Go to listing page

BitPaymer ransomware attack on Alaskan borough forces the employees to work on typewriters

BitPaymer ransomware attack on Alaskan borough forces the employees to work on typewriters
  • Around 500 computers and 120 servers were infected by the ransomware attack.
  • At present, 110 systems have been disinfected and can now once again be used.

Employees of the Matanuska-Susitna (Mat-Su) borough in Alaska have were forced to use old typewriters at work, after the borough was hit by a ransomware attack on July 24. Several internal servers of the borough’s government networks were infected with the BitPaymer ransomware, which in turn, affected a large number of computers.

The Alaskan borough’s government officials said that around 500 computers running Windows 7 and Windows 10, as well as 120 servers were infected by the ransomware.

“This is a very insidious, very well-organized attack. It’s not a kid in his mom’s basement. Because we are getting the information out and sharing it with other entities, hopefully, they can weather the storm.” borough IT Director Eric Wyatt said, Mat-Su government reported.

The incident has led the officials to disconnect the systems including phones, emails and other networked devices from the internet.

"Since then, infrastructure is steadily being rebuilt, computers cleaned and returned, and email, phones, and Internet connection becoming restored," said Patty Sullivan, Public Affairs Director of Mat-Su.

Meanwhile, many the borough has kept the public-facing systems and its main websites online, although the residents will not be able to make any online payments.

Wyatt has referred the incident as a ‘Zero-day’ attack and claims that the ransomware was delivered via a malicious link attached in an email. The malware was delivered alongside a the Emotet malware, the Time Bomb malware and more. The malware strains were lying dormant and undiscovered within the network since May 3.

“During this time, data from any of your systems may have been compromised and sent outside of your network. We do not have evidence of this, but we must work from the assumption that this was done” Wyatt added.

An updated antivirus software detected the Trojan component of the ransomware on Windows 7 machines on July 17. Wyatt highlighted that the ‘Borough is the 210th victim of this attack’ and that more than 200 firms have been previously infected by the ransomware.

So far, 110 systems have been disinfected and can now be used again. Some 20 different agencies including private sector vendors have assisted the Alaskan borough in cleaning up its IT infrastructure. The FBI cybercrime unit is also working in parallel with the borough to gather more information about the incident.

The Alaskan borough’s email server is still under construction, which means that employees are still unable to access or exchange emails. However the borough’s phones were up and running from Monday.

Cyware Publisher