, and the prosecutor’s office server was too large, and therefore expensive, for the county to back up, Reifschneider said.

On Feb. 19, the county paid the hackers three Bitcoins — about $3,500 — for digital keys to restore the three servers.

Though the servers were temporarily compromised, digital forensics and investigations specialist Mark Griffith found their contents were not, Reifschneider said. Griffith is a consultant from Colorado.

“Mark was assigned to make sure they didn’t get into files or folders. Nothing was accessed; they just wanted to corrupt our servers,” she said.

Griffith was hired by Idaho Counties Risk Management, a member-owned property and casualty insurance program created for Idaho governments.

Bingham has cybersecurity insurance through the group that should cover the likely untraceable Bitcoins with a $1,000 deductible, Reifschneider said. The county also has Computer Arts on contract at all times for IT-related incidents.

Though the fees owed to Computer Arts are still being sorted out, a significant amount of funds will also go toward the labor hours required to digitize documents made while computer systems were down, county commissioner Whitney Manwaring said.

The ransomware affected all of the county’s divisions, he said.

Bingham employees had to dust off their pads and pens while systems were being restored. Courthouse officials kept physical documents of proceedings, and county clerk paperwork was written by hand, as were emergency dispatch records.

“It’s going to involve a lot of time and people to convert all that stuff,” Manwaring said. “We might have some overtime when they start entering stuff back into the system by hand. In dispatch, those gals are busy doing their jobs, so they may have to hire somebody extra to enter stuff back in.”

The county likely will implement additional firewalls and employee IT training to mitigate future incidents, Manwaring said.

“It would be an ongoing training because the technology changes every day,” he said, “You have to keep upgrading. The people who do that hacking are always one step ahead of you, it seems.”