June 13—TRAVERSE CITY — A ransomware attack early Wednesday morning led to the shutdown of the main information network used by Grand Traverse County and Traverse City government. Dozens of departments were affected.
County information technology staff noticed “network irregularities” at 6:06 a.m. After consulting with county and city leaders, they decided to shut down the main network used by dozens of departments for routine operations. The province’s IT department provides network and related services to both provincial and city governments.
“Out of an abundance of caution, we have chosen to shut down our main network,” said district administrator Nate Alger. “First and foremost, I want the public to know that our critical services are still in place and operational.”
Essential services, such as law enforcement and firefighting, continued during the outage using radios for communications.
However, the county’s emergency management department’s computer-aided dispatch system was out of service all day, impacting the vehicle-mounted data equipment found in many patrol vehicles.
To supplement radio communications, the county has placed mobile “hotspot” devices in several locations to provide reliable Wi-Fi service to those working in the field.
The county also established a command center on the third floor of the government center to coordinate the response.
“At 2 p.m. we met with city and county staff, as well as our liability provider and some (IT) specialists who help municipalities in these types of cases,” Alger said. “As a result of that discussion and its impact on the network, we believe this is a ransomware incident.”
To support internal IT staffing, county officials work directly with the Michigan State Police, the FBI and the Michigan Municipal Risk Management Agency, as well as external specialists.
Both the province and the city are insured against cyber attacks.
Every computer and electronic device that connects to the government’s servers is scanned for malware before being reconnected to restore full functionality.
“We see that a small percentage of scanned devices are affected,” Alger said.
As a precaution, provincial and city networks will be offline until further notice, officials said in a statement late Wednesday afternoon.
As for a timeline for the network’s recovery, Alger said there is no exact schedule, but the additional assistance “will help us get back in order as quickly as possible.”
Close cooperation between the city and the county helps tremendously, said Elizabeth Vogel, Traverse city manager. “When I got up this morning and heard about the outage, I was prepared for the worst. Now I’m very reassured by the way our two governments are working together. It’s seamless.”
IMPACT ON SERVICES
Many provincial and municipal departments were affected in some way by the outage.
For example, phone calls to most county offices, including the county clerk’s office, the health department and the county treasurer’s office, did not go through on Wednesday, instead giving callers a busy signal or a generic “not accepting calls” message. Voicemail services were also down.
To minimize service disruptions, officials urged local residents to use email to communicate with county staff during the outage. The provincial email system is based on Google software, which was not affected. The city uses a Microsoft Outlook system for email.
Both the provincial and municipal websites remained active Wednesday, although some database-related functions may have been affected by the network outage.
Grand Traverse County maintains thousands of personal and business records—data necessary to provide routine government services throughout the year. These range from marriage certificates and death documentation to criminal records and property deeds.
On Wednesday, Alger said, “We are quite confident that no customer information was shared.”
Many provincial documents are accessible to the public through the provincial website. But state and federal laws, as well as local regulations, restrict the sharing of certain data.
There is no evidence of a data breach involving personal information, Alger said.
For example, the legal system adheres to the “Michigan Access Security Matrix” to limit access to non-public and restricted court documents. This may include data on adoption, mental health care, firearms and personal protection orders.
Even access to less sensitive information, such as building permit records, often requires a Freedom of Information Act request.
RESPONDING TO CYBER CRIME
The province repelled an attempted data breach by cyber criminals in early April.
“We’ve known all along that it’s not a matter of ‘if,’ but ‘when,’” Alger says.
The so-called “spear phishing” attempt, which also involved a malicious email, was blocked by software designed to protect the hundreds of PCs, servers and mobile devices used by the county’s more than 500 employees.
According to Cliff DuPuy, the county’s information technology director, the security software took effect before the malware could damage the county’s computers or disrupt operations.
That software marks incoming email messages in a certain way to warn users that they may contain malicious content. It also removes URLs (website addresses) that may be suspicious or malicious.
In recent years, Grand Traverse County has invested thousands of dollars in cybersecurity, including a service that stores critical data and customer information on a secure remote, cloud-based server. This strategy helps defeat a crucial part of the ransomware threat: using file encryption to lock down and deny access to corporate data.
After the county scans all devices — and repairs the infected ones — it can then replenish its databases and servers using the “clean” files from the off-site backup system, officials said.
It is not known exactly how the latest ransomware code entered the province’s computer network.
County Board Chairman Rob Hentschel, who calls himself a “computer nerd,” said it could be a week or more before the entry point is determined.
