St. Mary’s County government’s servers and computers were attacked on the evening of Thanksgiving, leaving most services down over the weekend as repair work continued early this week.
Bob Kelly, director of the St. Mary’s County Department of Emergency Services and Technology, said it was a ransomware attack where hackers try to hold a computer network hostage for money.
The San Francisco Transit Authority was also hit with ransomware over the weekend, Kelly said.
Trouble with St. Mary’s County government’s system was first detected Thursday evening around 5 p.m. at the emergency communications center in Leonardtown. “Dispatchers in the 911 center reported systems rebooting,” Kelly said.
“We did lose some consoles,” he said, but “we had a console up all the time. We isolated the network in there and brought all the machines up.”
The total extent of the damage or loss of data was still not known as of Monday afternoon. “We lost a significant number of our servers and an undetermined amount of work stations,” Kelly said.
Kelly has been St. Mary’s County government’s information technology director for more than a dozen years, and he said this attack was the worst he has seen. “This was a pretty significant blow,” he said.
It was not known on Monday where the attack came from or how it was introduced into St. Mary’s County government’s network. Though it was a ransomware attack, “we have not paid any money for this attack. We’ve only paid in blood, sweat and tears” in the recovery effort, Kelly said.
The dozen employees of the information technology division worked on recovering from the attack since the onset. Most functionality was back by Monday for county government employees.
The St. Mary’s County Sheriff’s Office deputies had to fill out charging papers by hand over the weekend. Sheriff Tim Cameron (R) on Tuesday said his office had previously discussed the possibility of a network loss and put measures in place to prepare for that. “Our shift supervisors and lieutenants quickly put processes into action, and there were no interruptions in service to the public,” he said.
The St. Andrew’s Landfill charged customers a flat $10 fee on Saturday despite the size of loads. The landfill is closed on Sundays.
The Great Mills Swimming Pool could not accept credit card payments over the weekend and into Monday.
There are about 900 computers in St. Mary’s County government’s inventory and each one had to be “touched” by IT staff “and that’s preventative [work] in case it comes back around again,” Kelly said.
While the system was still not fully restored, “this is a good success story in terms of minimizing the damages,” he said on Monday.
“I’m very proud and pleased with the expertise and the response the IT folks have performed during this incident. St. Mary’s County is very fortunate to have these people working there,” he said.